WA/NV Consumer Health Data Notice

Updated June 2024

This Consumer Health Data Privacy Notice (the “Notice”) explains our collection, use, and disclosure of personal information that may identify your past, present, or future physical or mental health status (“Consumer Health Data”). This Notice does not apply to information we collect through clinical trials or to our employees and contractors. This Notice supplements our Online Privacy Statement, which may be consulted for additional information about our privacy practices.

Consumer Health Data we collect

We may collect Consumer Health Data in certain circumstances, such as in the context of our medical information activities and to respond to medical inquiries. Examples of Consumer Health Data we collect include health conditions and diagnoses, treatment information, medication and prescription information, prescription number, dosage, and other health information you may voluntarily provide us. As described in our Online Privacy Statement, we do not solicit information about your health online but cannot prevent you from supplying it. We also have adopted procedures to limit the amount of health information we receive, such as in some cases requiring de-identification.

Categories of sources

We collect Consumer Health Data from sources including: directly from you when you share it with us; from your healthcare provider; through our websites; and from our business partners.

Our use of Consumer Health Data

We use the Consumer Health Data we collect to provide a product of service requested by you or to comply with applicable laws, such as to provide our patient assistance and medical information programs; to respond to medical inquiries; for adverse event and safety reporting as disclosed in our Online Privacy Statement; communicating information about our products and services; and to comply with law or regulatory obligations.

Our disclosure of Consumer Health Data

We disclose the categories of Consumer Health Data described above in the following situations:

Service Providers. We may share your information with third parties who perform certain functions and services for us, including organizing, processing, tracking and storing information on our behalf.

Partners. We may share your information with our partners relating to medical information requests for the purposes of ensuring the request is appropriately handled by the correct party.

Legal. We may disclose your personal information if we conclude that we are required by law (including to regulatory authorities pursuant to applicable regulations) or to comply with valid legal processes (such as a search warrant, subpoena, or court order), or if we have a good faith belief that access, preservation, or disclosure of such information is reasonably necessary to protect the rights, property, or safety of Exelixis, our customers, or the public.

Corporate Event. We may disclose your information in the event of a transfer of control of Exelixis or the sale of substantially all its assets (subject to appropriate confidentiality protections).

Your rights under state law

Residents of Washington and Nevada have the right to access, delete, and correct certain Consumer Health Data we collect about them. If you would like to exercise any of the rights described above, please email privacy@exelixis.com with the phrase “Data Subject Request” in the subject line. You may also call 1-833-306-0552 or complete our web form. If your request to exercise your rights is denied, you may appeal that decision using our web form. If you submit an appeal, select the type of request you are appealing (access, delete or correct) and describe the basis for your appeal under “Request details.” Please note that the rights described are not absolute and we reserve all of our rights available under applicable laws.

For your security and to ensure unauthorized third parties do not access your Consumer Health Data, we will require you to verify your identity before we can act on your request. In order to do this, we will request that you match specific pieces of information we have been provided previously. For requests relating to particularly sensitive information, we may require additional proof of identification.

Your state may also provide you with the right to revoke your consent for the processing of Consumer Health Data or to request that Exelixis stop processing your Consumer Health Data. As described in this Notice, Exelixis does not process Consumer Health Data except as reasonably necessary to provide goods or services that you have requested or as required by law. As a result, we do not offer a generally applicable option to revoke consent or stop processing Consumer Health Data. If consent is required for Exelixis to process your Consumer Health Data, you will be provided with a separate notice that describes how you may revoke your consent at the time your consent is obtained.

Depending on your state of residence, you may have additional privacy rights. For more information, please see “Data subject rights” in our Online Privacy Statement.

Changes to this Notice

We will update this Notice when necessary to reflect changes in how we use Consumer Health Data or the applicable law. When we post changes to this Notice, we will revise the “Effective Date” at the top of the Notice.

How to contact us

In the event of any questions, comments or concerns, please write to us at Legal Department, Exelixis, Inc., 1851 Harbor Bay Parkway, Alameda, California 94502, or at privacy@exelixis.com. Or, you can call us at 1-650-837-7000.

You are now leaving the exelixis.com website. This link will take you to a website to which our Privacy Policy does not apply. You are solely responsible for your interactions with that website.