Varian Medical Systems Privacy Statement
Effective date: December 28, 2020
Varian Medical Systems, Inc. (including its affiliate entities, (collectively, "Varian," “We”) is an American radiation oncology treatments and software developer based in Palo Alto, California. Our medical devices include linear accelerators and software for treating cancer and other medical conditions with radiotherapy, radiosurgery, proton therapy, and brachytherapy. We supply software for managing cancer clinics, radiotherapy centers, and medical oncology practices. In addition, we supply tubes and digital detectors for X-ray imaging in medical diagnostics, dentistry, veterinary care, scientific, security, industrial inspection including high-energy X-ray technology for cargo screening. We employ more than 7,100 people at manufacturing sites in North America, Europe, China, and approximately 70 sites globally.
We are committed to respecting your privacy. As you visit our website, our intent is that your experience is informative, convenient and secure. Varian has adopted the following privacy statement to explain our commitment to your privacy and how we responsibly manage the personal data provided by you.
This privacy statement applies to our varian.com domain and other Varian websites, applications and service platforms (including those offered through MyVarian) that link to this privacy statement. This privacy statement discloses Varian's practices with respect to the type of information that we gather, the way we use information internally and our policy regarding sharing information with others. This privacy statement also describes how you can manage your personal information.
We encourage you to read this privacy statement carefully in order to ensure that you are in control of your personal information received by our company.
Collection of Personal Information
When you visit our website or use our mobile app, we may ask you to provide certain personal information, which means any information that is related to an identified person, or that may be used to identify an individual, including: first and last name, email address, a home, postal or other physical address or phone number. We may also ask you to provide other personal information such as title, occupation, industry, or personal interests that is necessary or useful to provide a product or service that you have requested.
If you choose to make a purchase or sign-up for an on-line service, we may collect additional information such as your credit card information, billing address, and other billing account information.
If you have signed-up to receive newsletters or other marketing material, we may collect your first and last name, title, physical address and other personal information necessary to enhance your visit to Varian's website or request information regarding our products or services.
As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
Purposes of Using Personal Information
Varian may use and otherwise process personal information for a number of reasons. Unless otherwise stated or apparent for the context, Varian's legal basis to do so under applicable law (including European and other worldwide privacy laws) is that such processing is necessary in Varian's or a relevant third party's legitimate interests. Such legitimate interests include those listed below and those set out elsewhere in this privacy statement:
- Providing you with certain products, services and information, including marketing and promotional related information;
- Maintaining or administering services, performing business analyses, or for other internal purposes to improve the quality of our business, products and services we offer; and
- Publishing stories, comments, photos, and other information posted in our interactive and story sharing features.
We may also process your information in order to comply with our legal obligations, to perform a contract between us and you, or to establish and defend any legal claims. In some cases, our basis for processing will be because you have consented to our use of your information. You have the right to withhold or withdraw such consents at any time. If the means for doing so are not apparent from the context, please contact us at email@example.com.
By using our website, you accept and consent to the practices described in this privacy statement. Where the foregoing consent does not apply or is not applicable under local law, then Varian will rely on its other legal basis described in this privacy statement.
Domain Name and IP Address
We collect the domain names and IP addresses of our visitors for statistical purposes, in order to measure use of our website, to improve the content or responsiveness of our site or to customize the content or layout of the site for the individual visitor. We may also aggregate information relating to our visitors' traffic patterns from the data that we collect and retain concerning the IP addresses and domain names of our visitors, and we may divulge such aggregate information about our users with third parties such as our business partners, distributors, and service and support providers.
We do not link aggregate user data with personal information. You may visit our website anonymously if you wish, by using appropriate software or web services available from or through third parties.
We or our third-party tracking and analytics utility providers, as applicable, maintain a log file of all actions that are initiated or facilitated using our website, to capture, record and store data concerning the activity. Access to this data is restricted to those providers and those who administer our network and public website.
You should know that e-mail is not necessarily secure against all forms of interception. If your communication includes sensitive information about you and you would prefer not to transmit this information in this fashion, please contact us by mail or telephone rather than e-mail.
We collect e-mail addresses that are volunteered by the visitor, from e-mail messages addressed to our company or its employees, or through visitor participation in surveys and site registrations.
We use the e-mail addresses that you provide for marketing purposes and to inform those interested in our products about events, products, services or other items of interest. Additionally, we use such e-mail addresses to notify visitors about recent updates to our website, to provide product or service news notifications or newsletters, and to confirm registrations or reserved seating at seminars and conferences.
You may opt-out of receiving the promotional or marketing e-mails at any time by (1) clicking on the unsubscribe link located at the bottom of the message, (2) notifying us at the address specified at the bottom of any unwanted e-mail, (3) changing your e-mail preferences in any user profile that you may have created, or (4) by contacting marketing communications at firstname.lastname@example.org. These opt-out procedures will not be available for e-mails that are necessary to provide confirmation of a completed transaction (such as a purchase, service request or change in the visitor's user profile) or for e-mails that confirm a visitor's status as a registered user of the Varian website.
Other Uses of Personal Information
We may use a mailing address or phone number that a visitor provides for a variety of Varian related reasons. We may send periodic mailings to visitors or make telephone calls to inform our visitors who have provided a mailing address or telephone number of new products, services or events. Your mailing address and telephone number may also be used to contact you about orders placed on-line, as a reminder about events for which you have registered, or to provide information that you have requested.
If you do not wish to receive such calls or mailings about new products, services or events, you may request to be removed from the contact list by contacting marketing communications at email@example.com. You may not opt out of service related communications.
Information Shared with Outsite Parties
Any information that you provide to us will be used for our purposes only as set out in this privacy statement. Except as specified in this privacy statement, your information will not be sold or shared with individuals outside the employ of Varian, or with other companies. We may share your information with third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your personal information only as necessary to provide these services to us. For example, we may provide your name and delivery address to third parties that we use for delivering specific products or services to you (such as support services, shipping or direct mail organizations).
Some of Varian's services and direct mailing functions are run by outside vendors. These companies receive information provided by the visitor and supply the visitor with the material requested. We also use outside vendors for web hosting, event registration, applying for a position with us and credit card processing. When you sign up for these services, we will share information such as your personal information or sensitive data as necessary for a third party to provide that service. Varian and these companies have entered into an agreement whereby the information supplied by and about Varian's visitors cannot be shared with outside companies by the outside vendor without Varian's authorization and such visitor information cannot be used for any purposes other than to perform a service or supply materials requested by the visitor.
Varian complies with applicable law and legal obligations to respond to governmental, law enforcement and court requests for personal information and other information and data about our visitors and their transactions. In certain situations, Varian may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Varian's Legal Department may access and use your personal information and other information or data to protect our rights, in the event of a dispute or in response to legal process, law enforcement inquiries or abuse of our website.
If Varian is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
We may also disclose your personal information to any other third party with your prior consent.
Technologies such as cookies—small text files stored on your computer or mobile device to remember your actions or preferences over time—beacons, tags and scripts are used by Varian and some of our third-party partners (including analytics partners and service providers). These technologies are used in analyzing trends, administering the site, tracking users' movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
Third parties with whom we partner with to provide certain feature on our site or to display advertising based upon your web browsing activity use Local Storage / Shared Objects (LSOs) such as HTML5 and Flash Cookies to store content information and preferences. Various browsers may offer their own management tools for removing such LSOs. To manage Flash Cookies, please click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.
We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. We suggest that you change your passwords often, that your passwords include a combination of letters and numbers, and that you make certain that you are using a secure browser. When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL). Products and services are available which can help give you privacy protection while navigating the web. See http://www.privacyalliance.org/resources/rulesntools/ for an overview of many privacy-related tools.
If you have any questions about security on our website, you can email us at firstname.lastname@example.org.
We safeguard the security of the data you send us with certain physical, electronic, and managerial procedures. We have taken reasonable precautions to protect against misuse, theft, loss, unauthorized access, disclosure, alteration or destruction of your personal information. For seminar registrations, our forms are sent through a server protected by a firewall. Additionally, we use industry-standard-encryption to enhance the security of data transmissions. If there is ever a time when we will need to transfer or receive particularly sensitive information we will notify you in an appropriate fashion.
Managing Personal Information
If for any reason you wish to correct, update, or delete your personal information or profile please log on to your account in order to make these changes or contact us at email@example.com. You may also object to, or request restriction of, Varian's processing of your personal information, and request portability or access to your personal information held by Varian. In case there is a problem in making your request, send an email to firstname.lastname@example.org. We will respond to your request to access, correct, or delete any personal information within 30 days.
Varian processes data for its customers in the medical and healthcare sector. Individuals seeking access, correction, or deletion of personal data by a customer of Varian should contact that customer (the data controller) directly.
We will retain and use your personal information for as long as your account is active, for as long as needed to fulfill our service obligations to customers and for other purposes as set out in this privacy statement, in accordance with applicable laws. Also, we will retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We maintain your personal information on servers and computers located in the United States and operated under our direct supervision and control. If you request information from us which best falls under the expertise of a foreign office, we may forward your contact information to that office so that office may respond to your request directly. Otherwise, we do not forward your personal information outside the United States.
We will take reasonable steps to ensure that all data collected is accurate, complete and timely for the purposes for which they are to be used. In order to maintain an accurate database, we may supplement any of the information above with information you have provided to us by other means or channels such as sales representatives. We urge you to check your profile regularly to ensure that such information is accurate, complete and timely.
Your email address and other contact information is added to our general customer database so we may periodically contact you with new product and promotion information. To opt out of these forms of communication, please contact us at email@example.com.
We do not structure our website to attract children. Accordingly, we do not knowingly collect personal information from anyone who is 13 years of age or younger (or a different age that constitutes a minor under relevant local law outside of the United States).
Third Party Sites
Varian's website may contain links to other sites. When you click on one of these links you are being transferred to a website operated by someone other than Varian. If you submit your personal information to any of these websites, your information is governed by their privacy policies. Varian does not share your personal information with these websites and is not responsible for their individual privacy practices. We encourage you to investigate the privacy policies of any website you visit.
When you are on our site, please be aware that we have links to other sites that may have the look and feel of our site. Please also be aware that our site is hosted by a third party hosting service provider.
Social Media Features and Widgets
Our website may include social media features, such as the Twitter button and Widgets, such as the "Add This” button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy statement of the company providing it.
You can log in to some areas of our site using sign-in services such as Open ID providers. This type of service will authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign-up form. Services like these may provide the option to post information about your activities on this website to your profile page or share postings with others within your network.
Transfers of Personal Data
Your Personal Data may be stored and or accessed outside of the country in which you live. As of July 16, 2020 (the ”Decision Date”), we rely on country-level adequacy decisions or utilize privacy frameworks to legitimize the transfer of the Personal Data or Health Data, such as the Standard Contractual Clauses or similar for EEA, Switzerland and UK transfers.
Prior to the Decision Date, we relied on our EU-US Privacy Shield certification as one means of demonstrating adequacy and safeguarding transfers of data from the EEA. In addition to Privacy Shield, we also executed Standard Contractual Clauses with entities involved in such data transfers. For transfers occurring prior to the Decision Date, we will continue to be responsible for the processing of EEA, Switzerland and UK Personal Information under the EU Privacy Shield Framework and will maintain full compliance with the requirements of that framework until further notice.
Participation in Privacy Shield
Varian participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and the United Kingdom and/or Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework's applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce's Privacy Shield List.
Varian is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Varian complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Varian is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have any complaints regarding our compliance with this privacy statement, the EU-U.S. Privacy Shield Framework or the Swiss-U.S. Privacy Shield Framework you can first contact us at firstname.lastname@example.org.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
You may lodge a complaint with the relevant data protection supervisory authority if you consider that our use of your information infringes applicable law.
We post customer testimonials on our website which may contain personal information such as the customer's name. We do obtain the customer's consent prior to posting the testimonial to post their name along with their testimonial. If you wish to update or delete your testimonial, you can contact us at email@example.com or by using the information below.
Changes to this Privacy Statement
Varian may decide to change this privacy statement from time to time to reflect changes to our information practices. When we do, we will post those changes on this page so that you are always aware of the information we collect, how we use it, and under what circumstances we disclose it. If we make material changes to this statement, we will notify you here in advance, by email (sent to the email address specified in your account), or by means of a notice on our home page. We encourage you to periodically review this page for the latest information on our privacy practices.
Oversight and Questions
We welcome comments and questions on this privacy statement. As stated above, we are dedicated to protecting your privacy, and we will make every reasonable effort to keep your information secure. If you have any questions or comments about this statement you can contact us electronically at firstname.lastname@example.org.
Additionally, you may contact us by writing via postal mail at the following address:
Varian Medical Systems, Inc.
Attention: Data Privacy Office
3120 Hansen Way, M/S G100
Palo Alto, CA 94304.