PI We Collect and How We Use It
Depending on your interactions with Lilly, we may collect the following PI:
- Full Date of Birth;
- Identifiable Photograph/Video/Physical Characteristics or Descriptions;
- Business/Professional Contact Information (e.g., title, company name, business address, business email address, business phone/fax number);
- Personal Contact Information (e.g., personal address, personal email address, personal phone/fax, personal web/internet address, family member names);
- Online identifiers that correspond to your device(s) (e.g., personal IP [Internet Protocol] address, cookies, RFID, etc.);
- Employment/Professional Job or Qualifications Information;
- Health Information;
- Biographic Information;
- Financial and Government Identifying Numbers (e.g., Social Security number);
- Criminal/Conviction Records (e.g., on Federal Exclusion list);
- Biometric Identifiers;
- Website Utilization and Social Media Use;
- Education Information;
- Commercial Information, (e.g. purchasing, consuming history or tendencies);
- Inferences Reflecting Preferences
We collect PI from a number of sources, including:
- Employees, potential employees and their family members;
- Patients and clinical/medical trial participants;
- Clinical/medical investigators and staff conducting clinical/medical research;
- Health care professionals;
- Adverse event reporters and subjects;
- Investors and shareholders;
- Vendors, suppliers and contractors;
- Business partners;
- Government officials
We process/use PI for the following business or commercial purposes:
- Activities as an employer to support and fulfill our obligations to our employees;
- Research and development of our products;
- Compliance with legal or regulatory obligations (e.g., adverse event reporting, exercising or defending legal claims, financial disclosure reporting);
- Business and market research;
- Market research for our products and services;
- Study recruitment;
- Marketing and sales of our products;
- Communicating information about our products, responding to requests and registration for services;
- Providing patient assistance;
- Finance and tax activities;
- Statistical analytics;
- Event management;
- Contracting and business planning activities; and
- Administration of other legal and business processes that are in Lilly’s legitimate interest, inclusive of company record retention, safeguarding our physical and electronic workplace, and website management.
Lilly may share your PI with
- Lilly employees and affiliates;
- Health care professionals;
- Vendors, suppliers and contractors;
- Business partners; and
- Government officials (e.g., law enforcement authorities, the courts, regulatory authorities).
Where permitted by law, Lilly may also enhance or merge information, including PI, with information obtained from third parties for the same purposes shared above. PI may also be used for profiling for the same purposes shared above. You may object to profiling via automated-decision making by contacting us using the information in the “How to Contact Us” section below.
You do not have to share your PI with us, but if you choose not to share your PI, we may not be able to provide you with certain information, products or services.
Through this website, Lilly may:
Collect your Name and Personal Contact Information if you opt in to receive communications (such as requests for information, responses to inquiries, newsletters, etc.). Lilly may also use this information to verify your relationship with Lilly and take other actions in order to respond to your request.
Collect online identifiers that correspond to your device(s) that do not directly identify you in order to improve, manage and secure our websites, network systems and other assets; verify your relationship with us; understand your interests and preferences; and take other actions that may be necessary to respond to your request.
- Analyze your website usage including the date and time of your website session, geographic location, how you have navigated the website, and other information collected through our web beacons, cookies, third-party and digital advertising, Google Analytics®; and social media plug-ins. This information is collected for our legitimate business purposes.
Web beacons: A web beacon (also known as an “action tag” or “clear GIF technology”) is a tiny graphic on a web page or in an email message designed to track pages viewed or messages opened, and allows the collection of web log information. Web log information is gathered by the computer that hosts our website (called a "web server") when you visit one of our websites. We may use web beacons to help determine which email messages sent by us were opened and whether a message was acted upon. Web beacons also help Lilly analyze the effectiveness of websites by measuring the number of visitors to a site or how many visitors clicked on key elements of a site.
- Do Not Track: There are different ways you can prevent tracking of your online activity. One of them is setting a preference in your browser that alerts websites you visit that you do not want them to collect certain information about you. This is referred to as a Do Not Track (“DNT”) signal. Please note that currently our websites and web-based resources do not respond to these signals from web browsers. At this time, there is no universally accepted standard for what a company should do when a DNT signal is detected.
Third-Party and Digital Advertising: We may partner with third-party advertising networks to manage our advertising on other sites. Our ad network partners may place cookies and web beacons and similar digital markers on your browser when you visit our websites to collect information about your activities over time on this and third-party websites, apps and other online services, to provide you targeted advertising based upon your interests. We may also share PI about you with third parties in order to have those third parties, on our behalf, directly serve advertising to you on their websites.
- Opt-Out Provision: Google Analytics offers an opt-out provision for website visitors who do not want their data to be collected. You can receive more information about this option here.
Social Media Plug-ins: Our websites may use social media plug-ins to enable you to share information with others easily. When you visit our websites, the operator of the social media plug-in that is on our website can place a cookie on your computer that lets that operator recognize individuals on their website who have previously visited our sites. Social media plug-ins may allow social media websites to receive directly identifiable information about you that shows you have visited our website. The social media plug-in may collect this information for visitors, whether or not they specifically interact with the plug-in on our website. Social media plug-ins also allow the social media website to share information about your activities on our website with other users of their social media website. Lilly does not control any of the content from social media plug-ins. For more information about social plug-ins from social media websites, you should refer to those sites’ privacy and data-sharing statements.
This website is not intended for or designed for individuals under the age of 18. We do not knowingly collect PI from any person under the age of 18.
Reasons We Share PI
We may share your PI with third parties in connection with work that they do for or with Lilly, for purposes consistent with those listed above. These third parties must agree to protect the PI and to use it only as directed by Lilly.
We may also be required to disclose your information in response to lawful information requests for PI by law enforcement authorities, the courts or regulatory authorities, including complying with national security or law enforcement requests.
In the event that Lilly may decide to reorganize or divest part or all of its business, including its information databases, through a sale, divestiture, merger, acquisition or other means of transfer, then PI may be shared with, sold, transferred, rented, licensed or otherwise provided or made available by Lilly to third parties in connection with the contemplated transaction (without your consent or any further notice to you). In such circumstances, Lilly will seek written assurances that the PI will be protected appropriately.
Where We Transfer and Work With PI
EU-U.S. and Swiss-U.S. Privacy Shield
Lilly, including Lilly USA, LLC and Avid Radiopharmaceuticals, Inc. (“Lilly U.S.”), has elected to self-certify to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”) and may also utilize other transfer mechanisms as appropriate. Lilly U.S. processes the PI we receive in the United States from the European Union (EU), the United Kingdom (UK) and Switzerland in accordance with the Privacy Shield Principles and other transfer frameworks, as applicable. If you have been directed to this Privacy Statement from a source other than Lilly.com, the information about how Lilly U.S. adheres to Privacy Shield and other transfer requirements takes precedence over any conflicting information.
If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. For PI originating in the EU, the UK and Switzerland, this Privacy Statement demonstrates our commitment to processing your PI in accordance with the Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement and Liability.
As explained in the “Reasons We Share PI” section above, PI may be shared as appropriate with third parties that process information on behalf of, or with, Lilly U.S. If we disclose PI received under the Privacy Shield or other appropriate transfer mechanisms to a third party, Lilly U.S. ensures that the third party has contractual provisions that require the same level of security and confidentiality safeguards as required under the Privacy Shield or by the required transfer framework, as the case may be. Under certain circumstances, Lilly U.S. may remain liable for the acts of certain third parties if those third parties process PI originating from the EU, the UK and/or Switzerland that Lilly discloses to them in a manner that is inconsistent with the Privacy Shield Principles.
If you have any inquiries or complaints about our handling of your PI under the Privacy Shield or other appropriate transfer framework, or you want to view your PI that Lilly U.S. processes and request its correction, amendment or deletion, please contact us using the information in the “How to Contact Us” section below.
If you still have a specific privacy concern that has not been resolved after attempting to address your privacy question or concern with Lilly U.S. directly, you may choose mediation of that concern by the neutral third party, American Arbitration Association. You may submit your unresolved privacy concern to the American Arbitration Association for resolution by contacting them here:
You may also have the option to select binding arbitration for the resolution of your complaint with respect to PI originating in the EU, the UK or Switzerland under certain circumstances. For more information on binding arbitration, see the U.S. Department of Commerce's Privacy Shield Framework: Annex I (Binding Arbitration).
Lilly U.S. is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission for purposes of enforcing compliance with the Privacy Shield. Lilly U.S. also commits to cooperate with EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU, the UK and Switzerland in the context of the employment relationship. For more information about the Privacy Shield or to view Lilly U.S.’s certification page, please visit the U.S. Federal Trade Commission’s website on Privacy Shield located here.
To obtain additional information regarding the basis for transfers and safeguards that Lilly has in place for cross-border transfers of PI, please contact us at email@example.com.
How Long We Keep PI
PI will be saved for a period of time needed to fulfill legitimate and lawful business purposes in accordance with our record-retention policies and applicable laws and regulations.
How We Secure PI
We provide reasonable physical, technical and procedural safeguards to protect PI we work with and maintain. We limit access to PI to authorized employees and third parties who need access to carry out their assigned roles and responsibilities on behalf of Lilly. Although we strive to protect the PI we work with and maintain, no security system can prevent all potential security breaches.
Your Rights and Choices
Upon verification of your identity and as applicable by law, you have the right to request information from us on how your PI is being used and with whom it is being shared. You also have the right and choice to request to see and receive a copy of the PI that we have about you, request that we correct, restrict the processing of, and/or erase/delete your PI, or in France, set expectations for the handling of your data after your death.
In limited circumstances, you may have the right to have your information transmitted to another entity or person in a machine-readable format.
There may be exceptions that apply to your request.
To exercise your rights, you or your authorized representative may submit a request to Datarights@lilly.com or by contacting us using one of the methods listed under the “How to Contact Us” section.
You will not be discriminated against for exercising any of your rights.
California Privacy Rights
California Civil Code Section 1798.83 entitles California residents who have an established business relationship with Lilly the right to request information regarding Lilly’s disclosure of certain PI to third parties for their direct marketing purposes. To make a request for such information, you may contact us using the information in the “How to Contact Us” section below.
California Consumer Privacy Act (CCPA) entitles California residents to certain rights with regard to their PI. Those rights have been incorporated into this Privacy Statement.
We do not sell personal information.
How to Contact Us
You may make any of the above requests by using the contact information below:
Eli Lilly and Company
P.O. Box 6245
Indianapolis, IN 46206-6245
You may also contact us at the above if you have questions about this Privacy Statement.
How to Submit a Complaint
If you wish to raise a complaint on how we have handled your PI, you can contact our Data Protection Officer at firstname.lastname@example.org, who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your PI in accordance with the law, you can register a complaint with a relevant regulatory authority (e.g., a Data Protection Authority or Attorney General).
Links to Third-Party Websites
As a convenience to our visitors, this website may contain links to other sites owned and operated by third parties that we believe may offer useful information. The policies and procedures we describe here do not apply to those sites. We are not responsible for the collection or use of PI at any third-party sites. Therefore, we disclaim any liability for any third party's use of PI obtained through using the third-party website. We suggest contacting those sites directly for information on their privacy, security, data collection and distribution policies.
Changes to Our Privacy Practices
We may update this Privacy Statement from time to time. When we do update it, for your convenience, we will make the updated statement available on this page. We will always handle your PI in accordance with the Privacy Statement in effect at the time it was collected unless we provide you with the new notice and/or obtain your consent, as appropriate.
Last Updated: December 17, 2019
Other company and product names are trademarks of their respective owners.