The California Consumer Privacy Act, as amended by the California Privacy Rights Act, and its implementing regulations (collectively, the “CCPA”), gives California residents certain rights and requires businesses to make certain disclosures regarding their Collection, use, and disclosure of Personal Information. This California Applicant & Employee Privacy Notice (the “Notice”) provides such notice to Novo Nordisk’s (“we,” “us,” “our”) California job applicants (“Applicants”) and California employees, independent contractors, and other individuals who interact with Novo Nordisk in an employment-related capacity (collectively, “Employees”).

Please note that this Notice only addresses Novo Nordisk’s Collection, use, and disclosure of Personal Information Collected in an employment-related context and only applies to residents of California. This Notice does not apply to individuals who are residents of other U.S. states or other countries and/or who do not interact with Novo Nordisk in an employment-related context. For further details about our privacy practices pertaining to non-Applicant/Employee Personal Information, please see our Privacy Policy and our State-Specific Supplemental Notice.

All companies need to collect and disclose Applicant and Employee Personal Information for everyday business purposes, hiring and employee management, and maintenance of the safety, security, and integrity of personnel and assets, among other reasons. This Notice describes our practices regarding the Collection, use, and disclosure of Applicant and Employee Personal Information and provides instructions for submitting data subject requests. This Notice is broader in scope than the Novo Nordisk Privacy Policy because it provides details about the Personal Information we Collect from and about Applicants and Employees through online and offline interactions.

As an Applicant or Employee, you have the right to know what categories of Personal Information Novo Nordisk Collects, uses, discloses, Sells, and Shares about you. This Policy provides that information and other disclosures required by California law.

Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or household. Personal Information includes “Sensitive Personal Information,” as defined below, except where otherwise noted.

Sensitive Personal Information” means Personal Information that reveals a Consumer’s social security, driver’s license, state identification card, or passport number; account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious beliefs, or union membership; contents of email or text messages; and genetic data. Sensitive Personal Information also includes Processing of biometric information for the purpose of uniquely identifying a Consumer and Personal Information Collected and analyzed concerning a Consumer’s health, sex life, or sexual orientation.

Other CCPA Definitions: As used in this Notice, the terms “Collect,” “Processing,” “Service Provider,” “Third Party,” “Sale,” “Share,” “Consumer,” and other terms defined in the CCPA and their conjugates, have the meanings afforded to them in the CCPA, whether or not such terms are capitalized herein, unless contrary to the meaning thereof.

Collection of Applicant Personal Information. We, and our Service Providers, Collect the following categories of Personal Information about Applicants. Depending on the status of an Applicant, we may collect different forms of data and not all types of data are collected for all Applicants. We also have Collected and Processed the following categories of Personal Information about Applicants in the preceding 12 months:

    (1)   Identifiers, such a real name, preferred name, postal address, unique personal identifier, online identifier, internet protocol (IP) address, or other similar identifiers;

    (2)   Contact and financial information, including phone number, address, email address, bank account information;

    (3)   Characteristics of protected classifications under state or federal law, such as data of birth, gender, race, or self-identified physical or mental health conditions;

    (4)   Non-Individualized Geolocation data;

    (5)   Audio, electronic, visual, or similar information, such as a profile photograph (if self-identified);

    (6)   Professional or employment-related information, such as work history and prior employer;

    (7)   Education information, such as academic information and records;

    (8)   Inferences drawn from any of the information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, abilities, and aptitudes. (e.g., predications about an individual’s preferences or tendencies);

    (9)   Individual’s written signatures; and

    (10)  Sensitive Personal Information, including Personal Information that reveals:

        a.    Social security, driver’s license, state identification card, or passport number; or

        b.    Racial or ethnic origin, religious or philosophical beliefs, or union membership;

Categories of Applicant Personal Information We Disclose to Service Providers & Third Parties

We have disclosed the following categories of Applicant Personal Information to Service Providers and Third Parties for a business purpose in the past twelve months:

    (1)   Identifiers, such a real name, alias, postal address, unique personal identifier, online identifier, internet protocol (IP) address, or other similar identifiers;

    (2)   Contact and financial information, including phone number, address, email address, bank account information;

    (3)   Characteristics of protected classifications under state or federal law, such as data of birth, gender, race, or self-identified physical or mental health conditions;

    (4)   Non-individualized Geolocation data;

    (5)   Audio, electronic, visual, or similar information, such as profile photograph (if self-identified);

    (6)   Professional or employment-related information, such as work history and prior employer;

    (7)    Education information, such as academic information and records;

    (8)   Inferences drawn from any of the information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, abilities, and aptitudes. (e.g., predications about an individual’s preferences or tendencies);

    (9)   Individuals’ written signatures; and

    (10)  Sensitive Personal Information, including Personal Information that reveals:

        a.    Social security, driver’s license, state identification card, or passport number; or

        b.    Racial or ethnic origin, religious or philosophical beliefs, or union membership;

Purposes for Processing Applicant Personal Information

We, and our Service Providers, Collect and Process Applicant Personal Information (excluding Sensitive Personal Information) described in this Policy to:

  • Evaluate a potential Employee relationship with you;
  • Perform background checks and verify past employment, educational history, professional standing, and other qualifications;
  • Evaluate, determine, and arrange compensation, payroll, and benefits;
  • Assess your fitness and physical capacity for work; and
  • Contact you regarding your application and potential Employee relationship with us.

In addition to the purposes identified above, Novo Nordisk may use and disclose any and all Applicant Personal Information that we Collect as necessary or appropriate to:

  • Comply with laws and regulations, including, without limitation, applicable tax, health and safety, anti-discrimination, immigration, labor and employment, and social welfare laws;
  • Monitor, investigate, and enforce compliance with and potential breaches of Novo Nordisk policies and procedures and legal and regulatory requirements;
  • Comply with civil, criminal, judicial, or regulatory inquiries, investigations, subpoenas, or summons; and
  • Exercise or defend the legal rights of Novo Nordisk and its employees, affiliates, customers, contractors, and agents.

Collection of Employee Personal Information. (This information may be updated from time to time). We, and our Service Providers, Collect the following categories of Personal Information about Employees. We also have Collected and Processed the following categories of Personal Information about Employees in the preceding 12 months:

    (1)   Identifiers, such a real name, alias, preferred pronouns, postal address, unique personal identifier, online identifier, internet protocol (IP) address, or other similar identifiers;

    (2)   Contact and financial information, including phone number, address, email address;

    (3)   Characteristics of protected classifications under state or federal law, such as data of birth, gender, race, or self-identified physical or mental health conditions;

    (4)   Internet or other electronic network activity information, such as browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement;

    (5)   Audio, electronic, visual, or similar information, such as a profile photograph;

    (6)   Professional or employment-related information, such as work history and prior employer;

    (7)   Education information, such as academic information and records;

    (8)   Inferences drawn from any of the information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, abilities, and aptitudes. (e.g., predications about an individual’s preferences or tendencies);

    (9)   Individuals’ written signatures; and

    (10)  Sensitive Personal Information, including Personal Information that reveals:

        a.    Social security, driver’s license, state identification card, or passport number; or

        b.    Racial or ethnic origin, religious or philosophical beliefs, or union membership;

Categories of Employee Personal Information We Disclose to Service Providers & Third Parties

We have disclosed the following categories of Employee Personal Information to Service Providers and Third Parties for a business purpose in the past twelve months:

    (1)   Identifiers, such a real name, alias, postal address, unique personal identifier, online identifier, internet protocol (IP) address, or other similar identifiers;

    (2)   Contact and financial information, including phone number, address, email address;

    (3)   Characteristics of protected classifications under state or federal law, such as data of birth, gender, race, or self-identified physical or mental health conditions;

    (4)   Internet or other electronic network activity information, such as browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement;

    (5)   Audio, electronic, visual, thermal, olfactory, or similar information, such as a recording of a customer service call or profile photograph;

    (6)   Professional or employment-related information, such as work history and prior employer;

    (7)   Education information, such as academic information and records;

    (8)   Inferences drawn from any of the information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, abilities, and aptitudes. (e.g., predications about an individual’s preferences or tendencies);

    (9)   Individuals’ written signatures; and

    (10)  Sensitive Personal Information, including Personal Information that reveals:

        a.    Social security, driver’s license, state identification card, or passport number; or

        b.    Racial or ethnic origin, religious or philosophical beliefs, or union membership;

Purposes for Processing Employee Personal Information

We, and our Service Providers, Collect and Process Employee Personal Information (excluding Sensitive Personal Information) described in this Policy to:

  • Manage your Employee relationship with us;
  • Manage and provide compensation, payroll, tax, and benefits planning, enrollment, and administration;
  • Provide you access to Novo Nordisk systems, networks, databases, equipment, and facilities;
  • Manage our workforce and its performance, including personnel planning, productivity monitoring, and evaluation;
  • Manage workforce development, education, training, and certification;
  • Monitor, maintain, and secure Novo Nordisk systems, networks, databases, equipment, and facilities;
  • Authenticate your identity and verify your access permissions;
  • Arrange, confirm, and monitor work-related travel, events, meetings, and other activities;
  • Assess your working capacity or the diagnosis, treatment, or care of a condition impacting your fitness for work, and other preventative or occupational medicine purposes (including work-related injury and illness reporting);
  • Contact and communicate with you regarding your employment, job performance, compensation, and benefits, or in the event of a natural disaster or other emergency;
  • Contact and communicate with your designated emergency contact(s) in the event of an emergency, illness, or absence; and
  • Contact and communicate with your dependents and designated beneficiaries in the event of an emergency or in connection with your benefits.

In addition to the purposes identified above, Novo Nordisk may use and disclose any and all Employee Personal Information that we Collect as necessary or appropriate to:

  • Comply with laws and regulations, including, without limitation, applicable tax, health and safety, anti-discrimination, immigration, labor and employment, and social welfare laws;
  • Monitor, investigate, and enforce compliance with and potential breaches of Novo Nordisk policies and procedures and legal and regulatory requirements;
  • Comply with civil, criminal, judicial, or regulatory inquiries, investigations, subpoenas, or summons; and
  • Exercise or defend the legal rights of Novo Nordisk and its employees, affiliates, customers, contractors, and agents.

Sale & Sharing of Personal Information: We do not Sell or Share any of the categories of Applicant or Employee Personal Information listed in Sections C & D, and we have not Sold or Shared any of the categories of Applicant or Employee Personal Information listed in Sections C & D in the past twelve months.

However, we do Sell and Share Personal Information we Collect from Consumers who are not Applicants or Employees. For more details and to opt-out of the Sale and/or Sharing of any Personal Information we have Collected from you as a California Consumer in a non-employment related capacity, please see our State-Specific Supplemental Notice.

We Collect Personal Information directly from Applicants and Employees, including Personal Information about Employees’ beneficiaries or dependents. We also Collect Personal Information from joint marketing partners; public databases; providers of demographic data; publications; professional organizations; educational institutions; social media platforms; Service Providers and Third Parties that help us screen and onboard individuals for hiring purposes; and Service Providers and Third Parties when they disclose information to us.

We, and our Service Providers, Collect and Process the Sensitive Personal Information described in this Notice only for:

  • Performing the services or providing the goods reasonably expected by an average Consumer who requests those goods or services;
  • Ensuring security and integrity to the extent the use of the Consumer's Personal Information is reasonably necessary and proportionate for these purposes;
  • Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a Consumer's current interaction with us; provided that we will not disclose the Consumer's Personal Information to a Third Party and or build a profile about the Consumer or otherwise alter the Consumer's experience outside the current interaction with the business;
  • Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf; and
  • Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.

Affiliates & Service Providers. For each category of Applicant & Employee Personal Information listed in Sections C & D, we disclose such information to our affiliates and Service Providers for the purposes described in this Notice (see "Purposes for Processing Applicant Personal Information” and “Purposes for Processing Employee Personal Information,” above). Our Service Providers provide us with services for our websites, as well as other products and services, such as web hosting, data analysis, payment processing, order fulfillment, customer service, infrastructure provision, technology services, email delivery services, credit card processing, legal services, and other similar services. We grant our Service Providers access to Personal Information only to the extent needed for them to perform their functions, and we require them to protect the confidentiality and security of such information.

Third Parties. For each category of Applicant & Employee Personal Information listed in Sections C & D, we disclose such information to the following categories of Third Parties:

  • At Your Direction. We may disclose your Personal Information to any Third Party with your consent or at your direction. In the case of marketing materials or events in or at which you have consented to appear, this includes disclosure of your Personal Information to the general public.
  • Business Transfers or Assignments. We may disclose your Personal Information to other entities as reasonably necessary to facilitate a merger, sale, joint venture or collaboration, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
  • Legal and Regulatory. We may disclose your Personal Information to government authorities, including regulatory agencies and courts, as reasonably necessary for our business operational purposes, to assert and defend legal claims, and otherwise as permitted or required by law.

Exercising Data Subject Rights. You may exercise your data subject rights by contacting our Privacy Office at NNIPrivacy@novonordisk.com, by calling (888) 870-3901, or by clicking here. You may also authorize an agent to make data subject requests on your behalf via the above methods. When you submit a data subject request, please indicate the type of request you are making, so that we may properly process and respond to your request in accordance with applicable law.

Verification of Data Subject Requests. We value the security and confidentiality of your Personal Information. Depending on the type of data subject request you submit, we may ask you to provide information that will enable us to verify your identity before complying with the request. We verify requests carefully and in accordance with applicable law. In particular, if you authorize an agent to make a request on your behalf, we may require the agent to provide proof of signed permission from you to submit the request, or we may require you to verify your own identity to us or confirm with us that you provided the agent with permission to submit the request. In some instances, we may decline to honor your request if an exception applies under applicable law. We will respond to your request consistent with applicable law.

Non-Discrimination. We will not discriminate against you for exercising your data subject rights. For example, we will not deny goods or services to you, or charge you different prices or rates, or provide a different level of quality for products or services as a result of you exercising your data subject rights.

As an Applicant or Employee, you have the following rights under the CCPA with respect to your Personal Information, subject to certain exceptions:

Right to Receive Information on Privacy Practices: You have the right to receive the following information at or before the point of Collection:

  • The categories of Personal Information to be Collected;
  • The purposes for which the categories of Personal Information are Collected or used;
  • Whether or not that Personal Information is Sold or Shared;
  • If the business Collects Sensitive Personal Information, the categories of Sensitive Personal Information to be Collected, the purposes for which it is Collected or used, and whether that information is Sold or Shared; and
  • The length of time the business intends to retain each category of Personal Information, or if that is not possible, the criteria used to determine that period.

We have provided such information in this Notice, and you may request further information about our privacy practices by contacting us as at the contact information provided above.

Right to Deletion: You may request that we delete any Personal Information about you we that we Collected from you.

Right to Edit: You may request that we edit any inaccurate Personal Information we maintain about you.

Right to Know: You may request that we provide you with the following information about how we have handled your Personal Information:

  • The categories of Personal Information we Collected about you;
  • The categories of sources from which we Collected such Personal Information;
  • The business or commercial purpose for Collecting Personal Information about you;
  • The categories of Personal Information about you that we Shared or disclosed and the categories of Third Parties with whom we Shared or disclosed such Personal Information; and
  • The specific pieces of Personal Information we have Collected about you.

Right to Receive Information About Onward Disclosures: You may request that we disclose to you:

  • The categories of Personal Information that we have Collected about you;
  • The categories of Personal Information that we have Sold or Shared about you and the categories of Third Parties to whom the Personal Information was Sold or Shared; and
  • The categories of Personal Information we have disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.

Right to Non-Discrimination: You have the right not to be discriminated against for exercising your data subject rights. We will not discriminate against you for exercising your data subject rights.

Right to Opt-Out of the Sale and Sharing of Personal Information. If Novo Nordisk Sells or Shares your Personal Information to or with third parties, you have the right, at any time, to direct us not to Sell or Share your Personal Information. We do not Sell or Share Applicant or Employee Personal Information and have not Sold or Shared Applicant or Employee Personal Information in the past twelve months. Further, Novo Nordisk does not Sell or Share the Personal Information of minors under 16 years of age without affirmative authorization.

Retention of Personal Information. We retain each of the categories of Applicant and Employee Personal Information listed in Sections C & D for the duration of your Applicant and/or Employee relationship with us, as applicable, and longer as may be required by applicable laws or necessary for our legitimate business purposes.

California Residents Under Age 18. If you are a resident of California under the age of 18 and a registered user of our website, you may ask us to remove content or data that you have posted to the website by writing to NNIPrivacy@novonordisk.com. Please note that your request does not ensure complete or comprehensive removal of the content or data, as, for example, some of your content or data may have been reposted by another user.

Disclosure About Direct Marketing for California Residents. California Civil Code § 1798.83 permits California residents to annually request certain information regarding our disclosure of Personal Information to other entities for their direct marketing purposes in the preceding calendar year. We do not distribute Applicant or Employee Personal Information to other entities for their own direct marketing purposes. However, we do distribute Personal Information that we Collect from Consumers in a non-employment related capacity to other entities for their direct marketing purposes. To make such a request, please send an email to NNIPrivacy@novonordisk.com with the subject “Shine the Light Request.”

Financial Incentives for California Applicants & Employees. Under California law, we do not provide financial incentives to California Applicants and Employees who allow us to Collect, retain, Sell, or Share their Personal Information. We will describe such programs to you if and when we offer them to you.

Changes to this Notice. We reserve the right to amend this Notice at our discretion and at any time. When we make material changes to this Notice, we will notify you by posting an updated Notice on our website and listing the effective date of such updates.

Call (888) 870-3901 or email us at NNIPrivacy@novonordisk.com to contact us with questions regarding this Notice. If you are unable to review or access this Notice due to a disability, you may contact us to request access to this Notice in an alternative format.