Privacy Shield Policy

Mylan Inc.: Privacy Shield Policy

Last updated Sept. 30 2016

Mylan Inc., and its affiliates and subsidiaries listed here (“Mylan”), commits to adhere to the EU-U.S. Privacy Shield Framework by adopting and implementing the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability, which also include a set of Supplemental Principles (collectively, the “Principles”).  Our certification can be found at www.privacyshield.gov/list.

This Privacy Shield Policy (the “Privacy Policy”) only applies to the Personal Information that we obtain through our Website, that is collected in the European Economic Area (the "EEA") and Switzerland, and is transferred to Mylan in the U.S.  

This Privacy Shield Policy complements the Mylan Privacy Statement.  Unless specifically defined in this policy, the terms in this Privacy Policy have the same meaning as in the Mylan Privacy Statement.  In case of conflict between the Mylan Privacy Statement and this Privacy Policy, this Privacy Policy prevails.  In case of conflict between this Privacy Policy and the Principles, the Principles will govern.

1. Notice

We provide information in the Mylan Privacy Statement regarding our privacy practices.  Mylan commits to subject to the Principles all Website Personal Information received from the EEA in reliance on the Privacy Shield.

2. Data Integrity and Purpose Limitation

Any Personal Information we obtain may be used by Mylan for the purposes indicated in the Mylan Privacy Statement or as otherwise provided to you.  We will not process Personal Information in a way that is incompatible with these purposes or as subsequently authorized by you. 

We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the intended purposes for which it was collected, and to ensure that such Personal Information is reliable, accurate, complete and current.

We will retain your Personal Information in an identifiable form only for the period necessary to fulfil the purposes of the processing, unless a longer retention period is required or permitted by law or by the Principles.  We will adhere to the Principles for as long as we retain the Personal Information collected under the Privacy Shield.

3. Data Disclosures

We disclose Personal Information as described in the Mylan Privacy Statement. If we disclose it to a third party acting as a data controller or as an agent, we will comply with, and protect the Personal Information as provided in, the Accountability for Onward Transfer Principle. 

In case of disclosure to an agent, we remain responsible for the processing of Personal Information received under the Privacy Shield and subsequently transferred to that agent if it processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the inconsistent processing.

We may also disclose Personal Information as may be required or permitted under the Principles and under applicable law.

4. Data Security

We use reasonable and appropriate measures to protect your Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.

5. Choice and Access

If we intend to use your Personal Information for a purpose that is materially different from the purposes listed in this policy or if we intend to disclose it to a third party acting as a controller not previously identified, we will offer you the opportunity to opt-out of such uses and/or disclosures where it involves non-sensitive information or opt-in where sensitive information is involved. 

Where appropriate, Mylan provides you with access to the Personal Information that we maintain about you and allows you to correct, amend or delete that information when it is inaccurate or has been processed in violation of the Principles by sending a written request as indicated in “Contact Information” below.  We will review your request in accordance with the Principles, and may limit or deny access to Personal Information as permitted by the Principles.

6. Recourse and Enforcement

We conduct an annual self-assessment of our Personal Information practices to verify that the attestations and assertions made in this Privacy Shield Privacy Policy are true and have been implemented as represented.  If you have any questions or concerns, we encourage you to write to us as indicated below in the Contact Information section. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles. 

If an issue cannot be resolved via our internal dispute resolution mechanism, you may contact or submit a complaint, at no cost, to your local EU data protection authority and we will work with them to resolve your concern.  For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles.  

Mylan is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

7. Contact Information

If you have any questions, concerns or complaint regarding our privacy practices, or if you’d like to exercise your choices or rights, contact us via

  • Email at dataprivacy@mylan.com;
  • Mail at Chief Privacy Officer, 1000 Mylan Boulevard, Canonsburg, Pa. 15317;
  • Phone: 1-724-514-1800