Privacy Notice for MiniMed Solutions

Last Updated: 6 March 2026 

1. Introduction

This Privacy Notice for MiniMed Solutions (the “Notice”) provides information about how Medtronic MiniMed, Inc. and its subsidiaries listed in the Annex 1 (“MiniMed,” “we,” “us,” “our”) collects, uses, and discloses personal information about individuals who use or otherwise interact with our Solutions (collectively “Users,” “Medical Device Users”, “you,” or “your”). This Notice applies to personal information we collect through our medical devices (including insulin pumps, continuous glucose monitor, and Smart insulin Pen), device management software CareLink™ Personal, and other associated services (including product support, education, and online ordering platform), web and mobile applications (including CareLink^TM Connect, MiniMed^TM Mobile App, InPen^TM App, MiniMed Go^TM, and more) used in connection with the medical devices or medical device software and / or other associated services (collectively the “Solutions”).

This Notice is part of CareLink^TM Personal Terms of Use and End User License Agreement for the relevant Solutions (collectively, “Terms of Use”). If you do not agree with this Notice, please do not use our Solutions. 

This Notice should be read together with other MiniMed privacy disclosures that may apply depending on how you interact with us, including our:

• MiniMed Global Privacy Notice
• Cookie Notice (published on the relevant website)
• Data Privacy Framework Policy
• Notice of Privacy Practices (for US Users)
• Consumer Health Data Privacy Policy (for US Users)

Unless otherwise indicated, the MiniMed privacy notices referenced above may be accessed on the MiniMed websites.

Please note this Notice does not apply to personal information we collect about employees, job applicants, independent contractors, or business contacts, including health care professionals.

2. Definitions 

• “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular User or household. Personal information includes “personal data” (or equivalent terms) as that term is defined by applicable privacy laws. 
  
  
• “Vendor” means a service provider, vendor, contractor, or processor which collects, stores, or otherwise handles personal information for us and is bound by certain contractual obligations consistent with applicable laws.
  
  
•  “Third Party” means a person or organization which is not a User, Vendor, or an entity owned or controlled by us.
   

3. Categories of Personal Information We Collect 

We may collect, and in the past 12 months we may have collected, the following categories of personal information in our Solutions: 

• Identifiers, including name, alias, postal address, device serial number, unique personal identifier, online identifiers, Internet Protocol address, mobile advertising ID, email address, account name, signatures, physical characteristics or description, telephone number, or other similar identifiers.
• Financial Information, including bank account number, credit card number, debit card number, or any other financial information that does not allow access or withdrawal of funds. 
• Insurance Information, including insurance policy number or health insurance information.
• Characteristics of Protected Classifications under applicable law, including age, gender, and marital status.
• Commercial Information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
• Information about your food consumption or your personal preferences, including lifestyle, habits, interests, and hobbies you choose to provide to us. 
• Biometric Information, including imagery of the iris, retina, fingerprint.
• Internet or Other Network Information, including browsing history, search history, type of browser and operating system, mobile device name, mobile app usage data, date and time you access our Solutions, pages you have visited, search terms, domain name, and information regarding your interactions with our Solutions. 
• Geolocation Data, including device location that is more granular than a city or town.
• Audio, Electronic, Visual, Thermal, Olfactory, and Similar Information, including call and video recordings.
• Professional or Employment-Related Information, or other similar information.
• Inferences drawn from any of the personal information listed above to create a profile or summary about, for example, an individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
• Sensitive Personal Information, including: 
  • Personal information that reveals your:
    • Social security, driver’s license, state identification card, or passport number;
    • Account log-in in combination with any required security or access code, password, or credentials for allowing access to an account;
    • Precise geolocation that is used or intended to be used to locate you within a small geographic area (less than a radius of 1,850 feet or 565 meters);
    • Racial or ethnic origin, religious or philosophical beliefs, or union membership;
    • Genetic data; or 
    •  Neural data.
• Biometric information processed for the purpose of uniquely identifying you;
• Personal information collected and analyzed concerning your health, including device information, and type of diabetes; 
• Personal information collected and analyzed concerning your sex life or sexual orientation; and Personal information of Users who are minors. 
   

4. How We Use Personal Information  

Depending on locally applicable law, we may collect, process, and disclose, and in the past 12 months may have collected, processed, and disclosed, the personal information listed in Section 3 for the following purposes:

to facilitate account creation and authentication and otherwise manage User accounts in our Solutions

to facilitate and personalize your User journey with us, including linking your CareLink^TM Personal account with your health care provider’s account in the context of your medical treatment, third-party mobile applications to which you have subscribed that are compatible to CareLink^TM Personal.

• to respond to your requests or queries, provide you with technical support in connection with your Solution account and connectivity-related inquiries. 
• to communicate with you and send you communications of an operational nature about our Solutions. 
• to contact you with information that might be of interest to you, including newsletters, surveys, information about clinical trials and about products and services.
• to send alerts to care partners you have chosen to share with via the Solutions. 
• to personalize your access to our Solutions, for example, by telling you about new features that may be of interest to you.
• for analytical purposes and to research, develop and improve programs, products, services and content.
• for network and information security, to prevent and detect fraud and other criminal activities. 
• to protect someone's health, safety or welfare and to comply and enforce our policies and the Terms of Use of the relevant Solutions as necessary for the establishment, exercise, or defense of our legal rights and to protect our rights or property.
• to comply with a law or regulation, court order or other legal process, including to comply with post-market surveillance and vigilance reporting obligations under applicable medical device regulations and to comply with requests from competent authorities. 

We may also aggregate and/or deidentify personal information and analyze those data for analytical, research, statistical, or any other purposes permitted by law. When we do so, we take reasonable measures to ensure that the information cannot be associated with an individual or household, and we maintain and use the information in deidentified form. We will not attempt to reidentify the information, except that we may attempt to reidentify the information solely for the purpose of determining whether our deidentification processes satisfy applicable legal requirements. After it has been deidentified, the information is no longer personal information and is not subject to this Notice.

Please note that, depending on locally applicable law, we may also process personal information via use of automated technologies, including artificial intelligence, for the purposes listed above. To the extent permitted by applicable law, we may also use personal information we collect to train automated technologies we use for the above purposes. However, we do not use automated processing, including profiling, to process personal information subject to this Notice in furtherance of decisions that have legal or similarly significant effects (meaning decisions that results in the provision or denial of financial or lending services, housing, insurance, education enrollment or opportunity, criminal justice, employment opportunities, health-care services, or access to essential goods or services). 
 

5. How We Retain Personal Information 

We retain your personal information for so long as necessary and relevant to fulfill the purposes set out in Section 4 of this Notice. We may also retain your personal information for longer if necessary for a legitimate business purpose, including to satisfy or comply with legal requirements, including compliance and record retention regulations.
 

6. How We Disclose Personal Information 

Depending on locally applicable law, we may disclose, and in the past 12 months may have disclosed, the categories of personal information listed in Section 3 in the following contexts:

• To Our Affiliates. We disclose personal information collected through our Solutions with our affiliates for the purposes listed in Section 4 of this Notice.
  
  
• To Our Vendors. We disclose personal information collected through our Solutions with vendors who act on our behalf. For example, we use vendors to provide information technology and hosting services; postal services, couriers or other freight services to ship products ordered; customer support and communication services; consulting services; survey management services; and legal and professional services. Where our vendors need to have access to User’s personal information, we will (1) select providers who respect privacy and comply with applicable data protection laws; (2) only give them access to the information they need to perform their services; (3) require that they will only use the information for the purposes agreed in our contract with them and protect that information in accordance with applicable data protection laws.
  
  
• To Third Party Marketing & Analytics Providers. We may disclose your personal information to third party marketing and advertising and analytics providers who may process personal information for their own purposes. This primarily includes disclosures of IP addresses and related web browsing information via Cookies.
  
  
• To Third-Party partners. We may disclose personal information collected through our Solutions to third-party partners which manufacture medical devices exclusively for us.
  
  
• To Your Health Care Professional and Providers or Care Partners or Third-Party mobile app Providers. We may disclose personal information to your health care providers or care partners to whom you have directed us to disclose your personal information to in connection with your use of the Solutions.
  
  
• As Described in a Privacy Notice or With Your Consent. We may disclose personal information as described in any privacy notice we provide to you via our Solutions, or with your consent if we obtain it from you in a particular context, to the extent permitted by applicable law.
  
  
• In Aggregate or Deidentified Form. We may aggregate or deidentify the personal information we collect, and we may disclose aggregated and/or deidentified information to our affiliates, vendors and to third parties for our business operational purposes and for any other purposes permitted by applicable law.

We may also disclose personal information in the following contexts:

• As Part of a Business Transfer. Your personal information may be transferred to a successor organization if, for example, we transfer the ownership or operation of the Solutions to another organization, if we merge with or are acquired by another organization, or if we liquidate our assets. In negotiating with a third party about entering into such an arrangement, we may need to disclose your personal information. In such cases, we will take reasonable measures to protect the personal information we disclose, and we will seek assurances that the successor organization’s use of your personal information will still be subject to this Notice and the privacy preferences you have expressed to us.
  
  
• For Compliance with Laws and Protection of Our Rights and the Rights of Others. We may disclose your personal information when we, in good faith, believe disclosure is appropriate to comply with the law, a court order, or a subpoena, including, for example, to competent authorities to comply with our post-market surveillance and vigilance reporting obligations. We may also disclose your personal information to prevent or investigate a possible crime, such as fraud or identity theft; to protect the security of the Solutions; to enforce or apply our Terms of Use or other agreements; or to protect our own rights or property or the rights, property or safety of our users or others.
   

7. Sources of Personal Information 

We may collect the personal information listed in Section 3 from the following sources: 

• Directly From You. We collect the personal information you manually provide when you use our Solutions. For example, we collect personal information when you create an account with us, send us an email, call our call centers, or otherwise interact with us. Please note that if you choose not to provide us with your personal information, we may not be able to provide our Solutions to you or respond to your other requests.
  
  
• From Your Solutions. We collect personal information when medical device data is uploaded from a medical device (e.g. pump, CGM, Smart insulin Pen) into device management software (e.g., CareLink^TM Personal).
  
  
• From Vendors, Third Parties, & Publicly Available Sources. We collect personal information from vendors and from third parties, including your health care provider, who disclose personal information to us, and from publicly available sources. 
  
  
• Via Cookies & Other Tracking Technologies. We collect personal information passively via cookies and other tracking technologies (collectively, “Cookies”). This information typically includes your IP address, mobile advertising ID, and internet and other network information. Cookies are used to collect information for business purposes, such as enabling essential website functions and improving the user experience. We may also use third party Cookies for analytics. Depending on your Internet browser, you may be able to change your settings to block/and or erase cookies from your device. You can check your browser instructions to learn more about these functions. You can also select the “Your Privacy Choices” link in the footer of our websites and use the toggle buttons to accept or reject each type of cookie, and then click “Confirm My Choices.” Note that you will need to set your cookie preferences on each new browser and device from which you access our Solutions. Please also note that our websites do not currently comply with the “Do Not Track” signal. For more information about Cookies, please see the Cookie Notice published on CareLink^TM Personal website.
   

8. How We Protect Personal Information 

We maintain reasonable administrative, physical, and technological measures to protect the confidentiality and security of personal information you submit on or through the Solutions. Unfortunately, no website, app, or database is completely secure or “hacker proof.” We therefore cannot guarantee that your personal information will not be disclosed, misused, or lost by accident or by the unauthorized acts of others. In particular, e-mail sent to or from our websites may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail. 

You also play a big part in protecting the privacy of your personal information. When you create an account, we ask you to select a password that is unique to you. To protect your personal information from unwanted disclosure, you should not give your password to anyone with whom you would not share your personal information. Our Solutions may also log you out after a period of inactivity and require you to log in again. When you are ready to leave the Solutions, always “log off” to help protect the confidentiality of your personal information.
 

9. Children 

Our Solutions are intended for use by individuals under the age of 18 solely under the supervision, consent, and representation of a parent or legal guardian. We do not collect personal information from children under the age of 18. If you believe that a child has submitted personal information on or through our Solutions, please contact us promptly using the contact methods described in the Contact Us Section so that we can take appropriate action.

For more information specific to individuals in the US, please see Section 17.
 

10. Links to Other Sites

Our Solutions may provide links to websites and services operated by third parties. We do not control the content or links that appear on these websites and services, and we are not responsible for their privacy practices. When you visit a third party’s website or use a third party’s services, such use is subject to the third party’s privacy policy and terms of use. We encourage you to review the privacy policy and any applicable terms of use posted on any website you visit or other services you access before providing any personal information to that third party.
 

11. Rights to Your Personal Information

Residents of some jurisdictions may have certain rights to their personal information under applicable data protection law. Those rights may include, subject to certain exceptions: 

• Right of Access: you have the right to confirm what personal information is being processed, obtain information about the processing activities and to receive a copy of your personal information.
  
  
• Right to Rectification: you have the right to request rectification / correction of your personal information where it is inaccurate or incomplete.
  
  
• Right to Erasure: you have the right to request deletion of your personal information.
  
  
• Right to Restriction: you have the right to ask that we restrict or suspend the processing of your personal information in certain contexts.
  
  
• Right to Data Portability: you have the right to request to receive your personal information in a structured, commonly used, and machine-readable format and have the right to transmit that information to another data controller.
  
  
• Right to Object: you have the right to object to the processing of your personal information in certain contexts, including for any direct marketing purposes.
  
  
• Right to Withdraw Consent: to the extent our processing of your personal information is based on your consent, you have the right to withdraw your consent, at any time, without hindrance or cost, to prevent further processing. Please note that withdrawing your consent does not affect the lawfulness of our processing of your personal information based on such consent before the withdrawal.

If you wish to exercise any of your rights, obtain a copy of the safeguards implemented by MiniMed, or if you have any questions about the processing of your personal information in accordance with this Notice, you can make such a request by submitting a request using the contact methods described in the Contact Us Section. We will respond to your request consistent with applicable law.

Please refer to subsequent sections with more information about certain jurisdictions.
 

12. Transfers of Personal Information

Due to the global nature of our business and the operation of our Solutions, personal information we collect may be accessed from, transferred to, stored in, or otherwise processed in countries outside the country or jurisdiction in which you are located, including the United States and other countries in which MiniMed, its affiliates, vendors, or service providers operate.

These transfers may occur, for example, to:

• provide technical or customer support;
• operate, maintain, secure, and improve our Solutions;
• facilitate communications you initiate or features you choose to use (such as sharing information with care partners or health care providers);
• conduct analytics, quality assurance, research, regulatory compliance, or system maintenance; and
• comply with applicable legal or regulatory requirements.

The laws of the countries to which personal information is transferred may not provide the same level of data protection as the laws of your country of residence. Where required by applicable law, we implement appropriate safeguards or rely on permitted transfer mechanisms to protect personal information, and we limit access to personal information to what is necessary for the relevant purpose.

Where feasible and appropriate, we transfer personal information in de‑identified, pseudonymized, aggregated, or anonymized form, including for research, analytics, regulatory, and product improvement purposes.

For individuals located in the European Economic Area, the United Kingdom, or Switzerland, additional information about international data transfers, including applicable safeguards and transfer mechanisms, is provided in Section 16 (Additional Information for Individuals in the EEA, UK, and Switzerland).
 

13. Changes to This Notice 

This Notice describes MiniMed’s current policies and practices with regard to the personal information we collect through the Solutions. We are continually improving and adding to the features and functionality of our Solutions. As a result of these changes (or changes in the law), we may need to update or revise this Notice. Accordingly, we reserve the right to update or modify this Notice at any time. When we do so, we will post the revised version of this Notice behind the link marked “Privacy Notice” in the footer of our websites. If required by applicable law, we will provide you with additional notice if we make a material change to the Notice, for example, by sending you an email or posting a banner on our Solutions. Your continued use of our Solutions after we have posted the revised Notice constitutes your agreement to be bound by the revised Notice.
 

14. Complaints

If you have any concerns regarding how we have processed your personal information, or if you believe we have processed your personal information in violation of applicable laws, please contact us using the methods described in the Contact Us Section, and we will do our best to address your concerns. You may also lodge a complaint with the data protection authority in your country of residence, if applicable.
 

15. Contact Us 

The contact information below applies to all privacy-related inquiries, requests to exercise data protection rights, questions about applicable privacy notices referenced in this Notice, and complaints, unless otherwise required by applicable law.

If you have any questions about this Notice or our privacy practices, you may submit a request here, contact us via email at privacyoffice@minimed.com, or use the information in Annex 1, or the information below: 

Medtronic MiniMed, Inc.

ATTN: MiniMed Privacy, Legal Department

18000 Devonshire Street

Northridge, CA 91325-1219 

1-800-646-4633

16. Additional Information for Individuals in the EEA, UK, and Switzerland 

This Section 16 provides additional disclosures applicable to individuals located in the European Economic Area (“EEA”), United Kingdom (“UK”), and Switzerland.

a. Data Controller. The data controller for the processing of your personal information is the MiniMed entity established in the country in which you are located. For more information and to find the contact information for the entity that is the controller of your personal information, please see Annex 1 below or contact us using the details provided in the Contact Us Section.

If you choose to share your personal information with healthcare professionals in context of your medical treatment or other parties external to MiniMed, they will be    solely responsible for their own use, or further processing, of your personal information. For information regarding the processing of your personal information and your    rights, including when sharing with healthcare professionals based outside your country, please consult with your healthcare professional.

b. Legal Basis. We rely on the following legal bases to process your personal information under the GDPR and UK GDPR: 

• With your consent (GDPR Art. 6(1)(a)). Where processing is based on your consent, you have the right to withdraw that consent at any time.
  • In accordance with the laws applicable in your country, we may ask you to “opt-in” or consent to receive communications regarding products and services that we believe may be of interest to you. If at any time you decide not to receive any marketing communications, you will be given the option to opt-out following the procedure provided in any relevant message you receive from us. Alternatively, you can contact us using the methods described in the Contact Us Section. 
  • to collect personal information passively via Cookies.
     
• With your explicit consent (GDPR Art.9(2)(a)), for the following processing activities:
  • To generate reports based on your health-related data that can be used to track your personal progress and trends in relation to your diabetes therapy management solution.
  • To aggregate health-related personal information in a way that does not directly identify anyone. We will use this information to create internal reports to further research and develop new products and services and improve existing products and services, and/or to develop materials presented at conferences and to health care providers and public authorities to demonstrate product performance or enable MiniMed to improve training, education and support programs. 
  • Where applicable, to enable the linking of User’s CareLink^TM Personal account with: 
    • the CareLink^TM account used by the User’s healthcare professional in context of medical treatment 
    • third-party mobile application(s) to which User has subscribed and that are compatible to CareLink^TM Personal, and/or 
    • with User’s InPen^TM App account if you use a MiniMed standalone CGM
  • Where required by your local law, to collect your personal information and information about medical device (e.g. serial number) to provide you with technical support and training.
     
• When the processing is necessary for the performance of a contract with you (GDPR Art. 6(b))
  
  
• When the processing is necessary for the compliance of a legal obligation to which MiniMed is subject (GDPR Art. 6(1)(c)).
  
  
• When the processing is necessary in order to protect the vital interest of a natural person (GDPR Art. 6(1)(d).
  
  
• When the processing is necessary for our legitimate interests, for example for the following processing activities:
  • managing our business and providing our products and services (e.g., where applicable, delivery of technical support as well as technical and educational training), 
  • communicating with our Users (e.g., planned outages or updates, alerts to Care Partners when using CareLink^TM Connect), 
  • improving the User experience (e.g. by making User’s personal information (such as your credentials, contact information and/or preferences) available across the Solutions, in order to facilitate and personalize User’s journey with MiniMed, where relevant, 
  • developing and improving our products and services based on processing of aggregate personal information to a level where Users are no longer directly identifiable,
  • ensuring our systems and services are secure, exercising our legal rights, and complying with legal and regulatory obligations (GDPR Art. 6(1)(f)) to prevent and detect fraud and other criminal activities, and to comply and enforce our policies and the Terms of Use / End User License Agreement of the relevant Solution(s) as necessary for the establishment, exercise, or defense of our legal rights.

We only collect and process sensitive personal information if such processing is allowed or required under applicable law. In addition, we only process such sensitive personal information where (in addition to having a legal basis as set out above) it is necessary for the establishment, exercise, or defense of legal claims, where it is necessary for reasons of public interest in the area of public health (such as ensuring high standards of quality and safety of medicinal products), where we have obtained your explicit consent to process such data, or where we are required or allowed to do so under EU member state, UK, or Swiss data protection law, as applicable. 

c. Transfers of Your Personal Information Outside the EEA, UK, or Switzerland. 

We store your personal information on servers located in the EEA, but we may also transfer your personal information to our affiliates and/or vendors and third parties located outside the EEA, UK, and Switzerland, including in the United States of America. Those countries may not provide an adequate level of protection in relation to the processing of your personal information. We will ensure that there are appropriate safeguards in place to protect your personal information as required by applicable laws. We will ensure appropriate safeguards are in place to protect the privacy and integrity of personal information transferred outside of the EEA, UK, and Switzerland, including by executing data transfer agreements based on the European Commission’s Standard Contractual Clauses and/or the UK Information Commissioner’s Data Transfer Addendum. You can obtain information concerning such safeguards, including obtaining a copy of the standard contractual clauses, by using the information detailed in the Contact Us Section.

Medtronic MiniMed, Inc. and MiniMed Distribution Corporation also participate in the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as established by the U.S. Department of Commerce (collectively, the “DPF). For more information about our participation in the DPF, please view our Data Privacy Framework Policy listed in Section 1. 

d. Data Protection Office and Data Representatives.

If you have any questions about this Notice, please contact our data protection officer using the information detailed in the Contact Us Section. 
 

17. Additional Information for US Residents and US Residents in Certain US States

Users located in the U.S. may have certain rights with respect to the collection, processing, and disclosure of their personal information. For more information, please refer to the additional notices detailed in Section 1. 

This Section 17 provides additional disclosures to residents in states with comprehensive privacy legislation that applies to MiniMed (“U.S. Privacy Laws”). 

a. Sale & Sharing of Personal Information 

Under certain state privacy legislation in the United States that applies to MiniMed (“U.S. Privacy Laws”), “Sell,” “Sale,” or “Sold” means renting, releasing, or transferring an individual’s personal information to a Third Party for money or other valuable consideration, and “Share,” “Shared,” or “Sharing” means transferring an individual’s personal information to a Third Party for cross-context behavioral advertising or targeted advertising purposes, whether or not for money or other valuable consideration. “Share,” “Shared,” or “Sharing” includes processing of personal information for targeted advertising, as the term “targeted advertising” is defined by the U.S. Privacy Laws. Accordingly, we Sell and Share and in the past 12 months have Sold and Shared, identifiers, such as IP addresses and other device identifiers, internet or other electronic network activity information, and inferences to third party marketing and analytics providers for advertising and marketing, including interest-based marketing, and analytics purposes. We Sell and Share these categories of personal information for marketing and analytics purposes to marketing and analytics providers. Further, because this disclosure of personal information to third party marketing and analytics providers could potentially suggest that you have a particular health condition or are using a particular medical device, we provide the following notice for compliance with the U.S. Privacy Laws:

NOTICE: We may sell your sensitive personal information. 

We do not Sell, Share, or process for targeted advertising purposes personal information that we collect outside of the cookie and online tracking context. Residents of certain US states, including California, have the right to opt out of the Sale and Sharing of your personal information and the processing of your personal information for targeted advertising purposes. To do so, click the cookie notice button on our websites and click select your preferences.

We do not have actual knowledge that we Sell or Share personal information of Users who are under 16 years of age.

b. Children Under the Age of Thirteen

Certain Solutions may be available to minors, including minors under the age of 13 (“Children” or “Child”). Our collection of personal information from Children is intended to follow the principles of applicable children’s data protection laws including, but not limited to, the Children’s Online Privacy Protection Act (“COPPA”). Where required by applicable law, we will obtain parental consent before collecting personal information of Children, except to the extent the personal information is collected solely for the purpose of obtaining parental consent, in which case we will only use such personal information for the purposes of obtaining parental consent.

We may collect, use, disclose, and retain personal information of Children as described in Section 3, Section 4, Section 5, Section 6 of this Notice. We do not make personal information collected from Children publicly available nor do we enable Children to do so on our Solutions. We do not condition a Child’s use of our Solutions on the disclosure of more personal information than is reasonably necessary to use our Solutions. 

Depending on applicable law, parents or guardians of Children who use our Solutions may review their Child’s personal information, request that we delete their Child’s personal information and refuse to permit our further collection of their Child’s personal information and may do so by using the methods described in the Contact Us Section.

c. Your Rights 

Rights that Require Verification 

• Right to Know: You may request that we provide you with the following information about how we have handled your personal information:

The categories of personal information we collected about you; 

• The categories of sources from which we collect such personal information;
  • The business or commercial purpose for collecting, Selling, or Sharing the personal information we collected about you;
  • The categories of personal information about you that we Shared, Sold, or disclosed; and
  • The categories of Third Parties with whom we Sold, Shared, or disclosed the personal information collected about you.
  • Residents of Minnesota and Oregon also have the right to obtain a list of the specific Third Parties to whom we have disclosed personal information.
     
• Right to Deletion: You may request that we delete any personal information we maintain about you.
  
  
• Right to Correction: You may request that we correct any inaccurate personal information we maintain about you. Please note this right does not apply to Iowa and Utah residents.
  
  
• Right to Access Specific Pieces of Personal Information and Data Portability: You may ask to obtain the specific pieces of personal information we have collected about you in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the personal information to another entity without hindrance. You may not exercise this right more than two times in a calendar year. 

Exercising the Rights to Know, Deletion, Correction, Access Specific Pieces of PI, and Data Portability: You can make such a request using the methods described in the Contact Us Section. To verify your identity, we will match the information provided in the request to the information we have in our records. If necessary, we may ask the requestor to provide additional information to verify your identity and confirm that the request is valid. Depending on your state of residence, you may also authorize an agent to submit a request on your behalf. Authorized agents may submit a request in the same manner as a User, as listed above. We may also ask authorized agents to provide a copy of the User’s signed permission authorizing the agent to submit requests on the individual’s behalf. In some instances, we may decline to honor your request if an exception applies under applicable law. We will respond to your request consistent with applicable law.

Rights that Do Not Require Verification 

• Right to Opt-Out of Sale, Sharing, and Processing for Targeted Advertising: You have the right to opt out of the Sale and Sharing of your personal information and the processing of your personal information for targeted advertising. To exercise this right, click the cookie notice button on our websites and click select your preferences. Authorized agents may also submit requests via these methods, where permitted by U.S. Privacy Laws.
  
  
• Limit the Use of Your Sensitive Personal Information: We process sensitive personal information for the purposes listed in Section 4 of this Notice, which includes purposes beyond those strictly permitted by the CCPA regulations. Accordingly, California residents have the right to limit the use of their sensitive personal information to the purposes permitted by the CCPA. To exercise this right, click the cookie notice button on our websites and click select your preference. Authorized agents may also submit requests via these methods, where permitted by U.S. Privacy Laws.
  
  
• Right to Revoke Consent: You have the right to revoke any consent you previously provided for the processing of your personal information. You can make such a request by using the methods described in the Contact Us Section. Authorized agents may also submit requests via these methods, where permitted by U.S. Privacy Laws.
  
  
• As described above, we do not engage in Profiling or automated decision making that have legal or similarly significant effects. But if we did, you would have the right to opt out of the profiling of data in furtherance of solely automated decisions that have legal effects or similarly significant effects concerning Users.

Opt-Out Preference Signals: We recognize opt-out preference signals that we are required to recognize for compliance with applicable law. Where required by U.S. Privacy Laws, we treat such opt-out preference signals as a valid request to opt-out of Sale, Sharing, and processing for purposes of targeted advertising, as applicable, for the browser or device through which the signal is sent and any User profile we have associated with that browser or device, including pseudonymous profiles. Further, if we know the identity of the User from the opt-out preference signal, we will also treat the opt-out preference signal as a valid request to opt out of sale and sharing for such User. Users may use opt-out preference signals by downloading or otherwise activating them for use on supported browsers and setting them to send opt-out preference signals to websites they visit. However, our sites do not respond to the “Do Not Track” signal, which is different from the opt-out preference signals described above. 

Non-Discrimination: You have the right not to receive discriminatory treatment for the exercise of these rights. MiniMed will not discriminate or retaliate against you for exercising your rights under this Notice.

Appeals: Residents of certain states have the right to appeal our decisions on their data subject requests. This section does not apply to California or Utah consumers, or to residents who reside in other states where the applicable U.S. Privacy Law does not give them the right to appeal controllers’ decisions regarding data subject rights. To appeal our decision on your data subject requests, you may contact us using the methods described in the Contact Us Section. Please enclose a copy of or otherwise specifically reference our decision on your data subject request, so that we may adequately address your appeal. We will respond to your appeal in accordance with applicable law.

d. Other Disclosures 

• California Residents Under Age 18: If you are a resident of California under the age of 18 and a registered user of our Solutions, you may ask us to remove content or data that you have posted to the Solutions by mailto:privacyoffice@medtronic.comusing the methods described in the Contact Us Section. Please note that your request does not ensure complete or comprehensive removal of the content or data, as, for example, some of your content or data may have been reposted by another user.
  
  
• Disclosure About Direct Marketing for California Residents: California Civil Code § 1798.83 permits California residents to annually request certain information regarding our disclosure of personal information to other entities for their direct marketing purposes in the preceding calendar year. To make such a request, contact us via the methods detailed in the Contact Us Section with the subject “Shine the Light Request.”
  
  
• Financial Incentives and Bona Fide Loyalty Programs for California and Colorado Users:  We do not provide financial incentives to California consumers or bona fide loyalty programs to Colorado consumers who allow us to collect, retain, Sell, or Share their personal information. We will describe such programs to you if and when we offer them to you.
  
  
• Disclosure for Nevada Users: We may sell “Covered Information” as defined under Nevada law, but we generally do not disclose, or share “Personal Information” as defined under Nevada law for commercial purposes. Under Nevada law, you have the right to direct us to not sell your Covered Information to third parties, as defined under Nevada law. To exercise this right, if applicable, you or your authorized representative may contact us using the methods described in the Contact Us Section.

18. Additional Information for Individuals in Australia or New Zealand

This Section 18 provides additional information for individuals located in Australia or New Zealand, as required under the Australian Privacy Act 1988 (Cth) and the New Zealand Privacy Act 2020.

If you are located in Australia or New Zealand and have a concern or complaint about how we have handled your personal information, you may submit a privacy complaint using the contact details set out in the Contact Us Section or in Annex 1. We will investigate your complaint and respond within a reasonable period. If you are not satisfied with our response, you may lodge a complaint with the relevant regulator:

• Australia: Office of the Australian Information Commissioner (OAIC) – https://www.oaic.gov.au
• New Zealand: Office of the Privacy Commissioner (OPC) – https://www.privacy.org.nz
   

19. Additional Information for Individuals in Japan

This Section 19 provides additional information for individuals located in Japan, in accordance with the Act on the Protection of Personal Information (APPI).

Where personal information is jointly used with our affiliates listed in Annex 1, such joint use is conducted as follows:

• Categories of personal information jointly used: the categories described in Section 3 of this Notice
• Scope of joint users: the affiliates listed in Annex 1
• Purpose of joint use: the purposes described in Section 4 of this Notice
• Entity responsible for the management of personal information: Medtronic MiniMed, Inc., with contact details set out in the Contact Us Section of this Notice 

Annex 1 MiniMed Subsidiaries & Affiliates

Below is the list of companies that are its affiliates and subsidiaries of Medtronic MiniMed, Inc. and which can be contacted for inquiries, comments, or complaints.

MiniMed Entity	Address
Medtronic MiniMed, Inc.	18000 Devonshire Street, Northridge, CA 91325
MiniMed Distribution Corp.	18000 Devonshire Street, Northridge, CA 91325
MiniMed Australia Pty Ltd.	Tower One - International Towers Sydney Level 46, 100 Barangaroo Avenue Sydney, AU NSW 2000
MiniMed Te Austria GmbH	Schottenring 25 Vienna, AT  1010
MiniMed Canada ULC	Suite 2700 Stantec Tower 10220 – 103 Avenue NW, Edmonton Alberta, CA  T5J0K4
MiniMed Denmark ApS	C/O Bech-Bruun, Gdanskgade 18 Nordhavn, DK  2150
NPB Finland Oy	c/o Waselius & Wist Eteläesplanadi 24 A, 4th Floor Helsinki, FI  00130
MiniMed France S.A.S.	9, boulevard Romain Rolland  Paris, FR  75014
NPB Germany GmbH	Earl Bakken Platz 1  Meerbusch, DE  40670
MiniMed Hellas Single Member LLC	2-4, Mesogeion Avenue  Athens, GR  115 27
MiniMed Technologies Ireland Limited	10 Earlsfort Terrace  Dublin, IE  D02 T380
MiniMed Italy S.R.L.	Piazza Filippo Meda 3 Cap Milan, IT  20121
NPB Belgium B.V.	Burgemeester Etienne Demunterlaan 5, Jette, BE 1090
MiniMed Japan G.K.	c/o Baker & McKenzie (Gaikokuho Joint Enterprise) Ark Hills Sengokuyama Mori Tower 28F, 1-9-10 Roppongi, Minato-ku Tokyo, JP
MiniMed Holding B.V.	Earl Bakkenstraat 10  Heerlen, NL  6422 PJ
MiniMed Netherlands B.V.	Earl Bakkenstraat 10  Heerlen, NL  6422 PJ
MiniMed Norway AS	Hoffsveien 1A  Oslo, NO  0275
MiniMed Portugal, Unipessoal Lda	Rua Tomás da Fonseca Torre E - 11º andar Lisboa, PT  1600-209
MiniMed Puerto Rico Operations LLC	Ochoa Building, 500 Calle de la Tance Suite 514 San Juan, PR  00901
MiniMed Spain S.L.U.	C/ MARÍA DE PORTUGAL 11  MADRID, ES  28050
MMed Sweden AB	c/o Baker & McKenzie Advokatbyrå KB Box 180 Stockholm, SE  101 23
MiniMed Holdings Switzerland Sàrl	Route du Molliau 31  Tolochenaz, CH  1131
MiniMed International Trading Sàrl	Route du Molliau 31,  Tolochenaz, CH  1131
MiniMed (UK) Limited	C/O Company Secretarial Department 280 Bishopsgate London, GB  EC2M 4AG
Medtronic Diabetes (Chengdu) Co., Ltd.	4th Floor, Building 3, No. 58 Tianqin East Street, West District,, High-Tech Zone, Chengdu, Sichuan, CN 610000, China
MiniMed Philippines, Inc.	Unit 2901 and Unit 3001 One World Place, 32nd Street, Bonifacio Global City, Taguig City, Metro Manila, PH 1634, Philippines
Medtronic MiniMed India Private Limited	Survey No. 206/2, CTS No. 78 To 85, Viman Nagar (Lohegoan), 3rd Floor Tower A, Panchshil Business Park, Viman Nagar, Pune, Maharashtra, IN 411014, India
Medtronic Holdings Korea Ltd	20th Floor (Glass Tower, Daechi-dong), 534, Teheran-ro, Gangnam-gu, Seoul, KR , Korea, Republic Of