Mallinckrodt Privacy Policy

Introduction

The privacy and protection of personal information is of importance to Mallinckrodt Pharmaceuticals. This Privacy Policy (Policy) describes how Mallinckrodt and its affiliates and brands collect, use, and share personal information.

If you are a Healthcare Professional (“HCP”), for additional information about how we collect, use, and share your personal information, please click here.

You can jump to particular topics by going to the links below:

Contents

Contact Information

The primary data controller is Mallinckrodt Pharmaceuticals Ireland Limited, with registered offices at College Business & Technology Park, Cruiserath, Blanchardstown, Dublin 15, Ireland.

If you have any questions, comments, or complaints concerning our data privacy or data protection practices, please contact us at privacy@mnk.com or call us at 800-822-2075.

Types of Data We Collect

Personal Information means any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person.

The following provides examples of the types of data that we collect from you and how we use the information.

Context	Types of Data	Legal Basis and Purpose for Processing, Collection and Use of Data
Account Registration	We may collect your name and contact information when you create an account or subscribe to receive information updates.	We have a legitimate interest in providing account-related functionalities to our users. Accounts can be used for easy checkout and to save your preferences and transaction history.
Demographic Information	We may collect personal information from you, such as your name, postal address, age or location.	We use this information to conduct our normal day-to-day business. We have a legitimate interest in understanding our users and providing tailored services. In some contexts, we are also required by law to collect this information.
Employment or Prospective Employment	If you apply for employment, or become an employee, we may collect personal information necessary to process your application or to manage you as a member of our workforce. This may include, among other things, your telephone number, postal address, email address, age, location, benefits elections, employment history, salary information, educational background, driver’s license or social security number.	We use information about current and prospective employees to perform our contract of employment, or the anticipation of a contract of employment, with you. In some contexts, we are also required by law to collect information about our employees. We also have a legitimate interest in using your information to have efficient staffing and work force operations. In some circumstances, our use is based upon your consent, including, for example, your consent to communicate with us through voice and video teleconferencing.
Feedback/Support	If you provide us feedback or contact us for support, we will collect your name and email address and possibly other personal information, as well as any other content that you send to us in order to reply.	We have a legitimate interest in receiving, and acting upon, your feedback or issues.
Mailing List	When you sign up for one of our mailing lists we may collect your email address or postal address.	We share information about our products and services with individuals that consent to receive such information.
Online Forms, Submissions and Surveys	We collect information you submit to us on our websites, through online forms or by completing a survey and registrations to process your requests, for example to grant applications.	Our use is based upon your consent to provide us with information. We may also use this information to perform our contract, or the anticipation of a contract, to provide you with products or services.
Order Placement	We may collect your name, billing address, shipping address, email address, and telephone number when you place an order.	We use your information to perform our contract to provide you with products or services.
Seminars and Event Management	When you register for or attend a seminar or medical symposium, we may collect your name, contact information, job title, professional specialty, and dietary preference.	We use your information to perform our contract to provide you with services. We also have a legitimate interest in using your information to coordinate events.
Automatic Technologies or Interactions	As you interact with our website, we may automatically collect data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive technical information about you if you visit other websites employing our cookies We may collect information from you, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to your computer when you use the Internet), domain name, click-activity, referring website, and/or a date/time stamp for your visit. Web logs may be used for things like monitoring website usage levels, diagnosing problems, and detecting cybersecurity threats. We may collect information about the device accessing the website such as MAC address, device type, and device identifiers.	We have a legitimate interest in engaging in behavior-based advertising and capturing website analytics. You will provide consent for the use of cookies when required by law other than strictly necessary cookies. Web logs may be used for things like monitoring website usage levels, diagnosing problems, and detecting cybersecurity threats. We have a legitimate interest in making our website operate efficiently, in identifying unique visitors, and in understanding how users interact with us on their devices.
Clinical Trials	We may process your personal data on our behalf as part of a formal clinical trial. Personal data collected and processed by a third party on our behalf may include your name, postal address, email address, health-related information, age and biometric data relating to the trial.	Our use is based upon your consent. In some contexts, we are also required by law to collect this information.
Pharmacovigilance and Regulatory Requirements	We may process your personal data to meet our regulatory pharmacovigilance requirements. Personal data may include your name, postal address, email address and, in some cases, health-related data.	We use your information to comply with applicable laws.
Provision of Professional Education	We may process your personal data to assist in the provision of professional education regarding our products. This may include your name, postal address, email address and telephone number.	Our use is based upon your consent.
Customer Service/Call Center Interactions	We may process your personal data when providing customer service or product support via a call center or directory, including via recorded telephone or videoconference calls. Personal data processed may include your name, postal address, email address, and telephone number.	We have a legitimate interest in receiving, and acting upon, your feedback or issues.
Safety and Physical Security	As the safety of life is of the utmost importance to us, we may process your personal data to protect your health and safety while attending our sites. Personal information processed may include your name, postal address, age, location and contact details.	We use your information to protect the vital interests of yourself and others.

In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources.

Sharing Of Personal Information

In addition to the specific situations discussed elsewhere in this Policy, we may disclose personal information in close relation to the purposes specified above to trusted third parties, collectively referred to as “Recipients.”

Affiliates and Acquisitions. We may share your personal information with our corporate affiliates (i.e., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires our company, one of our businesses, or our assets, we will also share your personal information with that company as necessary, including at the negotiation stage.
Other Disclosures with Your Consent. We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this Policy.
Other Disclosures without Your Consent. We will disclose personal information when required in response to subpoenas, warrants, or court orders, in connection with any legal or regulatory process, or to comply with relevant laws. We will also share your personal information as necessary in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, for audit purposes, or a violation of our policies.
Service Providers. We will share your personal information with service providers that are committed to/or under appropriate statutory obligations of confidentiality such as website hosting; email services; marketing; clinical research organizations (CROs); clinical trial administration, advertising, auditing; payment processing; fulfilling customer orders; data analytics; providing customer support; conducting customer research and satisfaction surveys; managing events; accepting grant applications; cloud storage services; and other services that assist in providing or selling our products and services. These service providers may collect, store, analyze, or otherwise process information on our behalf.

How We Protect Personal Information

No method of transmission over the internet, or method of electronic storage, is fully secure. While Mallinckrodt implements appropriate technical and organizational security measures to protect your personal information from unauthorized access, use, or disclosure, due to the public nature of the internet, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of any unauthorized access to your personal information, we will notify you electronically, in writing, or by telephone, if permitted to do so by law.

Some of our websites permit you to create an account. When you do, you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether or not such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account.

Cookies and Other Web Devices

Each website can send its own cookie to your web browser if your browser’s preferences allow it. Cookie settings can be controlled in your internet browser to automatically reject some forms of cookies. If you do not allow cookies, some features and functionality of our site may not operate as expected.

Mallinckrodt may use Adobe Flash technology (including Flash Local Stored Objects “Flash LSOs”) that allow Mallinckrodt to, among other things, serve you with more tailored information, facilitate your ongoing access to and use of the Site, and collect and store information about your use of the Site. Some of our websites or emails also use pixel tags, web beacons, clear GIFs, or other similar technologies to measure the success of marketing campaigns, and compile statistics about usage and response rates, and other purposes.

Mallinckrodt may use other web devices to track website usage and views. If you have questions or concerns about our cookie or web device usage, please contact us at privacy@mnk.com or call 800-822-2075.

Your EU Privacy Rights

Pursuant to EU General Data Protection Regulation (GDPR), below is additional specific information which relates to the processing of personal information of Data Subjects who are in the EU. Mallinckrodt has put in place a data protection governance structure to ensure the data privacy rights and freedoms of Data Subjects are protected.

Transfers to Other Countries. Some of the personal information we collect may be transferred to Recipients who are established in other countries, such as the United States. Transfers of EU personal data are based on an adequacy decision, standard contractual clauses, or your consent.
Retention. We retain personal information for as long as reasonably deemed required for legal or business purposes. During these periods, we take all appropriate steps to ensure that the privacy of your personal data is maintained. For further details, please contact privacy@mnk.com or call 800-822-2075.
Data Subject Rights. For Data Subjects in the EU, pursuant to and to the extent allowed by applicable law, you have the following rights:
- The right to be informed about our collection and use of your personal data.
- The right to access the personal data we hold about you.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
- The right to be forgotten (erasure), i.e., the right to ask us to delete or otherwise dispose of any of your personal data that we hold.
- The right to restrict (i.e., prevent) the processing of your personal data.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
Compliance. You have the right to lodge a complaint with the Data Protection Authority in your country, including the Data Protection Commission, regarding the processing of your personal information in the EU. Contact details are available at https://www.dataprotection.ie/en/contact/how-contact-us or https://edpb.europa.eu/about-edpb/board/members_en.

California Consumer Privacy Act Rights

Subject to legal limitations, if you are a resident of California, you may have the right to make the following choices regarding your personal information:

Access to Your Personal Information. You may request access to your personal information by contacting us as described below. If required by law, upon request, we will grant you reasonable access to the personal information that we have about you. You may be entitled to ask us for a notice describing what categories of personal information (if any) we share with third parties or affiliates for direct marketing.
Changes to Your Personal Information. You may have a right to modify your personal information. You may contact us as described below in order to request that your information by modified. Note that we may keep historical information in our backup files as permitted by law.
Deletion of Your Personal Information. You may request that we delete your personal information by contacting us as described below. If required by law, we will grant a request to delete information, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.
Objection to Certain Processing. You may object to our use or disclosure of your personal information by contacting us as described below.
Promotional Emails. You may choose to provide us with your email address for the purpose of allowing us to send communications and promotional materials to you. You can stop receiving most emails by following the unsubscribe instructions in emails that you receive. If you decide not to receive these emails, we may still send you service related communications.
Revocation of Consent. If you revoke your consent for the processing of personal information then we may no longer be able to provide you services. In some cases, we may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity. You may revoke consent to processing (where such processing is based upon consent) by contacting us at the address described below.

Note that, as required by law, we will require you to prove your identity. We may verify your identity by telephone call or email. Depending on your request, we will ask for information such as your name, your physical address, or the name of our clinical trial in which you participated. We may also ask you to provide a signed declaration confirming your identity. Following a request, we will use reasonable efforts to supply, correct or delete personal information about you in our files.

In some circumstances, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf. We will require verification that you provided the authorized agent permission to make a request on your behalf. You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us. If you are an authorized agent submitting a request on behalf of an individual you must attach a copy of the following information to the request:

A completed Authorized Agent Designation Form indicating that you have authorization to act on the consumer’s behalf.
If you are a business, proof that you are registered with the Secretary of State to conduct business in California.

If we do not receive both pieces of information, the request will be denied.

Requests to exercise your rights must be sent to privacy@mnk.com or made via telephone by calling 800-822-2075.

Other Important Information

The following additional information relates to our privacy practices:

Minors. Our websites are not for individuals under age 13. Those individuals should not access a website or provide personal information to us.
Third-Party Applications/Websites. We have no control over the privacy practices of websites or applications that we do not own.
Changes to This Policy. We may change our Policy and practices over time. To the extent that our Policy changes in a material way, the version of the Policy that was in place at the time that you submitted personal information to us will generally govern that information. Our Privacy Policy includes an “effective date” and a “last updated” date. The “effective date” refers to the date that the current version took effect. The “last updated” date refers to the date that the current version was last substantively modified.
Accessibility. If you are visually impaired, you may access this notice through your browser’s audio reader.
Information for California Residents. California law indicates that organizations should disclose whether certain categories of information are collected, “sold” or transferred for an organization’s “business purpose” (as those terms are defined under California law). You can find a list of the categories of information that we collect and share below. Please note that because this list is comprehensive it may refer to types of information that we share about people other than yourself. If you would like more information concerning the categories of personal information (if any) we share with third parties or affiliates for those parties to use for direct marketing please submit a written request to privacy@mnk.com or call 800-822-2075. We do not discriminate against California residents who exercise any of their rights described in this Privacy Policy.

Last Updated: July 2020

Effective: January 2018

California Information Sharing Disclosure

California Civil Code Sections 1798.115(c), 1798.130(a)(5)(c), 1798.130(c), and 1798.140 indicate that organizations should disclose whether the following categories of personal information are collected, transferred for “valuable consideration,” or transferred for an organization’s “business purpose” (as those terms are defined under California law). We do not “sell” your personal information. The table below indicates the categories of personal information we collect and transfer in a variety of contexts. Please note that because this list is comprehensive, it may refer to types of information that we collect and share about people other than yourself. For example, while we transfer credit card or debit card numbers for our business purposes in order to process payments for orders placed with us, we do not collect or transfer credit card or debit card numbers of individuals that submit questions through our website’s “contact us” page.

Categories of Personal Information We Collect	To Whom We Disclose Personal Information for a Business Purpose
Identifiers – this may include real name, alias, postal address, unique personal identifier, online identifier, email address, account name, social security number, driver’s license number, passport number or other similar identifiers.	Affiliates or subsidiaries Third Party Service Providers Business partners Government entities, as may be needed to comply with law or to prevent illegal activity
Additional categories of personal information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) – this may include signature, physical characteristics or description, state identification card number, insurance policy number, education, bank account number, credit card number, debit card number, and other financial information, medical information, and health insurance information.	Affiliates or subsidiaries Third Party Service Providers Business partners Government entities, as may be needed to comply with law or to prevent illegal activity
Characteristics of protected classifications – this may include age, sex, race, ethnicity, physical or mental handicap, etc.	Third Party Service Providers Government entities, as may be needed to comply with law or to prevent illegal activity Business partners Affiliates or subsidiaries
Commercial information – this may include information about products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Third Party Service Providers Government entities, as may be needed to comply with law or to prevent illegal activity Business partners Affiliates or subsidiaries
Biometric information	Service Providers Affiliates or subsidiaries
Internet or other electronic network activity information – this may include browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement.	Affiliates or subsidiaries Third Party Service Providers Business partners Government entities, as may be needed to comply with law or to prevent illegal activity
Audio, electronic, visual, thermal, olfactory, or similar information	Affiliates or subsidiaries Third Party Service Providers Business partners Government entities, as may be needed to comply with law or to prevent illegal activity
Professional or employment-related information	Affiliates or subsidiaries Third Party Service Providers Business partners Government entities, as may be needed to comply with law or to prevent illegal activity