We, and our Vendors, collect and process the Personal Information (excluding Sensitive Personal Information) described in this Supplemental Notice to:

• Administer Novo Nordisk websites;
• Contact consumers and provide consumers with information, opportunities, updates, or special offers from Novo Nordisk and its business partners;
• Contract with Vendors;
• Identify and recruit subject matter experts, spokespersons, and other professionals;
• Evaluate eligibility for Novo Nordisk programs and services;
• Manage attendance at events and activities we host or sponsor;
• Manage access to and protect our facilities and physical locations;
• Meet legal requirements and ensure compliance with Novo Nordisk policies and procedures;
• Monitor and improve Novo Nordisk’s websites, products, and services, including monitoring the safety and efficacy of our products;
• Plan and manage business activities, including management of consumer relationships and Novo Nordisk personnel that interact with consumers;
• Prepare for and conduct research related to medical conditions, treatments, and therapies;
• Prevent fraud or physical harm;
• Provide consumers with products or services that a consumer or consumer’s healthcare provider requests from us;
• Respond to requests from consumers;
• Support, collect, and monitor publications, presentations, posters, and other media about Novo Nordisk, its products, and associated research; and
• With the consumer’s permission, include information about the consumer in marketing materials or at events, and prepare, evaluate, and distribute or conduct those materials or events.

We, and our Vendors, collect and process the Sensitive Personal Information described in this Supplemental Notice only for:

• Performing the services or providing the goods reasonably expected by an average consumer who requests those goods or services;
• Preventing, detecting, and investigating security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted Personal Information;
• Resisting malicious, deceptive, fraudulent, or illegal actions directed at the business and prosecuting those responsible for those actions.
• Ensuring the physical safety of natural persons;
• Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer's current interaction with us; provided that we will not disclose the consumer's Personal Information to a Third Party and or build a profile about the consumer or otherwise alter the consumer's experience outside their current interaction with us;
• Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf; and
• Undertaking activities to verify or maintain the quality or safety of a product, service, or device that is owned, manufactured by, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us; and
• Collecting or processing Sensitive Personal Information where such collection or processing is not for the purpose of inferring characteristics about a consumer.

We may also anonymize or deidentify any Personal Information we collect. When we do so, we take reasonable measures to ensure that the information cannot be associated with a consumer or household, and we maintain and use the information in deidentified form. We will not attempt to reidentify the information, except that we may attempt to reidentify the information solely for the purpose of determining whether our deidentification processes satisfy applicable legal requirements. After it has been deidentified, the information is no longer Personal Information and is not subject to this Supplemental Notice.

We collect Personal Information about consumers from the below sources:

• For Patients & Caregivers: We may collect Personal Information about patients and caregivers directly from patients and caregivers, as well as from healthcare providers, and health insurance providers. We may also collect Personal Information about patients and caregivers from publicly available sources and from commercial sources, including Vendors and Third Parties, including Third Parties that aggregate and sell data.
• For Healthcare Providers: We may collect Personal Information about healthcare providers from healthcare providers or their patients. We may also collect Personal Information about healthcare providers from publicly-available sources and from commercial sources, including Vendors and Third Parties, including Third Parties that aggregate and sell data.
• For Website Users, Grant Applicants and Recipients, and Others: We may collect Personal Information directly from these consumers. We may also collect Personal Information about these consumers from Vendors and Third Parties.

We have disclosed the following categories of Personal Information to Vendors and Third Parties for a business purpose in the past twelve months:

1.  Identifiers, such a real name, alias, postal address, unique personal identifier, online identifier, internet protocol (IP) address, or other similar identifiers;

2.  Contact and financial information, including phone number, address, email address, medical information, bank account number, credit or debit card number, or other financial information, and health insurance information, including an individual’s insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in the individual’s application and claims history;

3.  Characteristics of protected classifications under state or federal law, such as age, gender, race, physical or mental health conditions, marital status, and religion;

4.  Commercial information, such as including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;

5.  Biometric information, including an individual’s physiological, biological, or behavioral characteristics (including DNA) to the extent it can be used to establish individual identity;

6.  Internet or other electronic network activity information, such as browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement;

7.  Geolocation data, such as device location;

8.  Audio, electronic, visual, thermal, olfactory, or similar information, such as a recording of a customer service call or profile photograph;

9.  Professional or employment-related information, such as work history and prior employer;

10.  Education information, such as academic information and records;

11.  Inferences drawn from any of the information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. (e.g., predications about an individual’s preferences or tendencies);

12.  Individuals’ written signatures; and

13.  Sensitive personal information, including:

    a.  Personal Information that reveals:

        i.  Social security, driver’s license, state identification card, or passport number;

        ii.  Account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials for allowing access to an account;

        iii.  Precise geolocation data;

        iv.  Genetic data.

    b.  Biometric data processed for the purpose of uniquely identifying a consumer;

c. Personal Information collected and analyzed concerning a consumer’s health, including any information in possession of or derived from a healthcare provider, healthcare service plan, pharmaceutical company, or contractor regarding an individual’s medical history, mental or physical condition, or treatment.

Affiliates & Vendors. We may disclose your Personal Information to our affiliates and Vendors for the purposes described in this Supplemental Notice (see “Purposes for Processing Personal Information,” above). Our Vendors provide us with services for our websites, as well as other products and services, such as web hosting, data analysis, payment processing, order fulfillment, customer service, infrastructure provision, technology services, email delivery services, credit card processing, legal services, and other similar services. We grant our Vendors access to Personal Information only to the extent needed for them to perform their functions, and we require them to protect the confidentiality and security of such information.

Third Parties. For each category of Personal Information identified in Section H, we disclose such Personal Information, and have disclosed such Personal Information in the past twelve months, to the following categories of Third Parties:

• At Your Direction. We may disclose your Personal Information to any Third Party with your consent or at your direction. In the case of marketing materials or events in or at which you have consented to appear, this includes disclosure of your Personal Information to the general public.
• Marketing Vendors. We may disclose your Personal Information to Third Parties to provide marketing services in order to serve consumers with online advertising that is more relevant to them based on their network activity data, IP addresses, other online identifiers, and similar information and inferences derived therefrom.
• Healthcare & Insurance Providers. We may disclose your Personal Information to your healthcare provider, pharmacy, and health insurance provider or administrator.

As necessary, we may also disclose your Personal Information in the following contexts:

• Business Transfers or Assignments. We may disclose your Personal Information to other entities as reasonably necessary to facilitate a merger, sale, joint venture or collaboration, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
• Legal and Regulatory. We may disclose your Personal Information to government authorities, including regulatory agencies and courts, as reasonably necessary for our business operational purposes, to assert and defend legal claims, and otherwise as permitted or required by law.

Exercising Data Subject Rights. Consumers who reside in states that have adopted U.S. Privacy Laws have certain rights with respect to the collection and use of their Personal Information. This section provides details regarding the data subject rights available to consumers and the methods Novo Nordisk provides to exercise them. Please note that these rights vary by state. You may exercise the data subject rights applicable to you, based on your state of residence,  by contacting our Privacy Office at NNIPrivacy@novonordisk.com, by calling (888) 870-3901, or by clicking here. Consumers in some states may also authorize an agent to make data subject requests on their behalf. In such instances, authorized agents may use the same methods as you to submit the requests on your behalf. When you submit a data subject request, please indicate the type of request you are making, so that we may properly process and respond to your request in accordance with applicable law.

• Rights that Require Verification.
  • Right to Know. You have the right to know the following details about our privacy practice at or before the point of collection. We have provided such information in this Supplemental Notice. You may also request that we provide you with information about the following aspects of how we have handled your Personal Information specifically in the twelve months preceding your request:
    • The categories of Personal Information we have collected about you;
    • The categories of sources from which we collected such Personal Information;
    • The business or commercial purpose for collecting, selling, or sharing Personal Information about you;
    • The categories of Personal Information about you that we disclosed and the Third Parties or categories of Third Parties to whom we disclosed such Personal Information;
    • The categories of Personal Information about you that we sold, shared, or used for targeted advertising purposes, and the categories of Third Parties with whom we sold or shared such Personal Information;
    • If we collect Sensitive Personal Information, the categories of Sensitive Personal Information to be collected, the purposes for which it is collected or used, and whether that information is sold or shared; and
    • The length of time we intend to retain each category of Personal Information, or if that is not possible, the criteria used to determine that period.
  • Right to Delete. You may request that we delete any Personal Information about you we that we collected from you.
  • Right to Correct. You may request that we correct any inaccurate Personal Information we maintain about you.
  • Right to Access Specific Pieces of Personal Information and Data Portability. You may ask to obtain the specific pieces of Personal Information we have collected about you in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the Personal Information to another entity without hindrance. You may not exercise this right more than two times in a calendar year. 
• Rights that Do Not Require Verification. 
  • Right to Opt-Out of Sale. You have the right to opt out of the sale of your Personal Information. To exercise this right, please click on the “Do Not Sell or Share My Personal Information” button in this Supplemental Notice or on any Novo Nordisk webpage where the button is present.
  • Right to Opt-Out of the Sharing of Your Personal Information or the Use of Your Personal Information for Targeted Advertising. You have the right to opt-out of the sharing of your Personal Information or our use of your Personal Information for targeted advertising purposes. To exercise this right, please click on the “Do Not Sell or Share My Personal Information” button in this Supplemental Notice or on any Novo Nordisk webpage where the button is present.
  • Right to Revoke Consent for or Limit the Use of Your Sensitive Personal Information. You also have the right to revoke consent for or limit the use of your Sensitive Personal Information to the purposes authorized by the applicable U.S. Privacy Laws. However, for California consumers, we do not process Sensitive Personal Information for purposes other than those permitted by the CCPA. For other consumers, as applicable depending on your state of residence, you can revoke consent for use of your Sensitive Personal Information via the methods described above.
  • Right to Opt-Out of Profiling. You also have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects and, depending on your state of residence, to obtain related information about such profiling. However, we do not process Personal Information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects.

Verification of Data Subject Requests. We value the security and confidentiality of your Personal Information. Depending on the type of data subject request you submit, we may ask you to provide information that will enable us to verify your identity before complying with the request. We verify requests carefully and in accordance with applicable law. Further, when a consumer authorizes an agent to make a request on their behalf, we may require the agent to provide proof of signed permission from the consumer to submit the request, we may require the consumer to verify their own identity to us or confirm with us that they provided the agent with permission to submit the request, or we may take similar steps to verify the agent’s authority in accordance with U.S. Privacy Laws. In some instances, we may decline to honor your request if an exception applies under applicable law. We will respond to your request consistent with applicable law.

Non-Discrimination. We will not discriminate against you for exercising your data subject rights. For example, we will not deny goods or services to you, or charge you different prices or rates, or provide a different level of quality for products or services as a result of you exercising your data subject rights.

Appeals. Depending on your state of residence, you may have the right to appeal decisions we make in response to your data subject requests. This section does not apply to California or Utah consumers. To appeal our decision on your data subject requests, you may contact our Privacy Office at NNIPrivacy@novonordisk.com or by calling (888) 870-3901. Please enclose a copy of or otherwise specifically reference our decision on your data subject request, so that we may adequately address your appeal. We will respond to your appeal in accordance with applicable law.

Opt-Out Preference Signals. We recognize opt-opt preference signals that we are required to recognize for compliance with applicable law. We treat such opt-out preference signals as a valid request to opt-out of sale and sharing for the browser or device through which the signal is sent and any consumer profile we have associated with that browser or device, including pseudonymous profiles. If we know the identity of the consumer from the opt-out preference signal, we will also treat such opt-out preference signal as a valid request to opt out of sale and sharing for the consumer. Consumers may use opt-out preference signals by downloading or otherwise activating them for use on supported browsers and setting them to send opt-out preference signals to websites they visit. Please note that our websites are not currently configured to recognize opt-out signals sent via the “Do Not Track” mechanism.

California Residents Under Age 18. If you are a resident of California under the age of 18 and a registered user of our website, you may ask us to remove content or data that you have posted to the website by writing to NNIPrivacy@novonordisk.com. Please note that your request does not ensure complete or comprehensive removal of the content or data, as, for example, some of your content or data may have been reposted by another user.

Disclosure About Direct Marketing for California Residents. California Civil Code § 1798.83 permits California residents to annually request certain information regarding our disclosure of Personal Information to other entities for their direct marketing purposes in the preceding calendar year. To make such a request, please send an email to NNIPrivacy@novonordisk.com with the subject “Shine the Light Request.”

Financial Incentives for California Consumers. We do not provide financial incentives to California consumers who allow us to collect, retain, sell, or share their Personal Information. We will describe such programs to you if and when we offer them to you.

Privacy Notice for Nevada Residents. We sell Covered Information as defined under Nevada law, and we may disclose personal information as defined under Nevada law for commercial purposes. Under Nevada law, you have the right to direct us to not sell your personal information to third parties. To exercise this right, if applicable, you or your authorized representative may contact our Privacy Office at NNIPrivacy@novonordisk.com.

Changes to our Supplemental Notice. We reserve the right to amend this Supplemental Notice at our discretion and at any time. When we make material changes to this Supplemental Notice, we will notify you by posting an updated Supplemental Notice on our website and listing the effective date of such updates, or by other means as required by U.S. Privacy Laws.

L. Contact Us

Call (888) 870-3901 or email us at NNIPrivacy@novonordisk.com to contact us with questions regarding this Supplemental Notice. If you are unable to review or access this Supplemental Notice due to a disability, you may contact us to request access to this Supplemental Notice in an alternative format.