Privacy Policy
Our Privacy Policy Has Recently Changed
The privacy and security of your information is very important to us. We have made material changes to the Privacy Policy that apply with respect to information that you provide on or after the date indicated in the “Last Updated” legend above. These changes include:
- Detailed information regarding what personal data and other information we collect from you, how we collect it, and how it is used;
- Further descriptions of the parties with whom and for what purposes your data is shared; and
- What rights you have regarding your personal data.
1. Introduction
This Privacy Policy explains how Cardinal Health, Inc. and its affiliates collects and uses your information.
Our Privacy Policy applies to all who visit and use our website, cardinalhealth.com, and online services as well as the websites and online services offered by our affiliates (collectively the “Site”). Affiliates are those entities that are owned, directly or indirectly, by Cardinal Health, or that are controlled by or under common control with Cardinal Health. References in this Privacy Policy to “Cardinal Health,” “we,” “our” or “us” are references to the entity that is responsible for the collection and use of your personal data, which is generally the entity that obtains your personal data in the respective case. This entity also is referred to as the data controller.
This Privacy Policy excludes those websites and online services operated by Cardinal Health or our affiliates that have separate privacy policies and do not link to this Privacy Policy or incorporate it by reference. Different privacy policies also may apply to other parts of Cardinal Health’s web presence – for example, password protected areas or web pages for online recruitment. Our Privacy Policy applies only to activities we engage in on the Site and does not apply to activities that are “offline” or unrelated to the Site.
This Privacy Policy is incorporated into our Terms and Conditions, also which apply when you use our Site. By using the Site and by providing your personal data and other information through the Site, you acknowledge that your personal data will be processed pursuant to the terms of this Privacy Policy. If you do not agree with the practices described in this Privacy Policy, please do not provide us with your personal data or otherwise interact with the Site.
We reserve the right to modify this Privacy Policy at any time. If we make any material changes to our Privacy Policy, we will provide notice on this Site prior to the changes becoming effective. You can determine when this Privacy Policy was last revised by referring to the date it was “Last Updated” above.
You can review the last version of this Privacy Policy. We encourage you to periodically review the Privacy Policy for any modifications.
2. What personal data do we collect about you?
Personal Data as used in this Privacy Policy refers to any information relating to an identified or identifiable individual, or as defined under applicable law. When you visit and voluntarily interact with our Site, we collect Personal Data such as:
- Your first and last name;
- Residential and billing address;
- Company name;
- Occupational role;
- Social medial name and profile;
- Internet Protocol (IP) address;
- Contact details (e.g., telephone number, fax number, e-mail address);
- Date of birth;
- Purchase and ordering history ; or
- Other information you voluntarily provide.
3. When do we collect personal data about you?
Cardinal Health does not collect any Personal Data from you through the Site unless you voluntarily choose to disclose such information. We may ask you to provide certain Personal Data at various times and places on the Site. In some cases, if you choose not to provide us with the requested Personal Data, you may not be able to access all of the Site or participate in all of its features.
For example, we may collect Personal Data from you when you:
- Register, subscribe, or create an account with us;
- Purchase products from Cardinal Health through our Site;
- Open or respond to our e-mail offers;
- When you voluntarily provide us with information through our customer surveys which we may then link to Personal Data that we previously collected about you;
- Contact customer service, use our “Connect” feature to converse with a Cardinal Health representative, or make use of our customer support tools;
- Sign-up for our e-mail updates and newsletters, such as our “Essential Insights” newsletter;
- Connect, link or “share” our Site via social networking sites;
- Provide ratings or reviews of our products and services; or
- Apply for a job at Cardinal Health. More information on our data protection practices with respect to applicant personal data can be found at https://jobs.cardinalhealth.com.
4. How do we use personal data?
Cardinal Health uses the Personal Data we collect to render services to you or in order to fulfill a contractual agreement with you when you visit our Site. This includes:
- Establishing an online Cardinal Health account for you at your request;
- Processing online purchase orders, tracking and keeping you informed about the status of your order;
- Determining whether you are a suitable candidate for any open jobs at Cardinal Health;
- Providing customer service (for example, answering your questions or responding to a request);
- Sending you reminders, updates, support, administrative messages, service bulletins, and requested information; and
- Communicating and providing additional information that may be of interest to you about Cardinal Health and our third party business partners at your request;
We use the Personal Data we collect when we have legitimate business reasons to do so, pursued by a third party or us, so long as it is compatible with your rights and expectations of privacy. This includes to:
- Operate, maintain and improve the Site, our services, and our products; • Perform analytics and conduct customer research;
- Validate your ability to access and/or use certain products or services that may only be intended for individuals meeting certain eligibility requirements or criteria, such as health care professionals;
- Allow you to interact with certain third-party content service providers (for example, to enable you to link to, or view content from, third-party sites within our Site, or view our content on a third party site);
- Allow you to participate in interactive features of our Site when you choose to do so;
- Administer online surveys or special offers from us or through our third party business partners;
- Improve our Site, customer service, products and services and overall user experience;
- Enhance other information we have about you to help us better understand you and determine your interests;
- Identify your preferences so can we notify you of new or additional products, services, and promotions that might be of interest to you;
Cardinal Health also has legal grounds to use your Personal Data:
- For fraud prevention, public safety, and enforcement of our corporate reporting obligations and Terms and Conditions,
- To comply with the law, regulation, court order, subpoena or other legal process.
We also may use information collected as described in this Privacy Policy with your “optin” consent where required by law, in order to provide you with information about goods or services we think might interest you. If you do not want us to use your Personal Data, for example, to send you newsletters or directly market our products of services, you can opt out at any time by contacting us at the details in Section 16 below.
Resume Submission: Cardinal Health posts available jobs on the Site and allows you to submit your resume to us. Cardinal Health will ask for your name, street address, phone number, e-mail address, position applied for, education, work experience, and skills. The information and the resume you submit will be used by Cardinal Health only to determine whether you would be a good candidate for the requested job. The information may be saved in our files in case you would be a good candidate for a future job. The information will be shared internally on a need-to-know basis, and will not be given to any third parties other than our service providers who process information on our behalf. You can obtain more information about Personal Data collected for job applicants by visiting our Applicant Privacy Policy
5. What about sensitive personal data?
Sensitive Personal Data (also known as “Special Categories of Personal Data”) as used in the Privacy Policy means information related your race or ethnic origin, political opinions, religion or other beliefs, health, genetic or biometric data, sex life or sexual orientation, criminal background or trade union membership.
Cardinal Health only collects Sensitive Personal Data in the following limited circumstances:
- With your explicit consent;
- To protect the vital interests of you or another person, in cases where you are physically or legally incapable of giving consent;
- Where the processing is necessary for purposes of preventive or occupational medicine, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional; or
- For the establishment, exercise or defense of legal claims, or to the extent permitted and required by applicable law.
Unless otherwise required by applicable law, you are not required to provide us with any of your Sensitive Personal Data when using our Site. Should you choose not to, your decision would not prevent you from using our Site.
6. What other information do we collect?
As with many other websites, as you navigate through and interact with our Site, we may use automatic collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Details of your visits to our Site, including the resources that you access and use on our Site, traffic data, location data, logs, language;
- Date and time of access, frequency, and other communication data;
- Information about your computer and internet connection, including your operating system, host domain, and browser type (for example Internet Explorer); or
- Details of referring websites (URL).
- Determine Site traffic patterns;
- Count the number of Site visits;
- Determine traffic sources so we can measure and improve the performance of our Site;
- Share or sell such information to third parties;
- Help us to know which pages and content are the most and least popular; and
- Determine the frequency and last date of your visit to our Site.
7. Cookies and other technologies
Cookies. We use cookies, web beacons/pixel tags, and other technology (collectively “cookies”) to recognize you when you visit our Site or interact with our emails. “Cookies” are small bits of data cached or stored on your computer based on Internet activity. These cookies may be delivered in a first party or third party context. For example, we may collect information about your browser type and version, operating system, user language, ISP, viewed web pages, links that are clicked, IP address, the presence or absence of “flash” plugs-ins, screen resolution, connection type, sites visited before and after visiting our Site, details about items purchased, and e-mails we send that you open, forward, or click through to our Site.
By collecting this information, we can better understand how you interact with our Site; give you a more personal and optimized online experience by tracking your preferences; improve our Site; fulfill contracts with our business partners; help confirm receipt of and response to our e-mails; and provide more effective customer service. For more information on the cookies we collect and how to disable them, please visit our Cookie Policy and Section 9 below.
Social Media Plug-In. Our Site uses what are called social plugins (“plugins”) from social networks Facebook, Twitter and LinkedIn. These plugins are indicated by the social networks’ respective logos. When you access the Site, your browser establishes a direct connection with the servers of these social networks. The plugin content is transferred by the social network directly to your browser, which then integrates it into the Site.
Integration of the plugin allows the social media networks to receive the information that you have loaded onto the corresponding page of Site. If you are logged in with Facebook, for example, it will be able to assign your visit to your account. An exchange of this information already takes place when you visit our Site, regardless of whether you interact with the plugin or not. If you interact with the plugins, the corresponding information is sent directly to Facebook by your browser and saved there. You can find information how the data is used by the social networks, together with your rights and optional settings to protect your privacy on the social networks websites.
If you do not want social networks to gather data about you via our Site, you must log out on the social network domain before visiting Site. To prevent information being exchanged with the social networks during your visit to our Site, you can opt out of cookies through your browser settings and other tools. For more information, please visit our cookie policy
8. How do we share information?
Cardinal Health is committed to keeping your Personal Data confidential. We do not sell, trade or rent to third parties your Personal Data collected on the Site, except as provided on this Privacy Policy
We may share your Personal Data as required or permitted by law as follows:
- With any Cardinal Health affiliate in the ordinary course of business, who may only use your Personal Data for the purposes described in this Privacy Policy (e.g., to respond to your inquiries about our products and services);
- With our contractors, suppliers and vendors who provide services for us on our behalf, such as processing and fulfilling orders; data analytics and storage; assistance with direct marketing and distribution of e-mails and other communications; fraud prevention services; delivery and logistics; and to accomplish the other purposes for collection described above;
- In the event we or any of our affiliates file for bankruptcy, or where there is a transfer of ownership (or assets) in connection with proposed or consummated corporate reorganizations of Cardinal Health or any of our affiliates, such as actual or potential mergers, acquisitions, or sales of business units;
- To comply with legal orders and government requests, or as needed to support auditing, compliance, and corporate governance functions;
- To combat fraud or criminal activity, and to protect our rights or those of our affiliates, users, and business partners, or as part of legal proceedings affecting Cardinal Health, include to enforce our Terms and Conditions;
- In response to a subpoena, court order, or similar legal process, including to law enforcement agencies, regulators, and courts in the United States and other countries where we operate;
- With your consent.
We also may disclose information we collect automatically:
- For the same reasons we might share Personal Data;
- With third party business partners for their own research and analysis; or
- With third-party advertisers or other vendors to place our advertisements on our Site and on third-party sites, to facilitate targeted content, and to analyze the effectiveness of our advertisements.
Access to your Personal Data is limited by need. Only a restricted number of Cardinal Health employees, and individuals and entities with whom Cardinal Health contracts to carry out business will have access to your Personal Data for the purposes described above
We do not provide your Personal Data to any third party for their own direct marketing purposes. Our third-party advertising partners may, however, may use cookies to collect information about your visit to our Site and other sites. You can learn more about, and opt out of being targeted by certain third-party advertising cookies on Cardinal Health’s Site in by visiting and our Cookie Policy.
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
9. Your choices about how we use and disclose your information
Commercial Emails: You may choose to opt out of receiving commercial e-mails and other educational materials from us about our products and services by following the instructions contained in any of the e-mails we send or by signing into your account and adjusting your e-mail preferences. Please note that even if you unsubscribe from commercial e-mail messages, we may still e-mail you non-commercial e-mails for lawful purposes including, for example, to manage your any account you have with us, respond to your requests, execute agreements with you and manage your transactions on the Site. Please allow us five (5) business days from when the request was received to complete the removal. You may update your account preferences at any time.
If you wish to opt out of receiving offers directly from our third-party business partners, you can follow the instructions in the e-mails that they send you.
EU Users and Commercial Emails: If you are a user based in the EU, we only send you commercial e-mails or other educational materials when we have obtained your explicit prior consent (i.e., opt in), except where we have obtained your e-mail address in the course of a sale or negotiations for a sale of a product or service and where the commercial e-mails are only marketing similar products or services.
Cookies and Tracking: You can disable cookies at any time by adjusting your browser settings. Browsers are different, so refer to instructions related to your browser to learn about cookie-related and other privacy and security settings that may be available.
Please be aware, however, that if you turn off cookies, you will not be able to take full advantage of all of our Site features. For example, we will not be able to recognize you as a registered user to allow you access to your account information. For more information on how to control and disable cookies, please visit our Cookie Policy.
Do Not Track: Currently, we do not alter our data collection and use practices in response to DO NOT TRACK signals.
10. Your rights regarding your personal data
Under applicable data protection law, you may have certain rights with respect to your Personal Data, including the following:
- Access: The right to request access to your Personal Data, which includes the right to obtain confirmation from us as to whether or not Personal Data concerning you is being processed, and where that is the case, access to the Personal Data and information related to how it is processed;
- Rectify or Erase: The right to rectification or erasure of your Personal Data, which includes the right to have incomplete Personal Data completed;
- Restrict: The right to restrict obtain a restriction of processing concerning your Personal Data, which includes restricting us from continuing to process your Personal Data under certain circumstances (e.g., where you contest the accuracy of your Personal Data, for a period enabling us to verify the accuracy of the Personal Data);
- Object: The right to object to the processing of your Personal Data under certain circumstances, including objecting to processing your Personal Data for direct marketing purposes, or objecting to processing your Personal Data when it is done based upon legitimate interests;
- Data Portability: The right to data portability, which includes certain rights to have your Personal Data transmitted from us to another controller; and
- Consent: Where data processing is based on your consent, the right to withdraw consent at any time.
Any requests related to the above rights may be made by sending an e-mail to dpo@cardinalhealth.com. We will respond to your request within a reasonable period of time and in accordance with applicable law.
In certain jurisdictions, you also have the right to lodge a complaint with a supervisory authority.
California Residents. Under California Civil Code section 1798.83, California residents who have an established business relationship with us are entitled to ask us for a notice describing the types of personal customer information we have shared with third parties for those parties’ direct marketing purposes during the preceding calendar year. That notice will identify the categories of information shared with third parties, the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. If you are a California resident and would like to request a copy of this notice, please submit a written request to dpo@cardinalhealth.com.
11. What about the privacy on third-party sites?
Our Site may contain links to other sites that are not owned or controlled by us, such as social networking sites, interactive maps that provide directions to retailers that carry our products or services, and links to retailers’ sites and e-commerce sites that sell our products or services. The Privacy Policy does not address nor do we control or have responsibility for the policies or practices of any third parties or any third-party sites to which this Site links. If you provide any information to such third parties, different rules regarding the collection and use of your Personal Data may apply.
We strongly suggest you review such third party’s privacy policies before providing any data to them. These other sites may send their own cookies or clear GIFs to users, collect data or solicit Personal Data. We cannot control this collection of information. You should contact these entities directly if you have any questions about their privacy practices.
12. What about site security?
Cardinal Health takes appropriate steps to manage the privacy of your Personal Data and the security of the Site. We have implemented commercially reasonable administrative, technical, and physical security controls that are designed to safeguard Personal Data. Still, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, Cardinal Health cannot guarantee that your Personal Data is under absolute security with the existing security technology. If you have any questions about the security of our Site, you can contact us at dpo@cardinalhealth.com.
13. How long do we retain personal data?
Cardinal Health retains your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law or to fulfill a legal obligation. In accordance with applicable law, Cardinal Health will erase your Personal Data when you withdraw your consent (where lawfulness of processing was based on your consent) and there is no other legal ground for the processing.
14. What about children’s privacy?
Cardinal Health does not intend that any portion of its Site will be accessed or used by children under the age of 16, and such use is prohibited. Our Site is designed and intended for adults. By using the Site, you represent that you are at least 18 years old and understand that you must be at least 18 years old.
If you are a parent or guardian of a child under the age of 16 and believe he or she has disclosed Personal Data to us, please contact us at dpo@cardinalhealth.com. A parent or guardian of a child under the age of 16 may review and request deletion of such child’s Personal Data as well as prohibit the use thereof.
15. Is personal data transferred internationally?
Cardinal Health is a global company. In certain cases, your Personal Data will be collected and stored in the United States, and subject to the laws of the United States. If you reside in a country outside the United States, please note that the data protection and privacy laws of the United States may not be as protective as the laws in your country.
In Australia, Cardinal Health is bound by the Privacy Act 1988 (Cth) (Privacy Act) and Australian Privacy Principles (APPs) (collectively “Australian Privacy Laws”). If you are in Australia, you acknowledge and consent to us not being required to take any steps to ensure that overseas recipients (outside of Cardinal Health) of your Personal Data comply with the Australian Privacy Laws. If the overseas recipient handles your Personal Data in breach of the Australian Privacy Laws, we will not be liable, and you will not be able to seek redress under the Act.
Where we transfer data outside of the European Economic Area (“EEA”) to other countries, Cardinal Health ensures that appropriate and suitable safeguards including EU Standard Contractual Clauses are in place for personal data being transferred to countries outside the EEA where an adequate level of protection is not already guaranteed. For more information on our safeguards, contact us at the details provided below. We will take all steps reasonably necessary to ensure that your data is treated securely and subject to appropriate safeguards in accordance with this Privacy Policy and applicable legislation.
16. How to contact us
If you have any questions or comments about our privacy practices or this Privacy Policy, please contact us or our Data Protection Officer by e-mail at dpo@cardinalhealth.com or by direct mail at:
Cardinal Health, Inc.
Ethics and Compliance Department
7000 Cardinal Place, Dublin, Ohio 43017 USA.
[For residents in Germany, Cardinal Health’s data protection officer can be reached at dsb@cardinalhealth.com].