SUPPLEMENTAL APPLICATION PRIVACY NOTICE for California, Colorado, Connecticut, Utah, and
Virginia Consumers
Updated: February 2023
This Supplemental Application Privacy Notice (“Supplemental Notice”) applies only to information
collected about California, Colorado, Virginia, Utah, and Connecticut consumers. It provides
information required under the California Consumer Privacy Act of 2018 and California Privacy Rights
Act of 2020 (collectively, the “CCPA”), the Colorado Privacy Act of 2021 (the “CPA”), the Virginia
Consumer Data Protection Act of 2021 (the “VCDPA”), the Utah Consumer Privacy Act of 2022 (the
“UCPA”), and the Connecticut Data Privacy Act of 2022 (“CDPA”). We also provide a brief paragraph
regarding information collected about Nevada consumers under the heading “Privacy Notice for
Nevada Residents” at the end of this Supplemental Notice. The other portions of this Supplemental
Notice do not apply to Nevada consumers.
This Supplemental Notice describes Alexion and Alexion’s group companies’ (“we” “us” “our”)
practices regarding the collection, use, and disclosure or Personal Information and provides
instructions for submitting data subject requests. The Notice also describes Alexion’s processing of
Personal Information in the United States.
Definitions
Sales and Sharing of Personal Information
Your Privacy Rights and Choices
Your Targeted Advertising and Opt-Out Choices
Updates to this Supplemental Notice
DEFINITIONS
For purposes of this Supplemental Notice, “Personal Information” ( or “PI”) means information that
identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably
be linked, directly or indirectly, with a particular consumer or household. Personal Information
includes “personal data” as that term is defined in the CPA, VCDPA, UCPA, and CDPA. Personal
Information also includes “Sensitive Personal Information,” as defined below, except where
otherwise noted.
“Sensitive Personal Information” means Personal Information that reveals a consumer’s social
security, driver’s license, state identification card, or passport number; account log-in, financial
account number, debit card number, or credit card number in combination with any required
security or access code, password, or credentials allowing access to an account; precise geolocation;
racial or ethnic origin, religious beliefs, or union membership; contents of email or text messages;
and genetic data. Sensitive Personal Information also includes processing of biometric information
for the purpose of uniquely identifying a consumer and Personal Information collected and analyzed
concerning a consumer’s health, sex life, or sexual orientation. Sensitive Personal Information also
includes “sensitive data” as that term is defined in the CPA, VCDPA, UCPA, and CDPA.
“Third Party” has the meanings afforded to it in the CCPA, CPA, VCDPA, UCPA, and CDPA.
“Vendor” means a service provider, contractor, or processor as those terms are defined in the CPRA,
CPA, VCDPA, UCPA, and CDPA.