Gilead Privacy Statement

This Privacy Statement explains how Gilead Sciences, Inc., and its wholly owned subsidiaries and successors, including Kite Pharma, Inc. (together referred to as “Gilead”), handles personal information in connection with its products, services, apps, and websites both online and offline (collectively, the “Services”), as well as the rights and choices individuals have regarding such personal information.

Residents of certain jurisdictions may be entitled to additional disclosures regarding their personal information under the laws of those jurisdictions. Please refer to the section titled, “Additional Privacy Information for Certain Jurisdictions” below for more information.

Gilead will process your personal or sensitive personal information in accordance with applicable data protection laws and this Privacy Statement. Please note that where required by law, we will obtain your consent.

Except as otherwise noted below, this Privacy Statement applies to the personal information that Gilead processes related to:

  • our Services, including our clinical research and patient support programs, and other healthcare and patient programs we administer, sponsor, or operate
  • healthcare professionals
  • individuals who register for or participate in our webinars and other events
  • individuals who are subscribed to receive news, information, and marketing communications from us
  • individuals who participate in contests, sweepstakes, surveys, and research conducted by us
  • individuals that otherwise communicate, engage, or interact with us related to our business or our Services

This Privacy Statement does not apply to the personal information that we collect and process about employees and personnel or job applicants and candidates, which is subject to separate privacy notices.

Additional notices. In some cases, additional or supplemental privacy notices may apply to certain personal information that we collect and process. Such notices are generally intended to supplement this Privacy Statement by providing additional information for certain personal information and business activities. For example, we may provide notices to individuals who participate in patient support and assistance programs sponsored by Gilead in order to provide additional or more specific information to participants about the processing of their personal information related to such programs. We may also provide specific notices and obtain specific consents from clinical trial participants. More information related to Gilead’s clinical trials can be found at www.gileadclinicaltrials.com. To the extent there is a conflict with this Privacy Statement, the additional or supplemental notice will control, where applicable, with respect to the personal information subject to such notice.

We collect personal information from various sources including:

  • Directly from individuals who access or use our Services or communicate with us about our business or our Services, including, for example:
    • Participants in clinical trials and patient assistance programs that we sponsor
    • Others acting on behalf of patients and other individuals, such as authorized representatives and legal guardians
    • Users of our websites and mobile applications
    • Individuals that communicate with Gilead
    • Individuals that report or otherwise communicate quality, safety, or adverse event-related information about our clinical products and treatments
  • Through our Services
  • From healthcare professionals
  • From contract research organizations and clinical trial investigators
  • From government agencies and/or public records
  • From service providers, data brokers, or business partners
  • From industry and patient groups and associations
  • From publicly available sources, including information provided on websites, social media channels, public forums or platforms, and other third-party sources

The personal information that we collect and process varies depending upon our relationship and interactions with you. As further described below, we may collect personal information directly from individuals, as well as from third parties and via automated means, such as cookies, web beacons, pixels, and web server logs related to the use of our Services or an individual’s interactions with Gilead.

You may choose not to give us personal information when we ask for it. However, if you decide not to provide certain personal information, it may restrict our relationship with you. For example, we may not be able to provide you with the Services you have requested.

Personal information provided to Gilead. We may collect and process personal information that you provide to us, as well as personal information about you that is provided on your behalf (such as by your authorized representative, legal guardian, healthcare provider, and others with whom you interact related to our Services). This information generally includes:

  • Contact information and contact preferences for individuals and (as applicable) their authorized representatives (such as name, email address, mailing address, phone number, and emergency contact information)
  • Information regarding your parents or legal guardians if you are a minor
  • Biographical and demographic information (such as date of birth, age, gender, ethnicity, marital status, and sexual orientation)
  • Health and medical information (such as information about physical and mental health conditions and diagnoses, treatments for medical conditions, genetic information, family medical history, medications an individual may take, including the dosage, timing, and frequency, and information about an individual’s healthcare providers) we collect in connection with managing clinical trials, conducting research, providing patient support programs, distributing and marketing our products, managing compassionate use and expanded access programs, and tracking adverse event reports
  • Product safety, product quality, and the safety related information related to our clinical products and treatments (such as adverse incident reports). Gilead will record any personal information provided to or received by it related to product safety, quality, and other adverse events, including the name and contact details of the individual reporting the event (e.g., email and/or postal address, phone number), as well as the reporting individual’s profession/specialty (if a healthcare professional) and the health and other information provided in relation to such report or event. (For more information about safety and adverse incident reporting, go to https://www.gilead.com/utility/contact/report-an-adverse-event.)
  • Financial information and transaction data, including purchase history (such as billing, payment and other transactional information, income, eligibility information to determine eligibility for patient assistance programs, and information collected as part of our clinical trial investigator onboarding) and other financial and payment-related data (such as information that we are required to collect and maintain related to payments and financial interactions that we engage in with both businesses and individuals)
  • Username and password that you may select in connection with establishing an account on our websites or mobile apps
  • Records of your communications and other requests. For example, if you email, call, or otherwise communicate with us or with members of our team, we collect and maintain a record of your contact details, communications and our responses. When you fill out a form on one of our websites or sign up for news and updates from us, or otherwise request information from us, we collect and maintain records of your requests
  • Registration information when you register for certain Services (such as if you participate in promotions or register for events or programs that we sponsor or administer)
  • Photograph and social media handle
  • Digital or electronic signature

Additional information about healthcare professionals. If you are a healthcare professional, we may also collect:

  • Your professional credentials, educational and professional history, institutional and government affiliations, membership in associations and boards, and information included on a resume or curriculum vitae (such as work experience, education, and languages spoken)
  • Information about the Gilead programs, products, and activities with which you have engaged
  • Details about our interactions with you, your prescribing of our products, and the agreements you have executed with us
  • Information related to your practice, such as license information, disciplinary history, prior litigation, and regulatory proceedings, and other due diligence related information
  • Information regarding circumstances which may create a conflict of interest
  • Information provided to participate in our sponsored or supported initiatives, such as our sponsored clinical research and development activities, online or in-person seminars, educational events, and clinical information updates

Information collected from third parties. We may also collect personal information about individuals from other third-party sources, such as social media platforms and channels, forums and other third- party sites, and public databases, as well as from other third parties who support our business activities. For example:

  • If you post information about us or our Services or engage with us on third party platforms or social media, we may collect personal information about you from that third party platform or account. These third-party platforms and services control the information they collect and share about you. For information about how they may use and disclose your information, including any information you make public, please consult their respective privacy policies.
  • In some cases, we may use or augment the personal information we have about you with information obtained from other sources, such as public databases and other third parties. For example, we may use such third-party information to confirm or verify licensure of healthcare professionals or to better understand your interests by associating demographic information with the information you have provided.
  • If we become aware of information about us or our Services that relates to product or treatment quality or safety, or is otherwise reportable pursuant to our regulatory obligations, we will maintain records of such information in accordance with our regulatory and reporting obligations, including information that has been communicated on third party social media sites or otherwise shared by or with a third party.

Gilead may combine or aggregate the information we collect from third party sources with the information we may collect about you directly or otherwise.

Information we may collect via automated means or derive about you. We may also collect personal information related to your use of our Services and your interactions with us and others related to our Services, including information we derive about you and your use of our Services. Such information may include your device and browser information, activities and usage data about your use of our Services, and location information derived from your IP address or (with you permission) your mobile device.

For information about our collection of personal information via cookies and similar tracking technologies, and the choices you have regarding our use of cookies and related information collection, please see our Cookie Statement.

In general, Gilead collects and processes personal information for the following purposes:

  • Providing Services and support. To provide and make available our Services, to communicate with you about your use of and interactions with our Services, to respond to your inquiries, to fulfill your orders and requests, to process your payments, and for other customer and patient support purposes. For example:
    • Where you have requested information regarding participation in a clinical trial with Gilead or one of Gilead’s partners
    • To support disease management, education, or decision support systems related to the use of our Services
    • Where you have requested a Service from Gilead, assisting you in the completion of your application, the assessment of your eligibility for any such requested Services, the processing and maintenance of the Services, as well as any applicable renewal of such Services
    • Making proposals for future Service needs
  • Quality, safety and regulatory reporting. We may record and report on the health and other information that we collect associated with product safety or quality, and other adverse incident reports in compliance with our legal regulatory obligations. We may also contact you to seek additional information from individuals who report or communicate such product safety, quality, and other adverse incident information, in order to fulfill our legal and regulatory obligations. The information you provide Gilead is very important and will be used in the safety monitoring of our products for reporting and public health purposes. Please visit the Adverse Event Reporting page to learn more about our practices related to such information.
  • Research and analytics. For purposes of conducting research and analytics to understand, improve, evaluate, and develop our Services and business processes and to develop other insights. For example, we may conduct primary and secondary research related to our clinical products and treatments and related Services, including by conducting clinical trials and to research and develop new products and treatments and other Services. We may administer surveys and questionnaires for market research or quality and satisfaction purposes. We also use personal information that we collect about your use of our Services to better understand how users access and use these Services and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, to develop new Services and features, and for internal quality control and training purposes. We may also analyze public sources, such as websites and social media channels, for information related to or reported about us and our Services.
  • Customization and personalization. To tailor content we may send or display on our Services, including to offer location customization and personalized help and instructions, and to otherwise personalize your experiences.
  • Marketing and advertising. We use certain personal information for marketing and advertising purposes, in accordance with applicable law. For example, to send you information about our Services, such as offers, promotions, newsletters and other information we think may interest you, as well as any other information that you sign up to receive. We also may use certain information we collect to manage and improve our advertising campaigns so that we can better reach people with relevant content.
  • Planning and managing events. For event planning and management, including registration, attendance, connecting you with other event attendees, event feedback, and contacting you about relevant events and Services.
  • Security and protection of rights. To protect our business and our Services; to prevent and detect fraud, unauthorized activities and access, and/or other misuse; and where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our terms of services and other agreements with you.
  • Compliance with law and legal process. To respond to legal process and related to legal proceedings, as well as for regulatory reporting and recordkeeping purposes (such as adverse event reporting and tracking or to ensure that we are not precluded from doing business with you).
  • General business and operational support. To operate our business, consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions, and otherwise related to the administration and/or planning of our general business, accounting, auditing, compliance, recordkeeping, and legal functions.

Additional information about healthcare professionals. In addition to the purposes listed above, we use information of healthcare professionals for the following purposes:

  • For the performance of our contract(s) with you if you or your institution entered into a consulting, professional services, or other type of agreement with us.
  • Developing and improving our Services, including:
    • managing and improving our relationship with you, including planning, organizing and reviewing any collaborations with you
    • helping to ensure that we provide you with information that is relevant based on your expertise, interests, and preferences
    • recruiting and evaluating your suitability for participation in our programs, including clinical trials, market research, and other research activities
    • communicating with you regarding products and programs, engaging with you about scientific or educational programs, administering patient support programs, and providing access to you where applicable, responding to orders, and providing samples
    • creating and maintaining our database of healthcare professionals, which may include publicly available information in connection with healthcare professionals
  • Assessing grant requests and fellowship applications
  • Complying with transparency reporting requirements and demonstrating adherence to industry codes of practice

We may also use personal information for other purposes which will be described at the time of collection.

Gilead processes personal information where it has a legal ground for doing so. Certain laws, such as the GDPR, UK data protection law, and similar laws, set forth specific legal grounds for our processing of personal information. Legal grounds for the processing of personal information under such laws include:

  • The processing is in Gilead’s legitimate interest in providing you with access to our Services and programs
  • The processing is necessary for the performance of a contract between you and Gilead
  • The processing is necessary for the performance of a contract, concluded in your interest, between Gilead and a third party
  • The processing is necessary, or legally required, on important public interest grounds, for the establishment, exercise, or defense of legal claims, or to protect your vital interests
  • The processing is required by applicable law
  • With your consent, as described in specific terms, privacy notices and/or consent forms where we collect your consent. Where Gilead relies on consent to process personal information, the opportunity to consent will be provided prior to the relevant processing of your personal information. Your consent may be given through your authorized representative such as a legal guardian, agent, or holder of a power of attorney. Where Gilead relies on consent, you will be entitled to withdraw that consent at any time.

Generally, we disclose the personal information we collect as described in this section:

  • Within our family of companies. In the normal course of performing Services, personal information may be shared within Gilead and its affiliates for purposes consistent with this Privacy Statement.
  • With our service providers and partners. We may retain other companies and individuals to perform services on our behalf and we may collaborate with other companies and individuals with respect to the Services. Examples of service providers include data analysis firms, credit card processing companies, customer service and support providers, email and SMS vendors, web hosting and development companies, and fulfillment companies. Providers also include our co-promote partners for products and treatments that we jointly develop and/or market with other companies. Some providers may collect personal information on our behalf.
  • Third party platforms, providers and networks. We may disclose or make available personal information to third party platforms and providers that we use to provide or make available certain features or portions of our Services, or as necessary to respond to your requests. We may also make certain personal information (such as browsing information) available to third parties in support of our marketing, advertising, campaign management, and analytics purposes.
  • In connection with business transactions. If we are or may be acquired by, merged with, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. We may also share certain personal information prior to the completion of such a transfer, such as to lenders, auditors, and third-party advisors, including attorneys and consultants, as part of due diligence or as necessary to plan for the transfer.
  • For product safety and adverse incident reporting. Gilead may share personal information related to product safety and adverse incidents with relevant national and/or international regulatory authorities, law enforcement, or public bodies or courts, where Gilead is required to by applicable laws, regulations, or at the request of those authorities.
  • To comply with our general legal obligations. Gilead may disclose, without your prior permission, any personal information about you or your use of our Services if necessary to:
    • protect and defend the rights, property or safety of Gilead and others;
    • enforce the terms and conditions that apply to use of our Services;
    • as required by a legally valid request from a competent governmental authority and/or to comply with a judicial proceeding, court order, or legal process;
    • enhance product security and prosecute those who threaten product security; or
    • respond to claims that any content violates the rights of third parties.

We may also disclose personal information as we deem necessary to satisfy any applicable law, regulation, legal process, or governmental request.

  • Security and protection of rights. Where we believe necessary to investigate, detect, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of the terms of service and other agreements. We may also use certain information as evidence in litigation in which we are involved.
  • Additional information about healthcare professionals. We may disclose personal information about healthcare professionals as disclosed below:
    • For safety monitoring, reporting and auditing and responding to inquiries or issues in relation to our Services
    • To comply with requirements imposed by industry codes of conduct, including the transfer of value data of healthcare professionals and the public disclosure of such data

We and our third-party providers use cookies, web beacons (also referred to as pixels or tag) and similar technologies within our Services to automatically collect information about the use of our Services. Cookies are small text files that are transferred to your computer or mobile device by a website. Web

beacons are small files that are embedded into a webpage and can track users, similar to a cookie. The information collected by cookies, web beacons and similar tracking technologies varies depending on the website or Services being used, but may include non-identifying information, as well as personal information, such as details regarding the device or browser you are using, your IP address, the previous website you visited, the links you clicked, pages you visited and other usage and browsing activity.

We and our third-party providers use this information to analyze and understand how users access, use and interact with our content and Services, to identify and resolve bugs and errors, and to assess secure, protect, and to optimize and improve the performance of our Services (such as to enable language settings on a website). In addition, some of our website and Services may including advertising and targeting cookies and tags that are used by us and third parties to personalize content and ads within the Services and to better target advertising on third party sites, mobile apps and online services. These third parties may combine the information collected via cookies, web beacons and similar technologies on our Services with similar information collected on third party sites, mobile apps and online services.

To learn more about the use cookies, web beacons and other tracking technologies, including targeting cookies and tags, on the Services, please see our Cookie Statement.

Managing Your Cookie Preferences. We make available several ways for you to manage your preferences regarding targeted advertising and cookies on our websites as described below:

  • Cookie settings manager. You may exercise your right to opt-out online by clicking on the “Cookies Settings” link on the website cookie banner of the Gilead site you’re visiting. For further information about the data we may collect, please see our Cookie Statement.
  • Browser settings. You can also adjust your browser settings to block certain cookies or notify you when a cookie is set; you can also delete cookies. The Help portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. Visitors who disable cookies will be able to browse our websites, but some features may not function.
  • Industry ad choice programs. You can also control how participating third-party ad companies use the information that they collect about your use of our websites and mobile apps, and those of third parties, in order to display more relevant targeted advertising to you. If you are in the U.S., you can obtain more information about opting out of receiving targeted ads from participating companies at aboutads.info/choices(Digital Advertising Alliance). You may also download the DAA AppChoices (https://youradchoices.com/appchoices) tool in order to help control this type of advertising on your mobile device. In addition, users in the EU, Canada, and Japan may obtain more information at the following links:

Custom Lists and Matching. We may also disclose or make available certain customer list information (such as your name, email address and other contact information) to third parties so that we can better target ads and content to you across third party sites, platforms and services. In some cases, these third parties may help us to enhance our customer lists with additional demographic or other information, so we can better target our advertising and marketing campaigns. You can opt out of this type of targeted advertising to you by submitting an opt out request to us as set forth in the “Your Privacy Rights and Choices” section below.

We may also use and disclose aggregate, anonymous, and other non-identifiable data, and in some cases de-identified data, related to our business and the Services for quality control, analytics, research, development and other purposes. Where we use, disclose or process de-identified data (data that is no longer reasonably linked or linkable to an identified or identifiable natural person, household, or personal or household device) we will maintain and use the information in de-identified form and not attempt to reidentify the information, except in accordance with applicable laws.

Gilead operates all over the world. Therefore, we may need to transfer personal information outside of the country where it is collected for the purposes, and in the manner, set out in this Privacy Statement, including to servers and other storage facilities. To the extent that any personal information is sent outside of an individual’s country, it is subject to the laws of the country in which it is, and may be subject to disclosure to the governments, courts, or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country, which may not provide an equivalent level of protection to the laws of your home country.

Gilead implements appropriate safeguards to protect personal information, such as entering into contracts that contain standard data protection clauses. Where Gilead has knowledge that a service provider or affiliate is using or disclosing personal information in a manner inconsistent with this Privacy Statement, Gilead will take appropriate steps to prevent or stop the use or disclosure. You can request a copy of the safeguards referenced in this section by contacting us as set forth in the “Contact Information” section below.

We retain the personal information we collect only as reasonably necessary for the purposes described in this Privacy Statement, in accordance with our records retention policies, as required under applicable law, or as otherwise disclosed to you at the time of collection. The criteria used to determine our retention periods includes: (i) the length of time we have an ongoing relationship with you; (ii) whether we have a legal obligation to retain the information; and (iii) whether retention is necessary due to the nature of our business activities (for example, enforcing other applicable program or participation terms and conditions, or any active litigation or regulatory investigations).

Gilead has implemented safeguards to protect the personal information we collect. However, we cannot guarantee that such measures are 100% effective at preventing theft, loss, unauthorized access, use or disclosure and we make no representation as to the reasonableness, efficacy, or appropriateness of the measures we use to safeguard such information. Gilead urges you to exercise caution when transmitting personal information over the internet and to store your passwords in a safe place.

You may have certain rights which depend on Gilead’s reason for processing your personal information, local laws, and exceptions to those laws in your jurisdiction, as described in this Section. In addition, residents of certain jurisdictions may be entitled to additional rights under the laws of those jurisdictions; please refer to the section titled, “Additional Privacy Information for Certain Jurisdictions” below for more information. We will not restrict or deny you access to our Services because of choices and requests you make in connection with your personal information. Please note, certain choices may affect our ability to deliver the Services.

  • Marketing communications and reminders: You may unsubscribe or opt-out from our marketing emails and future communications at any time by following the instructions included in those emails.
  • Cookie preferences. You may exercise your consumer right to opt-out by clicking the “Cookies Settings” link on the website cookie banner of the Gilead site you’re visiting. For further information about the data we may collect, please see our Cookie Statement.
  • Access, correction, and deletion. You may have the right under applicable law to review, correct, and request deletion of your personal information. You may submit a request to access, correct, and delete personal information, or another privacy request, through our web portals:

You may also submit a request to us as set forth in the “Contact Information” section below. We will respond to your request as required by applicable law. When you submit a request regarding your personal information, we reserve the right to verify your identity in connection with any requests regarding personal information to help ensure that we provide the information we maintain to the individuals to whom it pertains and allow only those individuals or their authorized representatives to exercise rights with respect to that information.

To help us respond to your request, all communications to Gilead should include the sender’s name and contact information (such as email address, phone number or mailing address), and a detailed explanation of the request. In addition, communications related to Gilead websites should include, as applicable, the email address used for registration and the Gilead website address on which personal information was provided (e.g., www.gilead.com). Email requests to delete, amend, or correct personal information should include “Deletion Request” or “Amendment/Correction Request”, as applicable, in the subject line of the email. Gilead will endeavor to respond to all reasonable requests in a timely manner, and in any case, within any time limits prescribed by applicable local law.

Please note that Gilead may not be able to comply with a request where personal information has been destroyed, erased or made anonymous in accordance with Gilead’s record retention obligations and practices, or where we are unable to verify your identity.

Our Services are not targeted to children, and we do not knowingly collect personal information from children under 13 without parental consent. If we discover that a child under 13 has provided us with personal information, we will delete such information from our systems. If you are a parent and you believe we have collected your child’s information, please contact us as set forth below in the “Contact Information” section.

Links to other websites, services, and applications that are not operated or controlled by Gilead (“Third- Party Services”) may be contained in our Services. This Privacy Statement does not apply to the Third- Party Services. Please review the applicable privacy statements of any Third-Party Services before providing any information to or through them.

Any questions, concerns, or complaints regarding handling of personal information by Gilead, or related to revocation of consent to collect, process, transfer, or disclose your personal information should be directed by email to privacy@gilead.com.

You may also contact us by telephone at +1 (833) GILEAD2 (+1 (833) 445-3232), or by mail at the following address:

To submit a request relating to your privacy rights and choices, please use our web portal:

Gilead may update this Privacy Statement from time to time. Gilead will provide notice of such changes by updating the effective date listed on this Privacy Statement. If we materially change how we process your personal information previously collected by us, we will not use the personal information previously gathered without providing notice and/or obtaining your consent. Please check this Privacy Statement frequently for the latest information on our privacy practices.

Residents of certain jurisdictions may have additional rights and choices regarding the processing of their personal information, as described in the applicable Privacy Statement supplements.

A. EU/UK/Switzerland Supplement

If you are an EU/UK/Swiss citizen and/or accessing Gilead websites in the EEA, the UK or Switzerland, then this Supplement may apply in addition to the above.

EU, UK, and Swiss citizens generally have the following rights with respect to their personal information:

  • The right to request access to the personal information that Gilead has about you;
  • The right to rectify or correct any personal information that is inaccurate or incomplete;
  • The right to request a copy of your personal information in electronic format so that you can transmit the data to third parties, or to request that Gilead directly transfer your information to third parties;
  • The right to object to the processing of your personal information for marketing and other purposes;
  • The right to erasure of your personal information when it is no longer needed for the purposes for which you provided it, as well as the right to restriction of processing of your personal information to certain limited purposes where erasure is not possible; and
  • The right to withdraw consent at any time (where relevant)

Transfers of your personal information may be made to entities located outside the European Economic Area, United Kingdom, and/or Switzerland, including entities located in the United States, for processing consistent with the purposes above. Gilead will implement appropriate contractual measures (including the Standard Contractual Clauses, a copy of which you can obtain by contacting privacy@gilead.com) to ensure that the relevant Gilead companies and third parties outside the European Economic Area, United Kingdom, and/or Switzerland provide an adequate level of protection to your personal information as set out in this Privacy Statement and as required by applicable law.

For the processing of personal information relating to the EEA, UK, and/or Switzerland, Gilead has assigned a data protection officer responsible for overseeing our compliance with data protection law, whom you may contact at dpo@gilead.com in case of any questions or concerns regarding the processing of your personal information.

If Gilead’s processing of your personal information is covered by EU/UK/Swiss law, you may also lodge a complaint with the corresponding data protection supervisory authority in your country of residence.

You can find the relevant supervisory authority name and contact details under http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

You can find the contact details of the UK Commissioner under https://ico.org.uk/, and of the Swiss Federal Data Protection and Information Commissioner under https://www.edoeb.admin.ch/edoeb/de/home.html.

B. Brazil Supplement

If you are citizen of Brazil and/or accessing Gilead websites in Brazil, then this Supplement may apply in addition to the above.

For the processing of Personal Information relating to Brazil, Gilead has assigned a data protection office responsible for overseeing our compliance with Brazilian data protection law, whom you may contact at dpo@gilead.com in case of any questions or concerns regarding the processing of your Personal Information.

If Gilead’s processing of your Personal Information is covered by Brazilian law you may also lodge a complaint with the Brazilian Data Protection National Authority (ANPD) and afford the ANPD an opportunity to use best efforts to resolve the issue. Additional resources regarding the complaint process are available here: https://www.gov.br/anpd/pt-br/canais_atendimento.

C. China Supplement

This China Addendum supplements the Gilead Privacy Statement and provides additional information about how Gilead processes personal information provided by individuals within China. This China Addendum shall be read in conjunction with Gilead Privacy Statement. Please refer to the Gilead Privacy Statement for issues not specified in this China Addendum.

The name and contact information of personal information controller is: Gilead Sciences, Inc. (“Gilead”, contact address: 333 Lakeside Drive, Foster City, CA 94404, USA; contact info.: PIProtectionCN@gilead.com) is the personal information controller of personal information you provided.

As defined under China’s Personal Information Protection Law, personal information refers to any information related to identified or identifiable natural persons recorded by electronic or other means, excluding anonymized information.

Providing personal information overseas. Gilead is a company located in the United States, and personal information you provide to Gilead will be transferred outside of China. You shall be cautious to fully comply with applicable laws and regulations in China with respect to providing information or data overseas and shall avoid providing Gilead with any information or data whose transfer outside of China is prohibited under any applicable law or regulation.

Processing sensitive personal information. As defined under China’s Personal Information Protection Law, sensitive personal information refers to personal information which is likely to result in damage to the personal dignity of any natural person or damage to his or her personal or property safety once disclosed or illegally used. Sensitive personal information may include biometric identification, religious belief, specific identity, medical health, financial account, whereabouts and tracking data etc., as well as personal information of minors under the age of 14.

Gilead will process sensitive personal information only to the extent necessary and will take organizational and technical measures to protect security of sensitive personal information. Prior to processing sensitive personal information, Gilead will notify you about the necessity of the data processing as well as potential impact on your interests and will provide you the opportunity to affirmatively and explicitly authorize or consent to the data processing.

D. Japan Supplement

If you are citizen of Japan and/or accessing Gilead websites in Japan, then this Supplement may apply in addition to the above.

Transfers of your personal information may be made to entities located outside of Japan, including entities located in the United States, for processing consistent with the purposes above. Gilead will implement appropriate measures to ensure that the relevant Gilead companies and third parties outside of Japan provide an adequate level of protection to your personal information as set out in this Privacy Statement and as required by applicable law.

Compliance with Related Laws, Regulations and Guidelines. Gilead conducts business in compliance with the applicable laws and regulations, etc. governing the collection, use, and provision of your personal information. Gilead will process and handle your personal information appropriately in compliance with the “Act on the Protection of Personal Information” (hereinafter referred to as “Personal Information Protection Act”), other related laws and regulations, and the relevant “Guidelines Concerning the Act on the Protection of Personal Information”.

Purpose of Utilization. Gilead will use your personal information it collects for the internal purposes set forth below, in addition to those set forth in “Purposes of Collection and Processing”.

  • Personal information of healthcare professionals
    • To collect and provide information on the quality, safety, efficacy or proper use of pharmaceutical products and treatments
    • To plan, request, and conduct clinical trials, post-marketing surveillance, and research, and provide and receive information
    • To provide information on lectures, information meetings, and conferences hosted, co-hosted, or supported by Gilead, and to conduct post-lecture questionnaires
    • To implement Gilead’s internal approval procedures and to create and maintain records related to such procedures
    • To confirm and respond to inquiries regarding Services and products provided by Gilead
    • To analyze information for strategic planning on Gilead website and in our sales and advertising activities
    • To collect, manage, and review information related to payment processing and preparation of payment records
  • Personal Information of Patients
    • To conduct clinical trial, post-marketing surveillance, and other research and investigation related to our business
    • To perform safety management operations
    • To provide compensation for adverse health effects, etc.
  • Personal Information of Employment Candidates
    • To screen candidates for employment and to communicate with potential employees
    • To select employees, and to communicate with potential employees regarding the selection process or pre-employment procedures.
    • To consider and decide whether to accept or reject the application

Joint Utilization of Personal Information. We will jointly utilize personal information as follows:

  • Gilead Group Companies

We jointly utilize the following personal information with Gilead Group companies: (i) personal information of our business partners (wholesalers, contractors, lawyers and other consultants, etc.), (ii) personal information of healthcare providers involved in clinical trials, post-marketing surveillance, research and preparation/presentation of papers conducted by us and academic presentations, healthcare providers providing safety information, and healthcare providers receiving our Services, and (iii) personal information of participants in clinical trials etc. and patients using our Services.

  1. the items of the personal information used jointly
  1. personal information of our business partners (name, address, workplace/affiliation, e-mail, telephone number and financial institutions to which payments are made, etc.)
  2. personal information of healthcare providers involved in clinical trials, post-marketing surveillance, research, and preparation/presentation of papers conducted by us and academic presentations, healthcare providers providing safety information, and healthcare providers receiving our Services (name, workplace/affiliation, department, title, address, email, telephone number, professional qualifications, jointed academic society, academic background, professional career, field/area of specialization and your business activities/achievements, financial institutions to which payments are made, code by Nihon Ultmarc INC., email receipt records (including information on opens and link clicks), status of participation in academic societies and events (including lectures, advisory board meeting, etc.) on Gilead products and treatments and clinical trials, information on Gilead programs, products and activities in which you have been involved, your relationship with Gilead (formulation of our products and details of contracts with us), publicly available information about our business (information regarding licenses and certifications, disciplinary history, litigation and violations of laws and regulations))
  3. personal information of participants in clinical trials etc. and patients using our Services (items required for clinical trials, post-marketing surveillance, safety management operations, etc.)
  1. the scope of the joint users
  1. Gilead Sciences, Inc. and its subsidiaries and affiliates
  1. the purpose for which the personal information is used by them
  1. personal information of our business partners
    • For contract management, payment of remuneration, etc. and its management
  2. personal information of healthcare providers involved in clinical trials, post-marketing surveillance, research, and preparation/presentation of papers conducted by us and academic presentations, healthcare providers providing safety information, and healthcare providers receiving our Services
    • To conduct clinical trial, post-marketing surveillance, and other research and investigation related to our business
    • To collect and provide information on the quality, safety, efficacy and proper use of pharmaceutical products and treatments
    • To collect and provide medical and scientific information
    • For others are described in “Purpose of Utilization”
  3. personal information of participants in clinical trials etc. and patients using our Services
    • To conduct clinical trial, post-marketing surveillance, and other research and investigation related to our business
    • To perform safety management operations
  1. the name of the individual or business operator responsible for the management of the personal information
  1. Gilead Sciences K.K.
     
  2. Gilead Sciences, Inc.

Business Alliance Partners

Gilead Sciences K.K. jointly use personal information with co-promotion companies.

  1. the items of the personal information used jointly
  1. Personal information of healthcare providers involved in clinical trials, post-marketing surveillance, research and preparation/presentation of papers conducted by us and academic presentations, healthcare providers providing safety information concerning the drug or treatment for which the business alliance is intended (“the drug”), and healthcare provider receiving our or our jointly provided Services, concerning the drug (name, medical specialist qualifications, information on the workplace (name, location, department, telephone number and email), status of participation in events (including lectures, advisory board meeting, etc.) on the drug, code by Nihon Ultmarc INC. and records of meetings with employees)
  2. personal information of participants in clinical trials etc. and patients using our Services (Items required for clinical trials, postmarketing surveillance, safety management operations, etc.)
  1. the scope of the joint users
  1. Co-promotion companies
  1. the purpose for which the personal information is used by them
  1. personal information of healthcare providers involved in clinical trials, post-marketing surveillance, research and preparation/presentation of papers conducted by us and academic presentations, healthcare providers providing safety information concerning the drug for which the business alliance is intended
    • To collect and provide information on the quality, safety or efficacy, and proper use of the drug
    • To plan, request, and conduct clinical trial, post-marketing surveillance, other research and investigation and to provide and receive information regarding the drug
    • To provide information on lectures, newly posted contents, product information updates, etc. related to the drug
    • To conduct questionnaires regarding the use of the drug and joint Services, and to conduct questionnaires for lectures
    • To analyze information for the purpose of marketing and advertising the drug/joint services
    • To manage the use of the joint services, prevent abuse, investigate any abuse that may occur, and perform maintenance of the joint services
    • For others are described in “Purpose of Utilization”
  2. personal information of participants in clinical trials etc. and patients using our Services
    • To conduct clinical trial, post-marketing surveillance, and other research and investigation related to our business
    • To perform safety management operations
  1. the name of the individual or business operator responsible for the management of the personal information
  1. Gilead Sciences K.K.
     
  • Nihon Ultmarc Inc.

    Gilead Sciences K.K. use personal information in the Medical Database (MDB) managed and operated by Nihon Ultmarc, Inc. jointly with specific companies (MDB member companies).

    The items of personal information used jointly, the scope of the joint users, the purpose for which the personal information is used by them, the name of the individual or business operator responsible for the management of the personal information, and in the case of a corporation, the name of its representative, are available on the website of Nihon Ultmarc, Inc. (https://www.ultmarc.co.jp/contents/PrivacyPolicy.html).

E. Additional Information for California Residents

In this section, we provide additional information to California residents about how we handle their personal information, as required under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and its implementing regulations (collectively, the “CCPA”). This section does not address or apply to our handling of personal information that is exempt under the CCPA.

Categories of personal information. While our processing of personal information varies based upon our relationship and interactions with you, the table below generally identifies the categories of personal information we have collected about California residents in the past 12 months, as well as the categories of third parties to whom we may disclose this information for a business or commercial purpose:

Categories of Personal Information Third party disclosures for business or commercial purposes
Identifiers: including direct identifiers, such as name, user ID, username, account number or unique personal identifier; email address, phone number, address and other contact information; IP address and other online identifiers.
  • service providers
  • healthcare professionals
  • advisors and agents
  • regulators, government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • social networks
  • internet service providers, operating systems and platforms
  • others as required by law
Customer records: including personal information, such as name, account name, user ID, contact information, education and employment information, account number, and financial or payment information that individuals provide us in order to purchase or obtain our Services. For example, this may include information collected when an individual registers for an account, purchases or orders our products and Services, or enters into an agreement with us related to our products and Services.
  • service providers
  • advisors and agents
  • regulators, government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • social networks
  • internet service providers, operating systems and platforms
  • others as required by law
Commercial information: including records of products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies. For example, this may include demographic information that we receive from third parties in order to better understand and reach our customers.
  • service providers
  • advisors and agents
  • regulators, government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • social networks
  • internet service providers, operating systems and platforms
  • others as required by law
Internet and electronic network activity information: including, but not limited to, browsing history, search history, and information regarding interactions with an internet website, application, or advertisement, including other usage data related to your use of any of our Services or other online services.
  • service providers
  • advisors and agents
  • regulators, government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • social networks
  • internet service providers, operating systems and platforms
  • others as required by law
Location data: including location information about a particular individual or device.
  • service providers advisors and agents
  • regulators, government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • social networks
  • internet service providers, operating systems and platforms
  • others as required by law
Audio, visual and other electronic data: includes electronic or visual information, such as your photograph or electronic signature, call recordings, and webinar and other event recordings.
  • service providers
  • healthcare professionals
  • advisors and agents
  • regulators, government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • social networks
  • internet service providers, operating systems and platforms
  • others as required by law
Professional information: includes professional and employment-related information, such as current and former employer(s) and position(s), credentials, resume, business contact information and professional memberships.
  • service providers
  • healthcare professionals
  • advisors and agents
  • regulators, government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • social networks
  • internet service providers, operating systems and platforms
  • others as required by law
Education information: includes information about an individual’s educational history (such as the schools attended, degrees you were awarded, and associated dates).
  • service providers
  • healthcare professionals
  • advisors and agents
  • regulators, government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • social networks
  • internet service providers, operating systems and platforms
  • others as required by law
Profiles and inferences: includes inferences drawn from any of the information identified above to create a profile reflecting a consumer’s preferences, characteristics, behavior or attitudes.
  • service providers
  • advisors and agents
  • regulators, government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • social networks
  • internet service providers, operating systems and platforms
  • others as required by law
Protected classifications: we may collect some information that is considered a protected classification under California/federal law, including your gender, date of birth, and marital status.
  • service providers
  • advisors and agents
  • regulators, government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • social networks
  • internet service providers, operating systems and platforms
  • others as required by law
Sensitive personal information: in limited circumstances, we collect racial or ethnic origin, genetic data, personal information concerning a consumer’s health and/or sexual orientation, financial information, Social Security number, passport number and other government identifiers.
  • service providers
  • healthcare professionals
  • advisors and agents
  • regulators, government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • social networks
  • internet service providers, operating systems and platforms
  • others as required by law

“Sales” and “Sharing” of Personal Information. The CCPA defines a “sale” as disclosing or making available to a third-party personal information in exchange for monetary or other valuable consideration, and “sharing” broadly includes disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising. While we do not disclose personal information to third parties in exchange for monetary compensation, we may “sell” or “share” (as defined by the CCPA) internet and electronic network activity information, and profiles and inferences, and identifiers to third party ad companies and analytics providers. We do so in order to improve and evaluate our advertising campaigns, monitor and measure site performance, and better reach customers and prospective customers with more relevant ads and content. We do not sell or share sensitive personal information, nor do we sell or share any personal information about individuals who we know are under sixteen (16) years old.

Sources of Personal Information. In general, we may collect personal information from the following sources:

  • Directly from individuals
  • Through our websites, mobile apps, and Services
  • From healthcare professionals
  • From contract research organizations and clinical trial investigators
  • From government agencies and/or public records
  • From third-party service providers, data brokers, or business partners
  • From industry and patient groups and associations
  • From third party sources

Purposes of Collection, Use, and Disclosure. As described in more detail in the “Purposes of Collection and Processing” and “Disclosures of Personal Information” sections above, we collect, use, disclose, and otherwise process the above personal information for the following business or commercial purposes and as otherwise directed or consented to by you:

  • Providing services and support
  • Quality, safety, and regulatory reporting
  • Research and analytics
  • Customization and personalization
  • Marketing and advertising
  • Planning and managing events
  • Security and protection of rights
  • Compliance with law and legal process
  • General business and operational support

Sensitive Personal Information. Notwithstanding the above, we only use and disclose sensitive personal information as reasonably necessary (i) to perform our Services requested by you, (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents, (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct, (iv) to verify or maintain the quality and safety of our Services, (v) for compliance with our legal obligations, (vi) to our service providers who perform Services on our behalf, and (vii) for purposes other than inferring characteristics about you. We do not use or disclose your sensitive personal information other than as authorized pursuant to section 7027 of the CCPA regulations (Cal. Code. Regs., tit. 11, § 7027 (2022)).

Retention. We retain the personal information we collect only as reasonably necessary for the purposes described in this Privacy Statement, in accordance with our records retention policies, as required under applicable law, or as otherwise disclosed to you at the time of collection. The criteria used to determine our retention periods includes: (i) the length of time we have an ongoing relationship with you; (ii) whether we have a legal obligation to retain the information; and (iii) whether retention is necessary due to the nature of our business activities (for example, enforcing other applicable program or participation terms and conditions, or any active litigation or regulatory investigations).

CCPA Rights of California Residents. Individuals who are residents of California generally have the following rights under California law with respect to their personal information processed by us, subject to certain limitations and exceptions:

  • To opt out of sales and sharing. The right to opt-out of our sale and sharing of your personal information.
  • To limit certain uses and disclosures of sensitive personal information. The right to limit our use or disclosure of sensitive personal information to those uses authorized by the CCPA. As noted above in the Section titled, “Sensitive Personal Information,” we only use and disclose Sensitive Personal Information as authorized by the CCPA.
  • Deletion. You have the right to request that we delete your personal information, subject to certain exceptions.
  • To know/access. You have the right to request access to the personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information was collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about them.
  • Correction. You have the right to request correction of inaccurate personal information that we have about you.
  • Non-discrimination. You have the right not to be subject to discriminatory treatment for exercising your rights under the CCPA.

Submitting Requests to Access, Delete, Correct, and Limit. California residents may submit a request via one of the following methods:

  • Our online webform
  • By telephone at +1 (833) GILEAD2 (+1 (833) 445-3232)
  • By mail to the following address:

    Gilead Sciences, Inc. Attn: Privacy
    333 Lakeside Drive
    Foster City, CA 94404

We will take steps to verify your request by (i) sending you an email confirmation link which you must click to confirm your request; and (ii) matching the information provided by you with the information we have in our records. You must complete all required fields on our webform (or otherwise provide us with this information via the other above methods). We will process your request based upon the personal information in our records that is linked or reasonably linkable to the information provided in your request. In some cases, we may request additional information in order to verify your request or where necessary to process your request. If we are unable to adequately verify a request, we will notify the requestor. Authorized agents may initiate a request on behalf of another individual by emailing privacy@gilead.com or calling +1 (833) GILEAD2 (+1 (833) 445-3232). Authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

Requests to Opt Out of Sale and Sharing. California residents may exercise their right to opt-out online by clicking on the “Cookies Settings” link on the website cookie banner of the Gilead site they are visiting. For further information about the data we may collect, please see our Cookie Statement. In addition, our website responds to global privacy control—or “GPC”—signals, which means that if we detect that your browser is communicating a GPC signal, we will process that as a request to opt that particular browser and device out of sales and sharing (i.e., via cookies and tracking tools) on our website. Note that if you come back to our website from a different device or use a different browser on the same device, you will need to opt out of (or set GPC for) that browser and device as well. More information about GPC is available at: https://globalprivacycontrol.org/.

Effective Date: January 1, 2023

This medicine is subject to additional monitoring. This will allow quick identification of new safety information. You can help by reporting any side effects you may get.

Reporting of side effects 
If you get any side effects, talk to your doctor or nurse. In Great Britain and Northern Ireland, you can also report side effects directly via the Yellow Card Scheme, Website: www.mhra.gov.uk/yellowcard or search for MHRA Yellow Card in the Google Play or Apple App Store. You can also report side effects and quality complaints to Gilead. For information now how to report a side effect in another country, click here. By reporting side effects, you can help provide more information on the safety of this medicine.