Privacy Notice

Effective Date: December 2024

This Notice provides information about data we process, collect, use, and share, and our commitment to using personal data we collect in a lawful manner. We at Omnicell, Inc., including our affiliates (collectively referred to as “Omnicell”, “we” or “us”), care deeply about privacy, security, and online safety.

Privacy Notice Overview

This Privacy Notice (“Notice”) is designed to inform you about how we collect, use, and share your personal data through our website(s), (our “Sites”), related applications, products, services, and web-based and mobile applications (collectively, the “Services”) operated by Omnicell, or when you interact with us online.

By accessing or using our Site or our Services, we may collect, use, share and disclose your personal data as described in this Notice and in our Terms and Conditions (“Terms and Conditions”).

If you are a Kingdom of Saudi Arabia resident or national, by accessing or using our Site or our Services by otherwise giving us your information you confirm that you have the capacity to enter into a legally binding contract under the Personal Data Protection Law (PDPL) Royal Decree No. (m/18) dated 27 March 2023, and its implementing regulations, i.e., the Implementing Regulation of the Personal Data Protection Law and have read, understood and agreed to the practices and policies outlined in this Notice and agree to be bound by the Notice.

Francais, Deutsch, Italiano, Nederlands, Español, 简体中文）Jiǎntǐ zhōngwén)

The Kinds of Information We Collect

Information You Provide to Us Directly

We collect personal data you provide to us in the following instances:

Global Employment Privacy Notice
Usage of our Site and Services

Global Employment Privacy Notice
The personal data we collect from you allows us to manage the recruiting, hiring and employment process with you, conduct our business, and comply with applicable global laws and regulations.

The defined terms in this Global Employment Privacy Notice have the following meanings:

“Candidate” means an individual who has submitted information to Omnicell in order to become a Workforce Member, or who has otherwise provided consent to be considered as a candidate for employment with Omnicell.
“Workforce Member” means a full or part time Omnicell employee, director, board member, non-executive director, independent contractor, interns or agency workers.

For the most part, this Global Employment Privacy Notice applies equally to Candidates and Workforce Members. Depending on whether you are a Candidate or Workforce Member, we may collect the following categories of personal data about you. Some may or may not apply to you.

Data Category	Examples
Identification Data	Name, Photograph, Date of Birth, Government Identifiers, Employee Identification Number, Employee Badge
Contact Information	Home Address, Telephone, Email Addresses, Emergency Contact Information
Hiring Data	Information Related to Candidate Qualifications, Past Employment, Interview Notes, References, Immigration Status & Documentation, Residency Permits & Visas
Demographic Data	Date of Birth, Gender, Race/Ethnicity, Veteran Status, Disability, Sexual Orientation, Gender Expression
Financial Data	Banking Details, Tax Information, Payroll Information, Withholdings, Salary, Expenses, Company Allowances, Stock & Equity Grants
Mobile App Data for Vehicle Mileage Reimbursement	Device and operating system information; location; speed; altitude; movement type; cell phone battery level; Bluetooth connectivity.
Performance & Management Data	Information related to performance evaluations or reviews, disciplinary actions & grievances, & training & development plans
Benefits Data	Information related to employee benefits we offer to you, such as spouse and dependent information, health information (including vaccination status), vacation, leaves of absence, & accommodations information
Employment Data	Information related to your qualifications, your role at Omnicell such as position information, role changes, resignation/termination, resume/CV, employment contracts, office location, academic/professional qualifications, background check and criminal records data, immigration status & documentation, residency permits & visas, national ID/passport, occupational health assessments & work-related accidents, training & employee resource group participation
Other Information You Might Share with Us	Information you choose to provide to us, including hobbies, social preferences, feedback surveys, personal photographs or information as a participant in social media or communication channels, and participation in other company-sponsored programs

The collection and use of your personal data enables us to administer the recruiting and employment process as permitted under applicable laws and regulations, including:

the creation of a job applicant file;
managing job applications;
organizing interviews;
arranging and/or reimbursing travel;
conducting background checks;
onboarding or as needed mailing of business equipment or supplies;
gifts and employee goodwill items;
fulfilling internal obligations;
fulfilling external obligations, including reporting responsibilities (e.g., labor and employment laws, health and safety, tax, anti-discrimination laws) or to exercise or defend our legal rights;
Management of payroll, taxes and benefits, as well as work-related claims and leaves of absence;
Creation and updating of training and other development opportunities;
Determination of work performance requirements and career development needs;
The creation of employee directories or to send documents or other items to your home address;
To maintain the security of Omnicell’s computing resources, assets and premises, and provide you with access to them, to manage our general operations and assets, and to provide services to you as necessary for your role;
Establishment of emergency contacts for you and respond to and manage emergencies, crises, and business continuity;
Investigate and support decisions on disciplinary actions or terminations, conduct grievance management, or as necessary to detect fraud and other wrongdoings;
Management of day-to-day business operations (managing inter-business relationships); and
DEI goals (e.g., understanding the diversity of our workforce and support core business diversity, equity, and inclusion initiatives).

Sharing with Third Parties

You provide us with most of your personal data. However, we may also obtain personal data about you during the course of the application process, as well as from third parties such as recruiting agencies.

Your personal data shall only be shared within Omnicell where lawful to do so and for legitimate purposes. We may share your personal data with third parties under the following circumstances, following a robust vetting process:

HR service providers (e.g., benefits providers, payroll providers);
Insurance organizations, such as health plans and administrators;
In connection with the sale, assignment or other transfer of all or part of our business External advisors (e.g., legal, management consultants, accounting);
Employee benefits providers and administrators;
Companies that arrange and/or manage travel reimbursement; and
Government organizations or agencies as required by law or authorized by you.

Legal Basis

If you are from a jurisdiction that requires a legal basis for processing personal data, Omnicell’s legal basis will depend on the personal data and the context in which it is collected. We typically collect personal data from you only when necessary to carry out our employment contract with you, comply with our legal obligations, exercise rights in the field of employment, or where processing is in our legitimate interests, provided that this does not override your data protection interests or fundamental rights and freedoms. We may also rely on your consent in certain situations – such as the processing of sensitive personal data related to your health status. When collecting data in order to carry out a legal requirement, or in reliance on legitimate interests, we will disclose this to you at the time of collecting your personal data.

Transfers of Personal Data

We may transfer your personal data to countries outside the country or region in which you reside for legitimate business purposes. For more information, please visit the International Transfers of Information section of this Privacy Notice.

Retention of Personal Data

We will retain your personal data for so long as necessary to carry out the purposes we have described above, or as otherwise required by applicable laws and regulations. This, in general, means that we will retain such personal data for so long as you are employed by Omnicell plus that period of time required by the law of the country in which you are employment, or a reasonable time to respond to inquiries, deal with legal, tax, accounting or other concerns, or to provide you with continuation of benefits, as applicable and necessary. At all times we strive to retain personal data for the minimum necessary amount of time to comply with applicable laws, regulations and internal policies and procedures. If we no longer require a use for your personal data, we will delete your data or anonymize it, or if this is not possible (for instance, where data is stored in backup archives), we will securely store your data and segregate it, to prevent further processing until deletion is possible.

If you are a Candidate, we retain your personal data for that period of time necessary to determine role eligibility (current, future) with Omnicell. This period of time may vary depending on the jurisdiction in which you reside.

Personal Data Rights

You have the right to make choices about your personal data, dependent upon which region you reside. These choices are outlined here. Requests related to Personal Information shall be made by clicking on the Individual Data Requests link at the top of this notice.

Questions?

Please submit your questions concerning this Privacy Notice to privacy@omnicell.com or to our toll-free telephone number at (800) 671-0535.

Changes to this Employee Privacy Notice

We may update this Global Employee Privacy Notice from time to time. If we make any material changes in the way we use your personal data, we will notify you by sending you an email to the last email address you provided to us and/or by posting notice of the changes on our Site. These changes will be effective immediately for new users of our Site. Please note that at all times you are responsible for updating your personal data to provide us with your most current email address. In the event that the last email address that you have provided to us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the email containing such notice will nonetheless constitute effective notice of the changes described in the notice. Continued use of our Site or service, following notice of such changes after such emails are sent shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

Consumer Privacy Notice

Information About You Collected Via Technology

When you visit our Sites, some information is directly collected via technology, which may include the following: computers, tablets, smart phones and any other type of technology that may allow for the collection of information when you visit our Site or engage with our services, including customer support.

If you provide us feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email in order to send you a The legal basis for this processing is our legitimate interest in responding to your inquiries and improving our services.
When you use myOmnicell, Omnicell University, Omnihub, or other Omnicell mobile app related content, via our customer portal on this Site, you may need to login using you email address or register by submitting your name, contact number, department, level and customer service number (CSN) in order to take full advantage of your purchased product, Services or solutions. This data is processed under the legal basis of contract performance and our legitimate interest in ensuring the security and functionality of our services.
Log Files. We gather certain information and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP”) data, referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information for purposes including analyzing trends, Site administration, tracking users’ movements around the Site and tailoring our Services to our users’ needs. Except as noted in this Notice, we do not link this collected data to other personal data we have collected from you. The legal basis for this processing is our legitimate interest in monitoring and improving our Site and services.
Cookies. Like many online services, we use cookies to collect information. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. This type of information is collected to improve Omnicell’s overall customer experience and tailor your customer experience to meet your special interests and needs. Performance and functionality Cookies will only be activated upon providing your consent. Moreover, you can typically choose to set your browser to remove Cookies and to reject Cookies. If you choose to remove Cookies or reject Cookies, please be aware that this could affect certain features or services of our site. Please find our cookie policy for more information.

How We Use The Information We Collect

We may use your personal data where we can rely on a legal basis to do so, such as Performance of Services to you, with Your Consent, pursuant to a Legitimate Interest, when data has been Anonymized, or when we have a Legal Obligation to do so.

We use, collect, share, and otherwise process personal data for the purposes described in this Notice or as disclosed to you on our Sites or in connection with our services. We only collect the minimum amount of personal data needed to perform the specific processing activity for which the personal data was collected, ensuring that our processing activities are aligned with legal requirements and your privacy expectations.

Performance of the Services

We process your personal data for the performance of the contractual obligations specified in our Omnicell Website Terms and Conditions, separate Terms and Conditions attached with activities, employee contracts, and/or in order to provide the services to you. This includes, for example, using your personal data for:

operating our Sites;
providing and delivering the products and services you request, including payment processing;
sending you related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
improving our Sites, products, services and the safety and security of our services, websites, and applications including facilitating identification and authentication, targeted online and offline marketing, for general research and aggregate reporting, customization of website and application customer experiences in accordance with our terms and conditions;
understanding you and your preferences in order to enhance your experience and enjoyment using our Sites, products, and services in accordance with our terms and conditions; and
responding to your comments and questions and providing customer service.

Consent

We process your personal data based on your consent for purposes such communicating with you regarding new contests, promotions, rewards, upcoming events, and other news about products and services offered by Omnicell and our selected partners. We may also process your personal data when you allow us to do so, for example you give us consent that you would like to participate in events.

Collection, use and disclosure of your personal data and SPDI requires your explicit consent. You may choose to not provide us with your personal data but in the event that you do so, we will be unable to provide you access to all functionalities on our Site or our Services. You have the right to withdraw your consent at any time. If you wish to withdraw your consent, please contact us. Upon withdrawal, we will cease processing your personal data for the purposes for which consent was originally provided.

Legitimate Interest (If applicable based on region)

We process your personal data when we have a legitimate interest to do so. This includes, for example, processing your personal data for:

Improving our Sites, products, services and the safety and security of our services, websites, and applications including facilitating identification and authentication, targeted online and offline marketing, for general research and aggregate reporting, customization of website and application customer experiences;
Understanding you and your preferences in order to enhance your experience and enjoyment using our Sites, products, and services;
Linking or combining your personal data with other personal data we obtain from third parties without personally identifying you to such third parties in order to help understand your needs and provide you with better service;
Protecting the rights and property of Omnicell and our agents, customers, and third parties including, but not limited to, the right to enforce our agreements, policies, and terms and conditions.

Children

Our services are not intended for children, and we do not knowingly collect, use, or sell Personal Data from individuals under the age of 18. If you become aware that a child under 18 has provided us with Personal Data, please notify us immediately using the contact details provided in the "Contact Us" section below.

Contact Us

Inquiries concerning the region-specific privacy laws and regulations below may be directed to us by email at privacy@omnicell.com, or to our toll-free telephone number at (800) 671-0535.

De-Identified Information

We may create anonymized data records from personal data by rendering data anonymous in such a way that you, the data subject, are no longer identifiable. We use this anonymized data to analyze request and usage patterns so that we may enhance the content of our products and services and improve Site navigation. Omnicell reserves the right to use anonymized data for any purpose and disclose anonymized data to third parties in our sole discretion, unless a contract, data sharing agreement, or data processing agreement between Omnicell and you or your business is in place and declares otherwise.

Legal Obligation

We process your personal data for compliance with any legal obligation to which we are subject, in accordance with applicable laws and regulations.

Information We Share

(Information About You We Obtain from Third Parties, directly from you or Information about You that You Made Publicly Available)

We share your personal data with Service Providers, Partners, Vendors, Public Authorities, Third Parties , and, if an employee of Omnicell, with our affiliates as needed to manage employment relationships.

We disclose your personal data as described in this Notice below. Additionally, we reserve the right to share your personal data when you have: (1) consented to such processing and have the ability to unilaterally revoke your consent at any time, or (2) have expressly made such personal data public, subject to limitations under applicable law. Personal data shared with third parties for purposes of processing will only be shared pursuant to a data processing agreement or data sharing agreement.

Service Providers, Partners and Vendors

performance of the contractual obligations in our Omnicell Website Terms and Conditions and in order to provide the services to you;
serving our legitimate interests and those of third-party vendors, consultants, and other service providers;
protecting the personal safety and property of Omnicell, its customers, or any other third party;
providing or improving our services and the safety and security of our services, websites, and applications including facilitating

identification and authentication, targeted online and offline marketing, for general research and aggregate reporting, customization of website and application customer experiences, including enhancement of such services through conversational AI platforms; or

enabling third parties to perform services on behalf of Omnicell including, but not limited to, payment processing, research, analytics, customer experience and security.

Public Authorities, Including Courts and Law Enforcement Agencies

compliance with a legal obligation or judicial or administrative order or in the course of judicial or administrative proceedings;
protecting the rights and property of Omnicell and our agents, customers, and third parties including, but not limited to, the right to enforce our agreements, policies, and terms and conditions;
We will disclose your personal data and Sensitive Personal Data and Information (SPDI), without seeking your consent, if legally required to do so, pursuant to an order from a governmental entity, judicial authority or in good faith. We will disclose the information to: (i) comply with a legal obligation, including sharing personal data with Government agencies mandated under the law to obtain such information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences; (ii) when mandated by an order under the law for the time being in force; or (iii) protect personal safety of our users or the public.

Third Parties:

facilitating the negotiation of any merger, financing, acquisition, or dissolution, transaction, or proceeding involving sale, transfer, divestiture, or disclosure of all, or a portion of our business or assets to another company. In the event of an insolvency, bankruptcy, or receivership, personal data may also be transferred as a business If another entity acquires our company, business, or assets, that entity will possess the personal data collected by us and will assume the rights and obligations regarding your personal data as described in this Notice. Omnicell will not disclose your personal data to Third Parties without your express, revocable consent except as specified in this Notice.

Additional Information for Certain Jurisdictions

Canada
California
Connecticut
China
Colorado
India
Illinois
Kingdom of Saudi Arabia
Oregon
Texas
Utah
UK and EU
Virginia
International Transfers of Information

FOR CANADA RESIDENTS

If you are a resident of Canada, you may have the following rights under the Personal Information Protection and Electronic Documents Act ( PIPEDA ) with regard to non-exempt Personal Data:

Right to know whether a Controller is processing the Consumer’s Personal Data, where such Data was obtained, and how it has been used or shared with third parties;
Right to access Personal Data processed by a Controller;
Right to correction; and
Right to file a PIPEDA complaint by emailing us at privacy@omnicell.com.

FOR CALIFORNIA RESIDENTS

Omnicell takes its responsibilities for the privacy and security of Consumers’ Personal Information seriously. Requests related to Personal Information shall be made by clicking on the Individual Data Requests link at the top of this notice.

For avoidance of doubt, “Consumer” means a natural person who is a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, as that section read on September 1, 2017. “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, as more fully defined in the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). “Personal Information” does not include information that is: (1) lawfully made available from government records; (2) de-identified or aggregate information; or (3) otherwise excluded from the scope of the CCPA.

The Personal Information that is collected and how it is used and shared may be found in this Notice. In no event will Omnicell sell Personal Information provided by a Consumer. Omnicell does not offer financial incentives to Consumers for the collection of Personal Information or the deletion of Personal Information. Except as permitted by the CCPA and in accordance with any program of financial incentives established by Omnicell, if any, Omnicell will not discriminate against a Consumer because the Consumer exercised any rights under the CCPA by denying goods or services to the Consumer; charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; providing a different level or quality of goods or services to the Consumer; or suggesting that the Consumer will receive a different price or rate for goods or services or a different level or quality of goods or services. By law, Omnicell is not required to collect Personal Information that we otherwise would not collect in the ordinary course of business. Omnicell shall not retain Personal Information for longer than we would otherwise retain such information in the ordinary course of our business, or re-identify or otherwise link information that is not maintained in a manner that would be considered Personal Information.

If you are a Consumer, CCPA may permit you to request information regarding the:

Categories of Personal Information (as defined by the CCPA) collected or disclosed by us;
Purposes for which categories of Personal Information collected by us are used;
Categories of sources from which we collect Personal Information;
Categories of third parties with whom we share Personal Information; and
Specific pieces of Personal Information we have collected about you and in some cases your Household.

In addition, if you are a Consumer, you may:

Opt-out of Omnicell sharing Personal Information;
Exercise your right to limit use and disclosure of Sensitive Personal Information;
Opt-out of receiving marketing communications from us; however, you may still receive administrative communications regarding our services; and
Request that we and our service providers delete Personal Information we have collected from you, in some circumstances.

All requests related to Personal Information shall be made by clicking on the Individual Data Requests

Category of personal information we may collect: Commercial Information

The personal information contains:

The Commercial Information may contain the following information: names, phone number, email addresses.

Whether we have sold or otherwise disclosed the Personal information in the previous 12 months:

We do not sell Personal Information to third parties. Personal Information may be disclosed as part the job application, employment, independent contractor or other similar engagement with Omnicell.

Categories of Third Parties to whom the Personal Information was disclosed:

We do not sell Personal Information to third parties. Personal Information may be disclosed to third parties engaged by Omnicell as part the job application, employment, independent contractor or other similar relationship with Omnicell.

Category of personal information we may collect: Internet/Electronic Activity

The personal information contains:

The Internet/Electronic Activity may contain the following information: IP address.

Whether we have sold or otherwise disclosed the Personal information in the previous 12 months:

We do not sell Personal Information to third parties. Personal Information may be disclosed as part the job application, employment, independent contractor or other similar engagement with Omnicell.

Categories of Third Parties to whom the Personal Information was disclosed:

Category of personal information we may collect: Geolocational Data

The personal information contains:

The Geolocational Data may contain the following information: names, phone numbers.

Whether we have sold or otherwise disclosed the Personal information in the previous 12 months:

We do not sell Personal Information to third parties. Personal Information may be disclosed as part the job application, employment, independent contractor or other similar engagement with Omnicell.

Categories of Third Parties to whom the Personal Information was disclosed:

Category of personal information we may collect: Professional Information

The personal information contains:

The Professional Information may contain the following information: names, phone number, email addresses.

Whether we have sold or otherwise disclosed the Personal information in the previous 12 months:

We do not sell Personal Information to third parties. Personal Information may be disclosed as part the job application, employment, independent contractor or other similar engagement with Omnicell.

Categories of Third Parties to whom the Personal Information was disclosed:

FOR CONNETICUT RESIDENTS

If you are a resident Consumer of the state of Connecticut, you may have the following rights under the Connecticut Data Privacy Act (CTDPA) with regard to non-exempt Personal Data:Right to know whether a Controller is processing the Consumer’s Personal Data;
Right to access Personal Data processed by a Controller;
Right to correction;
Right to deletion;
Right to data portability;
Right to opt-out of the processing of Personal Data for targeted advertising, sale or profiling;
Right to revoke consent for the processing of Consumer Personal Data; and,
Right to avoid discrimination for exercising a right under the CTDPA.

FOR CHINA RESIDENTS

If you are a resident Consumer of the state of China, you may have the following rights under the Personal Information Protection Laws of China (PIPL):

Principles in Processing Employees' Personal Information

Principles of Lawfulness, Legitimacy, Necessity and Good Faith. The Company shall strictly observe the requirements under applicable laws and regulations, and shall avoid any misleading, deceiving or coercing conduct in processing of employees' personal information.
Principle of Clearness and Relevance. The Company shall process employees' personal information for specific and reasonable purposes, which shall be directly relevant to the purpose of such processing and shall be collected in such ways that have the least impact on employees' rights and interests. Collection of any employees' personal information shall be conducted to the minimum extent necessary for achieving the purpose of such processing.
Principle of Transparency. The Company shall disclose the rules of processing employees' personal information, and expressly indicate to the employees the purpose, method, and scope of processing of their personal information.
Principle of Completeness and Accuracy. The Company shall endeavor to maintain quality of employees' personal information and avoid any adverse effect on any employee's rights and interests due to inaccuracy or incompleteness of such employee's personal information.
Principle of Security Assurance. The Company shall take necessary measures to ensure the safety and security of employees' personal information.

Scope of Employees' Personal Information to be Collected

As necessary for the implementation of human resources management, the personal information of an employee that is collected or may need to be collected by the Company under employment management include:

Personal Details of Employee and His/Her Family Member(s): Surname, given name, e-mail and telephone details, home address, household registration, birth date, ethnic origin, political status, national identification card information, gender, marital status, family member information (such as name of parents (or spouse or children) as well as their employers (if any) and contact information), emergency contact information, health information, medical check and treatment information, and photograph;

Documentation Required under Immigration Laws: Citizenship, passport information, details of visa, residency and work permit;

Position and Commitment: Description of current commitment, job title/grade, corporate positions or shareholder status, business, division, function location, supervisor(s), employee identification number, employment status and type, terms of employment, employment contract, work history with the Company, (re-)hire and termination date(s), length of service, retirement eligibility, basis for termination of employment and termination date;

Talent Management: Details contained in job applications and resume/CV, information obtained from job interviews, previous employment background, investment or positions in other companies or organizations, educational history, professional qualifications, language and other relevant experience and skills, details on feedback, development plan and willingness to relocate, information or proof regarding whether there is criminal offence or other illegal activity;

Compensation and Benefits: Base salary, variable pay, bonus, commission, allowance, subsidiary or other salary income, details on benefits, stock grants and other awards, currency, pay frequency, effective term of current compensation, banking account information, personal income tax information, social security and housing fund account information, information regarding contributions and benefits of social security, housing fund and commercial insurance (if any);

Management and Evaluation Records: Business travel information, information regarding trip or itinerary approved, organized or arranged by the Company (including relevant accommodation information), expense reimbursement details (including details on invoices and receipts), working hours system and email account details, overtime and shift work, working time records (including vacation and other absence records, leave status, hours worked and department standard hours), information related to performance appraisals, contribution ranking, reward and disciplinary records;

Security System and Working Device Records: Personal information contained in or generated from any security system at workplace or any working device (such as cellphones, tablets or computers provided by the Company), including but not limited to information downloaded to, transmitted through or generated on working devices (such as any communication records, directory, contact list, web browsing records, location information generated by GPS system, personal photos or documents) and any records in security and surveillance systems at workplace;

Other personal information which may be required for the fulfillment of the employment contract with the Company.

Collection and Use of Sensitive Personal Information

The Company needs to collect certain sensitive personal information in the course of daily operation and human resources management. For details of the Company's collection and use of sensitive personal information, please refer to Attachment I Statement on Collection of Sensitive Personal Information.

Purpose of Processing of Employees’ Personal Information

The Company will process personal information of employees for the following purposes in implementing human resources and business management in accordance with provisions of applicable laws:

Employee recruitment and background check.

Management of employees' employment relationship with the Company, including management of employee onboarding, departure, retirement and other procedures, planning and management of benefits and compensation, management of employee stock ownership and equity incentive plan management, performance review, position adjustment, vacation management, reimbursement management, employee training, travel arrangement, career planning and development, or disciplinary action, among other things.

Maintaining the safety of employees, workplace and working equipment, such as taking necessary infectious disease prevention and control measures, and conducting safety monitoring of workplace and working equipment to the extent permitted by laws, communicating with employees or their emergency contacts in case of an emergency.

Handling, supervising and managing the usage of equipment, facilities, mailbox and services provided by the Company.

Carrying out operation and business activities, including allocating human resources for the Company's projects, tracking and managing the situation and progress of services performed by employees, introducing the basic information, background and qualifications of employees to customers and partners, managing and facilitating business communications, preparing budgets, conducting accounting management, developing or improving products and services, formulating or improving development strategies, managing the Company's assets, and managing merger, acquisition and reorganization or property disposal, among other things.

Dealing with the disciplinary issues and any complaints raised by or involving any employees.

Responding to requests raised by regulatory authorities or other statutory bodies in accordance with laws, as well as for the purposes of auditing, compliance, investigation and inspection.

Maintaining and keeping personal information and employment records of employees in order to comply with relevant laws and regulations and auditing requirements.

Using personal information in arbitration, litigation and other legal proceedings for the purpose of defending a claim or seeking legal remedy to protect the Company's own legitimate rights and interests.]

Unless otherwise required by applicable laws and regulations, the Company will not use any employees’ personal information for any other irrelevant purposes.

Manner of Processing for Employees’ Personal Information

The Company will process employees’ personal information in the following ways:

Collecting, recording, copying, systematizing, aggregating, storing, refining (updating, amending), extracting, using, transferring (distributing or providing or authorizing access to), publicly disclosing, de-identifying, anonymizing, blocking, deleting or destroying the personal information; and sharing or transferring (including the cross-border transfer of) employees’ personal information in accordance with this Policy.

Storage of Employees’ Personal Information

The period during which the Company keeps and retains the personal information of an employee shall depend on the purposes for which the Company uses such information.

The Company will only keep and retain the information of an employee as long as reasonably necessary to achieve the purposes described in this Policy, or for such longer period as required by applicable laws or regulations. In practice, this means that the length of retention may vary by type of information.

Principally, the employees’ personal information collected by the Company will be stored in China. However, when necessary, the Company will transfer personal information of its employees out of China according to the requirements of any applicable laws or regulations, and will obtain a separate consent from each related employee.

For information regarding the current situations under which the Company needs to transfer employees' personal information out of China and relevant disclosures, please refer to Attachment II Statement on Cross-Border Transfer of Personal Information and Provision of Personal Information to Third Parties.

Provision of Employees’ Personal Information to External Third Parties

As necessary for human resources management, the Company may provide personal information of its employees to third parties from time to time in accordance with applicable laws and with necessary consent from related employees, such as [affiliates, professional advisors, service providers and business partners] of the Company.

Affiliates: for the purpose of unified human resources management and operation, the Company may share its employees’ personal information with its affiliates.

Professional advisors: including accounting firms and law firms, etc., where the advice provided by such professional advisors may require the Company to share its employees’ personal information.

Service providers: including service providers who manage benefits and salaries of employees of the Company, service providers who provide the Company with employee management and data storage systems, or service providers who provide support in connection therewith.

Business Partners: organizations cooperating with the Company in human resources management with respect to employee remuneration and benefits, among others, such as, banking institutions and insurance companies. For information regarding the current situations under which the Company needs to provide personal information of its employees to third parties and relevant disclosures, please refer to Attachment II Statement on Cross-Border Transfer of Personal Information and Provision of Personal Information to Third Parties.

In the event of a merger or division of the Company or other matters, the Company may need to transfer employees’ personal information to the parties to whom the rights and obligations of the Company are transferred or assigned in accordance with applicable laws and regulations.

The Company may provide the personal information of its employees to any relevant departments and agencies according to requirements under applicable laws and regulations or requirements raised by regulatory authorities or other statutory bodies in accordance with law.

Employee's Rights to Personal Information

Unless otherwise provided by applicable laws, employees of the Company shall be entitled to exercise the following rights concerning their personal information:

Right to Know. Each employee shall have the right to know how the Company processes his or her personal information.

Right to Decide. Each employee shall have the right to decide whether to allow the Company to process his or her personal information.

Right to Restrict and Refuse. Each employee shall have the right to impose restrictions or refuse the Company to process his or her personal information.

Right to View. Each employee shall have the right to view his or her personal information in the possession of the Company.

Right of Correction and Supplementation. Each employee shall have the right to request the Company to correct or supplement his or her personal information that is inaccurate or incomplete.

Right of Reproduction. To the extent permitted by applicable laws, an employee shall have the right to make a request to the Company to get a copy of his or her personal information.

Right to Request Deletion. Under the circumstances provided in applicable laws, each employee shall have the right to request the Company to delete his or her personal information in the possession of the Company.

Right to Withdraw Consent. Each employee shall have the right to request withdrawal of consent to his/her personal information that has been collected on the basis of his or her consent. Withdrawal of consent shall not affect the validity of the personal information processing activities conducted based on the personal consent prior to such withdrawal.

Right to Request Explanation. Each employee shall have the right to request the Company to explain the rules governing processing of his or her personal information.

The employee can exercise the above rights by contacting privacy@omnicell.com.

Liaison Information

If an employee has any question about processing of his or her personal information or is not satisfied with the way in which the Company has processed the employee's information, the employee may contact privacy@omnicell.com

Employee Obligations

Employees agree to keep personal information up to date and to inform the Company of any significant changes in personal information about themselves or their family members or emergency contacts. Employees agree to inform their family members or emergency contacts whose personal information are provided to the Company about the content of this Policy and obtain their consent (if required under applicable laws) before providing their personal information to the Company.

Employees agree to follow the Company’s policies and procedures in handling any personal information to which employees have access in the course of their employment relationship with the Company. In particular, employees will not access and will not use any personal information of others for any purpose other than in connection with and to the extent necessary for employees’ employment with the Company. Employees understand that these obligations continue to exist after termination of employees’ employment relationship with the Company. If employees become aware of any improper collection, use or disposal of any personal information by other employees or information recipients, employees should immediately report this issue to the Company.

Ensuring the protection and confidentiality of personal information collected by the Company is of vital importance to us. Violation of the Company’s policies and procedures in handling any personal information may result in disciplinary actions including termination of employment.

Statement on Collection of Sensitive Personal Information

This attachment provides a specific description of the Company's collection of sensitive personal information from employees in the course of daily operation and human resources management, so as to help employees understand the type of sensitive personal information processed by the Company, the necessity of processing and its impact on personal rights and interests.

Sensitive personal information refers to the personal information that is likely to result in infringement to the personal dignity of any natural person or damage to his or her personal or property safety once disclosed or illegally used, including such information as biometric identification, religious belief, specific identity, medical and health information, financial account and whereabouts and tracks, as well as the personal information of minors.

In order to perform human resource management in accordance with the labor rules and regulations and the labor contracts formulated and concluded according to laws, the Company collects or may need to collect certain sensitive personal information or potential sensitive personal information from employees in the course of employment and business management, which includes the following:

[Personal Property Information]	[Base salary, variable pay, bonus, commission, allowance, subsidiary or other salary income, details on benefits, stock grants and other awards, currency, pay frequency, effective term of current compensation, banking account information, personal income tax information, social security and housing fund account information, information regarding contributions and benefits of social security, housing fund and commercial insurance (if any)]
[Personal Identity Information]	[Citizenship, passport information, details of visa, residency and work permit, certain professional qualification]
[Personal Health and Physiological Information]	[Health information, medical check and treatment information]
[Personal Information of Minors under the Age of 18 ]	[Information of employees' children or dependants under the age of 18 (such as name, date of birth, gender, birth certificate documents and contents, medical records and reimbursement documents and contents, etc.)]
[Other Information]	[Marital status, undisclosed criminal record information or certificate, information regarding trip or itinerary approved, organized or arranged by the Company (including relevant accommodation information), communication records, directory, contact list, web browsing records, location information generated by GPS system contained in working devices]

Omnicell collects and uses the above sensitive information or potential sensitive information to ensure that the Company can carry out necessary human resources management activities, such as handling salary and benefit affairs, handling social security, housing fund and commercial insurance affairs, handling tax filing and payment affairs, verifying employees' identity, assisting employees in handling visas, permits and other documents required for cross-border work and travel arrangement, handling sick leave, work-related injury problems and determining relevant benefits, dealing with marriage leave, maternity leave, personal leave and other leave issues and determining relevant benefits, evaluating whether employees have the qualifications necessary for relevant positions, managing business trips and reimbursement, ensuring that employees use the equipment provided by the Company reasonably, timely preventing, detecting, stopping and correcting violations or illegal acts, assisting the Company in attendance management and performance evaluation, protecting the Company's confidential information and business data, etc. If the employee refuses to provide the above information, the Company may not be able to carry out relevant human resources management activities, which may affect the employment, work and compensation and benefits of the employee.]

The Company will perform category-based management for personal information. For sensitive personal information, the Company will take strict protective measures to ensure its security.

For the name and contact information of the personal information processor, the processing purpose, processing method and storage period of personal information (including sensitive personal information), as well as the methods and procedures for employees to exercise their legal rights concerning personal information (including sensitive personal information), please refer to Article 6-11 and the two attachments of the Employee Personal Information Protection Policy.

Statement on Cross-Border Transfer of Personal Information and Provision of Personal Information to Third Parties

This attachment provides a specific description of situations where the Company needs to transfer personal information out of China and provide personal information to third parties in the course of daily operation and human resources management, so as to help employees understand the name and contact information of the receiving party, the purpose and method of the processing, the types of personal information involved, as well as the method and procedures for employees to exercise their legal rights.

Cross-Border Transfer of Personal Information

Name of Overseas Recipient

Contact Information

Processing Purpose

Processing Method

Type of Personal Information for Cross-Border Transfer

Transfer Destination

Method and Procedures for Employees to Exercise Legal Rights

Omnicell Limited

2 Omega Drive, Riverbend Technology Center, Irlam Manchester M44 5GR,

privacy@omnicell.com

[Omnicell has no human resources department in China, and the UK Entity within the Omnicell Group is responsible for managing human resources affairs in China. Accordingly, the UK Entity needs to collect relevant personal information of Chinese employees to achieve the purpose of human resources and business management described in Article 6 of the Employee Personal Information Protection Policy.]

[Collecting, recording, copying, systematizing, aggregating, storing, refining (updating, amending), extracting, using, transferring (distributing or providing or authorizing access to), publicly disclosing, de-identifying, anonymizing, blocking, deleting or destroying the personal information]

Type of Information transferred is described above.

2 Omega Drive, Riverbend Technology Center, Irlam Manchester M44 5GR

Please contact privacy@omnicell.com in order to exercise your legal rights regarding personal information

FOR COLORADO RESIDENTS

If you are a resident Consumer of the state of Colorado, you may have the following rights under the Colorado Privacy Act(CPA) with regard to non-exempt Personal Data:

Right to know whether a Controller is processing the Consumer’s Personal Data;
Right to access Personal Data processed by a Controller;
Right to correction;
Right to deletion;
Right to data portability; and
Right to opt-out of targeted advertising or profiling.

FOR INDIA RESIDENTS

If you are an Indian resident or national, by accessing or using our Site or our Services or by otherwise giving us your information, you confirm that you have the capacity to enter into a legally binding contract under Indian Laws, in particular, the Indian Contract Act, 1872, and have read, understood and agreed to the practices and policies outlined in this Notice and agree to be bound by the Notice. Under the Digital Personal Data Protection Act 2023, (DPDPA) Omnicell may process personal data based on consent from data principals which is required to be: free, specific informed, unconditional and unambiguous; provided through clear affirmative action and limited to the personal data that is necessary for the specified purpose.

If you are a User in India, you may address any feedback, comments or grievances about this Notice, or our data protection practices to the Privacy Officer mentioned below:

Attn: Privacy Officer

Address: 500 Cranberry Woods Drive

Cranberry Township, PA 16066

E-mail: privacy@omnicell.com

If you are a resident of India, you may have the following rights under the Digital Personal Data Protection Act (DPDPA) with regard to Personal Data:

Right to be informed
Right of Access
Right of Rectification
Right of Erasure
Right to Restrict Processing
Right to Data Portability
Right to object
Right to Restrict Automated Decision making

FOR ILLINOIS RESIDENTS

Customers of Omnicell, Inc. and/or its direct and indirect subsidiaries (collectively, “Omnicell”) who choose to use the fingerprint bioID features of Omnicell products are responsible for complying with the Illinois Biometric Information Privacy Act (“BIPA”). BIPA sets out certain rules related to the collection, use and storage of “biometric identifiers,” like fingerprints, and associated “biometric information,” as both terms are defined in BIPA. Customers should review BIPA requirements and ensure that their practices are in compliance with BIPA before electing to use the bioID features of Omnicell products.

Omnicell does not collect, capture, receive, purchase or otherwise obtain biometric identifiers or biometric information associated with customers’ products. In the event a customer chooses to take such actions in order to use the bioID features of Omnicell products, the customer must first obtain express written consent from the person from whom the biometric identifiers or biometric information is collected, in compliance with BIPA. This consent must apply to the customer as well as to Omnicell, in the event Omnicell ever comes into contact with such biometric identifiers or biometric information (biometric identifiers are not stored on Omnicell products). Customers should not share any biometric identifiers or biometric information with Omnicell unless express written consent to share such information with Omnicell, in compliance with BIPA, has been obtained from the person from whom the biometric identifiers or biometric information have or has been collected.

Customers must delete all biometric identifiers and biometric information used with Omnicell’s products within three (3) years of the individual’s last interaction with the customer, or after the initial purpose for collecting such information has been satisfied, whichever occurs first. In the event a customer returns products to Omnicell at any time, customers should delete all biometric identifiers and biometric information from the products before returning them to Omnicell. Omnicell will permanently delete all data left on the products, including biometric identifiers and biometric information, upon receipt of the products.

The customer, not Omnicell, possesses any biometric identifiers or biometric information associated with customers’ use of bioID features. To the extent Omnicell possesses any biometric identifiers or biometric information at all, Omnicell will permanently delete such data when the initial purpose for collecting or obtaining the data has been satisfied or within three (3) years of the individual's last interaction with Omnicell, whichever occurs first.

Omnicell does not sell or disclose biometric identifiers or biometric information to third parties. To the extent Omnicell possesses biometric identifiers or biometric information at all, that data is subject to the same or greater protection as other confidential and sensitive data.

FOR KINGDOM OF SAUDI ARABIA RESIDENTS

If you are a resident in the Kingdom of Saudi Arabia, you may have the following rights under the Personal Data Protection Law (PDPL), with regard to Personal Data:

Right to know whether a Controller is processing the Consumer’s Personal Data and in certain cases, right to revoke consent for such processing;
Right to access Personal Data processed by a Controller;
Right to correction;
Right to deletion;
Right to data portability;
Right to opt-out of the processing of Personal Data for targeted advertising and certain types of profiling;
Right to opt-out of sale of Personal Data;

In accordance with PDPL Omnicell have available records linked to the legal basis for processing personal data, as well as ensuring that personal data is processed fairly, lawfully, transparently, and securely.

FOR OREGON RESIDENTS

If you are a resident Consumer of the state of Oregon, you may have the following rights under the Oregon Consumer Privacy Act (OCPA) with regard to non-exempt Personal Data:

Right to know whether a Controller is processing the Consumer’s Personal Data and in certain cases, right to revoke consent for such processing;
Right to access Personal Data processed by a Controller;
Right to obtain list of third parties to which Personal Data was disclosed;
Right to correction;
Right to deletion;
Right to data portability;
Right to opt-out of the processing of Personal Data for targeted advertising and certain types of profiling;
Right to opt-out of sale of Personal Data;
Right to avoid discrimination for exercising a right under the OCPA.

FOR MONTANA RESIDENTS

Omnicell takes its responsibilities for the privacy and security of Consumers’ Personal Data seriously. Requests related to Personal Data may be made by clicking on the Individual Data Requests link.

If you are a resident consumer of the state of Montana, you may have the following rights under the Montana Consumer Data Privacy Act (MCDPA) with regard to non-exempt Personal Data:

Right to know whether a Controller is processing the Consumer’s Personal Data;
Right to access Personal Data processed by a Controller;
Right to correction;
Right to deletion;
Right to data portability; and,
Right to opt out of the processing of Personal Data for the purpose of targeted advertising, sale, or processing in furtherance of solely automated decisions that produce legal or similarly significant effects to a consumer.

Inquiries concerning MCDPA or our compliance with MCDPA may be directed to us by email at privacy@omnicell.com, or to our toll-free telephone number at (800) 671-0535.

FOR TEXAS RESIDENTS

If you are a resident Consumer of the state of Texas, you may have the following rights under the Texas Data Privacy and Security Act (TDPSA) with regard to non-exempt Personal Data:

Right to know whether a Controller is processing or selling the Consumer’s Personal Data;
Right to access Personal Data processed by a Controller;
Right to correction;
Right to deletion;
Right to data portability;
Right to opt-out of the processing of Personal Data for targeted advertising, sale or profiling;
Right to avoid discrimination for exercising a right under the TDPSA.

FOR UK AND EU RESIDENTS

If you are a resident of the UK or the EU, you may have the following rights under the UK Data Protection Act or GDPR with regard to Personal Data:

Right to be informed
Right of Access
Right of Rectification
Right of Erasure
Right to Restrict Processing
Right to Data Portability
Right to object
Right to Restrict Automated Decision making

FOR UTAH RESIDENTS

If you are a resident Consumer of the state of Utah, you may have the following rights under the Utah Consumer Privacy Act (UCPA) with regard to non-exempt Personal Data:

Right to know whether a Controller is processing the Consumer’s Personal Data;
Right to access Personal Data processed by a Controller;
Right to correction;
Right to deletion;
Right to data portability;
Right to opt-out of targeted advertising or profiling; and
Right to avoid discrimination for exercising a right under the UCPA.

FOR VIRGINIA RESIDENTS

If you are a resident Consumer of the Commonwealth of Virginia, you may have the following rights under the Virginia Consumer Data Protection Act (VCDPA) with regard to non-exempt Personal Data:

Right to know whether a Controller is processing the Consumer’s Personal Data;
Right to access Personal Data processed by a Controller;
Right to know if Personal Information is sold;
Right to correction;
Right to deletion;
Right to data portability; and
Right to opt-out of targeted advertising or profiling.

International Transfers of Information

If you are user of the Site and services residing outside of the United States, by visiting the Site and providing us with personal data, you acknowledge and agree that your personal data may be processed for the purposes identified in this Notice. In addition, we transfer the information we collect internally within our affiliates also externally with our vendors, service providers and partners so that we could operate our business and provide you with our products and services as stated in this policy. Your personal data may be processed in the country in which it was collected, but also in other countries outside of your country of Residence, including the United States, where laws regarding processing of personal data may be less stringent than or otherwise differ from the laws of the country in which you reside or are located when using our services.

If you are a User in India, by using our Site or the Services, you accept the terms hereof and hereby consent to us, sharing and/or processing your personal information and Sensitive Personal Data and Information (SPDI), with third parties and in any location, including outside India. We will make best efforts to ensure that the third party of the location to which Sensitive Personal Data and Information (SPDI), is transferred accords same level of data protection as would be afforded under applicable local legislation.

Privacy laws and regulations in certain countries, including the rights of governmental authorities to access your personal data, may differ from those in the country in which you reside or are located when using Omnicell’s services. Omnicell will only transfer personal data to governmental entities when authorized by the laws of the countries in which such transfers of personal data occur.

Appropriate safeguards

We rely on appropriate safeguards for international data transfers. For example we rely on an adequacy decision to transfer information to a third country or an international organisation where have been recognized by European Commission as the countries and territories outside of the European Economic Area that could ensure an adequate level of protection.

We rely on Standard Contractual Clauses (SCCs) approved by the European Commission (and the equivalent UK standard contractual clauses, UK addendum where appropriate) to transfer the information to our vendors, service providers, partners outside the European Economic Area.

The Privacy Shield Frameworks

In light of the judgment of the Court of Justice of the European Union (CJEU) in Case C-311/18, the Privacy Shield framework for the transfer of personal data from the EU to the United States has been invalidated. Transfers of personal data between the EU and the United States are now based on the Standard Contractual Clauses (SCCs) and data processing agreements. In addition to the SCCs, we also conduct Transfer Impact Assessment (TIAs) to access the transfer and to implement supplementary measures to ensure equivalent protection of your data when transferred.

However, Omnicell remains certified under the Privacy Shield Frameworks and is fully committed to its principles. The Federal Trade Commission has jurisdiction over Omnicell’s compliance with the Privacy Shield Frameworks. Omnicell’s U.S. affiliates, namely Omnicell, Inc., Omnicell International, Inc., Medpak Holdings, Inc., MTS Medication Technologies, Inc., MTS Packing Systems, Inc., and ateb, Inc. (collectively “Omnicell US”) comply with the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland, to the United States. Omnicell US has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Frameworks and to view our certification, please visit https://www.privacyshield.gov/.

E-Mail: omnicell@2b-advice.com

Omnicell has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information or to file a complaint. The services of JAMS are provided at no cost to you.

An individual who decides to invoke this arbitration option must take the following steps prior to initiating an arbitration claim: (1) raise the claimed violation directly with Omnicell and afford Omnicell an opportunity to resolve the issue within the timeframe set forth in Section III.11(d)(i) of the Principles: https://www.privacyshield.gov/article?id=11-Dispute-Resolution-and-Enforcement-d-e; (2) make use of the independent recourse mechanism under the Principles, which is at no cost to the individual; and (3) raise the issue through their Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the International Trade Administration of the Department of Commerce, at no cost to the individual. This arbitration option may not be invoked if the individual’s same claimed violation of the Principles (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which the individual was a party; or (3) was previously settled by the parties.

In addition, this option may not be invoked if an EU Data Protection Authority or the Commissioner (1) has authority under Sections III.5 or III.9 of the Principles; or (2) has the authority to resolve the claimed violation directly with the organization. A DPA’s/the Commissioner's authority to resolve the same claim against an EU or a Swiss data controller does not alone preclude invocation of this arbitration option against a different legal entity not bound by the DPA/Commissioner's authority.

In the context of an onward transfer, Omnicell, as a Privacy Shield Organization, has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Omnicell organization shall remain liable under the Privacy Shield Principles if its agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

Omnicell commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.

The main Global Data Protection Authorities with which we cooperate in our respective jurisdictions are the following:

China

Cyberspace Administration of China

Address: 11 Chegongzhuang Street

Xicheng

Beijing

China

France

CNIL (Commission Nationale de l'Informatique et des Libertés)

Address:

3 Place de Fontenoy TSA 80715

75334 PARIS CEDEX 07, France

Telephone: +33 (0)1.53.73.22.22

Fax: +33 (0)1.53.73.22.00

E-Mail: servicedpo@cnil.fr

Germany (Darmstadt)

The Hessian Commissioner for Data Protection and Freedom of Information

Address

Gustav-Stresemann-Ring 1, 65189 Wiesbaden

Telephone: 0611 – 1408 0

Fax: 0611 – 1408 611

E-mail: poststelle@datenschutz.hessen.de

Germany (Bochum)

State Commissioner for Data Protection and Freedom of Information

Address

North Rhine-Westphalia

Postfach 20 04 44

40102 Düsseldorf

Telephone: 0211 / 38424-0

Fax: 0211 / 38424-10

E-mail: poststelle@ldi.nrw.de

India

Data Protection Board of India

Address:

Electronics Niketan, 6,

CGO Complex,

Lodhi Road,

New Delhi 110003

Italy

Garante per la protezione dei dati personali

Address:

Piazza Venezia n. 11 - 00187 Roma

www.gpdp.it - www.garanteprivacy.it

Telephone: (+39) 06.69677.1

Fax: (+39) 06.69677.3785

E-mail: garante@gpdp.it

Kingdom of Saudi Arabia

The Saudi Data & Artificial Intelligence Authority ('SDAIA)

Digital City

Riyadh

12392

Kingdom of Saudi Arabia

Telephone: +966 11 813 1100

Netherlands

Autoriteit Persoonsgegevens

Address

PO Box 93374

2509 AJ DEN HAAG

https://www.rijksoverheid.nl/contact/contactgids/autoriteit-persoonsgegevens

Telephone: (+31) - (0)70 - 888 85 00

Fax: (+31) - (0)70 - 888 85 01

United Kingdom

Information Commissioner's Office

Address

Wycliffe House, Water Lane, Wilmslow

Cheshire SK9 5AF

https://ico.org.uk/

Telephone: 0303 123 1113

Fax: 01625 524510

UK and EU MEMBER STATE

If you are residing, or located, in the UK or EU Member State, you may also contact your local supervisory authority, the government agency charged with the enforcement of privacy laws, for information about your rights as a data subject. Under the law, you have the right to redress for violations of your privacy rights, as well as to seek compensation for violations of your privacy rights. Contact information for the respective supervisory authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en.

HIPAA and Health Privacy Laws

Omnicell’s handling of information subject to the Health Insurance Portability and Accountability Act (HIPAA) is governed by our HIPAA Statement which is available on the Omnicell US website.

Omnicell is committed to protecting the security of your personal data. We use security technologies and procedures that we believe to be reasonably adequate to protect your personal data from loss, unauthorized access, use, or disclosure, but cannot guarantee its absolute security.

Security of your Personal Data

RETENTION

We delete your personal data which we process based on your consent if you withdraw your consent, or when you request us to erase your personal data in accordance with this Notice. We will retain your personal data when we have a legitimate interest to do so. For example, we may retain your personal data to resolve disputes, enforce our Omnicell Website Terms and Conditions or other user agreements, or comply with legal requirements, including (tax) retention obligations; in that event, your personal data will be blocked from use for any other purpose. In any case, Omnicell will not retain your personal data longer than necessary for the purposes set out in this Notice.

YOUR DATA SUBJECT RIGHTS

Omnicell will at all times honor your right to Access, Correct, Erase, Restrict, Transfer, Object, and Withdraw Consent at any time with respect to your personal data. You may exercise these rights to which you are entitled by contacting us by clicking on the Individual Data Requests link at the top of this Notice.

Request access to your personal data in order to receive a copy of the personal data we hold about
Request correction of the personal data that we hold about you in order to correct any incomplete or inaccurate information. New information provided to us may require
Request erasure of your personal data where a legitimate interest for us to process such personal data does not exist. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be provided to you, if applicable, at the time of your request. For example, where we have a legal obligation to retain and store your personal data.
Request restriction of processing of your personal data.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party at your direction, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to personal data which you (a) initially provided consent for us to use, (b) where we utilized the personal data to perform a contract, or (c) we utilized the personal data to provide services to you.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and you object to processing on the basis that the processing impacts your fundamental rights and In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data, which override your rights and freedoms. You may, however, control the extent to which we market to you, and you have the right to request that we stop sending you marketing messages at any time.
Withdraw consent at any time where we are relying on consent to process your personal However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. In particular, you may opt out of receiving promotional emails from us by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as emails about our ongoing business relations. You may also send requests about your contact preferences and changes to your personal data including requests to opt-out of sharing your personal data with third parties by clicking on the Individual Data Requests link at the top of this Notice.

Artificial Intelligence

Omnicell does not access or use Customer Content including meeting, webinar, messaging, held data content, email content, or any content generated or shared as part of other collaborative features, unless authorized by the account owner in a data processing or data sharing agreement, where Customer Content was generated, or as required for legal, safety, or security reasons. Omnicell does not use any of your data or other communications-like Customer Content to train Omnicell’s or third-party artificial intelligence models.

As discussed below, and where technically feasible, Omnicell uses personal data to conduct the following activities:

Provide Omnicell Products and Services: To provide products and services to account owners, their licensed end users, and those they interact with, including to utilize Omnicell products and services and recommendations for accounts of their users. Omnicell also uses personal data to determine what products and services may be available in your location, and uses personal data, including contact information, to route invitations, messages, or notifications to recipients when users send or receive notifications related to Omnicells products and services. This may also include using personal data for customer support, which may include accessing audio, video, data files, meta data, notifications, messages or prompts, and other content or context, including information you provide to Omnicell, at the direction of the account owner or their users. We also use personal data to manage our relationships and contracts with account owners and others, including billing, compliance with contractual obligations, facilitating payment to third-party developers in relation to purchases made to Omnicell and related administration.

Intelligent Features: If enabled by the account owner, Omnicell provides intelligent features and products to its customers, their licensed end users. These tools may use artificial intelligence, machine learning, or other technology to process Customer Content solely to provide the intelligent features. The processing of Customer Content for these purposes is based on the consent provided by the account owner and end users.

Product Research and Development: If authorized by any applicable settings, to develop, test, and improve Omnicell products and services, and to troubleshoot products and services. Omnicell does not use any of your data to train Omnicell’s or its third-party artificial intelligence models.

Authentication, Integrity, Security, and Safety: To authenticate accounts and activity, detect, investigate, and prevent malicious conduct, fraudulent activity or unsafe experiences, address security threats, protect public safety, and secure Omnicell products and services. Omnicell uses advanced tools to automatically scan certain types of content such as incoming emails to Omnicell’s native email service from someone who is not a Omnicell product user, for the purpose detecting and preventing violations of our terms or policies and illegal or other harmful activity.

Communicate with You: We use personal data (including contact information, and information you provide through Omnicell’s website’s) to communicate with you about Omnicell’s products and services, including product updates, your account, and changes to our policies and terms. We also use your information to respond to you when you contact us.

Changes to this Notice

This Notice is subject to occasional revision. Any changes will be effective upon the earlier of thirty (30) calendar days following our dispatch of an email notice to you or thirty (30) calendar days following our posting of notice of the changes on our Site, and will be effective immediately.

If we make any material changes in the way we use your personal data, we will notify you by sending you an email to the last email address you provided to us and/or by posting notice of the changes on our Site. These changes will be effective immediately for new users of our Site. Please note that at all times you are responsible for updating your personal data to provide us with your most current email address. In the event that the last email address that you have provided to us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the email containing such notice will nonetheless constitute effective notice of the changes described in the notice. Continued use of our Site or service, following notice of such changes after such emails are sent shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

OMNICELL COOKIE POLICY

This Cookie Policy (“Cookie Policy”) explains how Omnicell, Inc. and its affiliates (collectively, “Omnicell”, “we”, or “us”) uses cookies on its website(s), related applications, or online services operated by Omnicell, (collectively, “Site(s)”) which all link to this Cookie Policy as of June 2023.

What is a Cookie?

To ensure our Site(s) work properly and to provide the most up to date and relevant information to the user of such Site(s) (“User” or “you”), Omnicell places cookies on your device. Cookies are small files or part of a file stored on an internet user’s computer, creating and subsequently read by a website server, and containing personal information (such as user identification code, customized preferences, or a record of pages visited). Cookies enhance a User’s experience when using the Site(s). In addition, cookies help Omnicell to understand how Users use our Site(s) so that we can make improvements to better serve you. This Cookie Policy provides you with information about cookies and how to control them for the Site(s).

What Cookies does Omnicell use on its Site(s)?

Essential Cookies

Essential cookies are necessary for the Site(s) functionality and cannot be disabled by Users. These cookies do not gather information about you that could be used for marketing purposes and do not remember where you have been on the internet.

Performance and Functionality

Performance and functionality cookies are used to enhance the performance and functionality of our Site(s), but are not essential to its use. However, without these cookies, certain functionality may become unavailable. Performance and functionality Cookies will only be activated upon providing your consent.

Analytics Cookies

Omnicell also uses analytic cookies in order to determine User interests. Providers, such as Turtl Inc. (“Turtl”) may use cookies to collect the following information:

Identity Data (first name, last name and title, username, and password);
Contact Data (billing address, email address and telephone number);
Technical Data (internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices if used to access Turtl’s website);
Profile Data (interests, preferences, feedback and survey responses);
Usage Data (information about how a User uses the Turtl website, products and services, if applicable); and
Aggregated Data statistical or demographic information).

Marketing Cookie

A marketing cookie collects personal information such as your name, pages visited on our Site(s), a User’s history arriving at our website, and the like. Collected information is used to evaluate the effectiveness of our marketing campaigns or to provide better targeting for marketing.

Third Party Website Cookies

Third party cookies do not originate from Omnicell’s Site(s). Rather, they are from a third party, such as an advertiser. These cookies collect information on a User’s behavior, demographics, or personalized marketing. When visiting our Site(s), a User may encounter embedded content or be directed to a website for activities. These websites and embedded content use their own cookies. Omnicell does not have control over the placement of cookies by third parties, even if a user is directed to these cookies as a result of visiting our Site(s). However, if you do not want cookies placed on your device by a third party, many third parties offer ways to opt-out of these cookies.

Deletion and Control of Cookies

If you consented to cookies placed on your device but then wish to disable such cookies, please note that many of the cookies used on Omnicell’s Site(s) can be enabled/disabled through a User’s browser. To disable cookies through a browser, follow instructions located within the “Edit”, “Tools” or “Help” menus in the browser. Disabling a cookie or category of cookies does not delete the cookie from a User’s browser unless manually completed through a User’s browser function.

Past Cookies

Collection of a User’s data from Omnicell’s analytics cookies can be deleted. If cookies are deleted, the information collected prior to the preference change may still be used. However, Omnicell will cease using the disabled cookie to collect any further information from your user experience.

Contact Us

Questions or requests may be directed to privacy@omnicell.com

If you become dissatisfied with our Privacy Policy, your sole and exclusive remedy is to discontinue your use of the WEBSITE or MOBILE APPLICATION. By continuing to use our services, you acknowledge and agree to this Privacy Policy. However, we do not waive your legal rights. You retain the right to raise any concerns or complaints regarding our privacy practices, and we are committed to addressing them in accordance with applicable laws.

We do not exclude or limit our liability to you where it would be unlawful to do so. This includes, but is not limited to, liability for death or personal injury caused by our negligence, the negligence of our employees, agents, or subcontractors, and for fraud or fraudulent misrepresentation.

Please note that some jurisdictions may not allow the disclaimer of implied warranties or the exclusion or limitation of certain types of damages, so these limitations may not apply to you. If any part of this limitation on liability is found to be invalid or unenforceable, the remaining provisions will continue to apply. In such cases, the maximum aggregate liability of Omnicell and its affiliates will not exceed one hundred dollars ($100), reflecting a fair allocation of risk.

If you have any questions, requests, or concerns regarding your privacy rights, please contact us so we can assist you in addressing them. We value your privacy and are here to help.

Privacy Notice

Privacy Notice Overview

The Kinds of Information We Collect

Information About You Collected Via Technology

How We Use The Information We Collect

Performance of the Services

Consent

Legitimate Interest (If applicable based on region)

Children

Contact Us

De-Identified Information

Legal Obligation

Information We Share

International Transfers of Information

HIPAA and Health Privacy Laws

Security of your Personal Data

Changes to this Notice

What is a Cookie?

What Cookies does Omnicell use on its Site(s)? Essential Cookies

Performance and Functionality

Analytics Cookies

Marketing Cookie

Third Party Website Cookies

Deletion and Control of Cookies

Past Cookies

Contact Us

What Cookies does Omnicell use on its Site(s)?

Essential Cookies