Moderna's Privacy Statement
Effective September 2023
This Privacy Statement describes how Moderna Inc. and its worldwide affiliates (“Moderna”, “we”, “our” or “us”) describes how Moderna collects, stores, uses (“processes) your personal data when you:
use our website www.modernatx.com or any other Moderna website that links to this statement;
use any of our other digital services, such as an app provided by Moderna, that link or use this statement; or
engage with us through our call centers.
“Personal Data” means information associated with or used to directly or indirectly identify or contact a specific person. Such data can include your name, contact details, relationship with Moderna, etc.
Certain Personal Data, such as information about health or medical status (pursuant to all applicable laws) are characterized as sensitive (collectively, “Sensitive Personal Data”) and may be subject to stricter regulation and consent requirements than other information.
Moderna recognizes the importance of taking steps to protect the privacy of information we collect, and we are committed to respecting your privacy.
Carefully read this Privacy Statement to learn more about how we collect, use, disclose and store personal data provided and the steps we take to help protect the often-sensitive personal data provided from unauthorized use or disclosure. When you submit information to or through our sites or services, you consent to the collection, processing and retention of your information as described in this Privacy Statement.
IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY STATEMENT, THEN PLEASE DO NOT USE ANY OF THESE SERVICES.
Summary of Key Points
This summary provides key points from our Privacy Statement, but you can find more information about any of these topics by using the Table of Contents below. Click here to go directly to the Table of Contents
1. How do we process your personal data?
We process your personal data to provide you with the service requested and to improve our service, communicate with you for security purposes and comply with legal obligations. We only process your personal data when we have legal grounds to do so. Please see How We Use Your Personal Data for more details.
2. Do we process sensitive personal data?
We may process sensitive personal data when necessary, with your consent or where required by legal obligations. Click here to learn more about Sensitive Personal Data.
3. Where will your data be processed by Moderna?
Moderna is a global company which maintains datacenters around the world, including Switzerland and the United States (ModernaTX’s global headquarters). Moderna may process personal data in databases that can be accessed by authorized Moderna personnel worldwide.
Transfers of personal data among Moderna and its worldwide affiliates follow applicable laws and our Intracompany Transfer Agreements.
Third-party transfers outside of the EU, the EEA, Switzerland or the UK are made in accordance with applicable privacy laws and pursuant to the following safeguard, Standard Contractual Clauses (SCCs) or Model Contracts.
For information on SCCs, please visit:
If in EU:
http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm
If in Switzerland:
If In UK:
4. When and with who do we share your data?
We only will share your data with services providers who support our operations and other parties and business partners in limited circumstances based on legal obligations and as identified in our Privacy Notices.
5. How do we keep your data protected?
We have technical and organizational safeguards in place to protect your personal data. However, no electronic processing can be guaranteed to be 100% secure, so we cannot promise that hackers, cybercriminals or other unauthorized third parties will not be able to defeat our security and steal or unauthorized access your personal data. Click here to learn more.
6. What are your rights and how can you exercise them?
Based on your location, applicable personal data protection laws provide you with certain rights regarding your personal data. You may exercise these rights by visiting our request web page.
Please note that this Privacy Statement does not apply to information collected through third-party websites or services that you may access through third-party sites.
Data Controller: The controller of Personal Data collected under this Privacy Statement is ModernaTX, Inc.
This statement is organized into the following sections – please select your desired topic for further information.
Principles
We will handle your Personal Data in accordance with applicable laws such as the General Data Protection Regulation (“GDPR”) in the European Union, the Act on the Protection of Personal data of Japan and the Personal data Act of South Korea. It is our goal to do the following:
Process Personal Data lawfully, fairly and in a transparent manner.
Collect Personal Data for a specified, explicit and legitimate purpose, and only use it for the purposes for which it was originally collected.
Limit collection of Personal Data to the extent necessary in relation to the purpose for which it is processed.
Make reasonable efforts to ensure that your Personal Data is accurate and, where necessary, kept up to date.
Store Personal Data for no longer than is necessary for the purpose for which the Personal Data is processed.
Process Personal Data in a manner that provides adequate security and confidentiality.
Our privacy practices are described in greater detail in the remainder of this Privacy Statement.
1. Information We Collect
Depending on your interactions with us, we may collect and process your Personal Data. For example, you may choose to submit your contact information to join our mailing list, engage with us via our Contact Us features, or apply for a job opening with Moderna via the careers section of our website. As a result, and depending on the type of Service, we may ask you to provide Personal Data, such as your:
General identification data: initials, name, job title, company name, country, date of birth, age, country, ethnicity (for cases where the Summary of Product Characteristics (SmPC) includes specific information relating to the ethnic origin)
Contact details: contact number, e-mail address, mailing address
Product use: data related to your use of our products, including feedback and use history
Professional details (for HCPs): job title, institute/organization name, additional information about your job role and any other job-related information
Technical data: IP address, device identifiers, operating system, browsing history, search history, time and duration of use, interaction with content
Information about your job role and any other job-related information, work experience, educational background
Before providing it to us, carefully consider whether to disclose your Sensitive Personal Data. If you do provide Sensitive Personal Data to us, you consent to its use and disclosure for the purposes and in the manner described in this Privacy Statement.
You may visit our website without voluntarily providing any information about yourself. You are not obligated to provide any Personal Data to us, but your ability to use our website or its features, apply for an employment position or report an adverse event may be limited. When calling our call centers, you can choose to remain anonymous unless the collection of personal data is required by law or you provide us with your personal data.
If you provide us with Personal Data about another person or allow us to collect it, you acknowledge that you have the authority to share that information and are allowing us to use the information as described in this Privacy Statement.
2. How Information is Collected and Used
a. Information that you voluntarily provide
We collect and use the Personal Data that you voluntarily provide to us by visiting our sites or using our services. You may use certain services without registering or identifying yourself but, if you do not register, you may not have access to all of the services or functionality of the site. If you choose to register, we may use the Personal Data you provide to confirm your registration and to respond to requests from you.
Upon your request, we may also use your Personal Data to send you special promotions or newsletters with information that may interest you.
If you are a healthcare professional or an institutional healthcare provider, you are responsible for obtaining any legally required authorization, consent or other permission from your patients prior to providing their Personal Data to Moderna. By submitting any Personal Data about a patient, you represent and warrant to Moderna that you have obtained all required permissions to do so.
b. Through your use of interactive services
If you choose to participate in our questionnaires and surveys and other interactive services, we will collect the information, including health-related information and other Sensitive Personal Data that you share to help us better understand how Moderna products are used in coping with the diseases for which they are marketed.
c. When you’re interested in enrolling in a clinical trial
If you submit health-related Personal Data to us to participate in a clinical trial, we may use your Personal Data to assess whether you qualify for enrollment in the trial, to contact you about potential participation in the trial, and to provide you with additional information about the trial.
Once enrolled for any questions relating to your participation in a clinical trial, contact the Principal Investigator on the study and/or refer to the trail related information provided to you, e.g., the Informed Consent Form.
d. When you correspond with Moderna about Moderna products.
If you contact Moderna or use the Services to ask questions or report problems regarding your experience in using one of our products, we may use the information you provide in submitting reports to the U.S. Food and Drug Administration, the European Medicines Agency or any other relevant supervisory authority and as otherwise required of us by law. We also may use the information to contact the prescribing physician to follow up regarding an event involving use of our product.
e. Through data collection tools
When permitted or you have provided consent, Moderna automatically will collect information about use of the Services through data collection tools, such as web beacons and cookies. A "web beacon" is a piece of code that enables us to monitor user activity and website traffic. A "cookie" is a randomly generated unique numeric code stored in the user’s web browser settings or computer’s hard drive. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires), as well as the randomly generated unique numeric code.
For more details, please see Moderna’s Cookie Statement.
We use the information collected through data collection tools to monitor usage patterns, store information about user preferences and to improve the Services. For example, your Personal Data may be used to create customized offers, information and services tailored to your interests and preferences. We may track your activities over time and across third-party websites, apps or other online services to display advertisements on third-party websites. If you do not want us to use your information in this way, please see “Your Privacy Choices” below.
We also may collect information about the location of the mobile device or tablet used to access the Services (“Location Data”). Location Data includes: (i) the location of the mobile device or tablet derived from GPS or WiFi use; (ii) the IP address of the mobile device or tablet or internet service used to access the Services; and (iii) other information made available by a user or others that indicates the current or prior location of the user, such as geotag information in photographs.
f. Social media connections
When accessing the Services through a Facebook or other Social Media account, Moderna may (depending on applicable user privacy settings) automatically have access to information provided to or through the Social Media platform. Moderna may collect and use this information for the purposes described in this Privacy Statement or at the time the information was collected.
g. Social media plugins
When you use services, Social Media operators can place a cookie on your computer to recognize individuals who have visited previously. If you are logged into a Social Media account while using the services, the social plugins allow that Social Media to receive information that you have accessed and used the Services. The social plugins also allow the Social Media operator to share information about your activities in or through the Services with other Social Media users. Moderna does not control any of the content from the Social Media plugins. For more information about Social Media plugins, please refer to any privacy and/or other legal notices of the respective Social Media platform.
h. Through third parties
Third parties that assist us with our business operations also collect and use information (including Personal Data and Usage Data) and may share the collected information with us. For example, our vendors collect and share information with us to improve user experience, we may view your LinkedIn profile, or any other publicly available profile.
When you access any interactive service, you will be asked to affirmatively choose ("opt in") to provide the requested information. You may always choose not to provide the requested information but then you may not be able to use the Service as intended.
3. Links to Other Websites/Services
As a convenience to our visitors, this website may contain links to other websites that we believe may offer useful information, but that does not mean that Moderna endorses it, or the quality or accuracy of information presented on it. If you decide to visit a third-party site, you are subject to its privacy practices and not this Privacy Statement.
4. How We Use Personal Data
We may use Personal Data for the following purposes.
a. Consent
We may seek, either directly or through our trusted third parties, your separate consent to process your Personal Data, for example, to:
provide you with information you requested and/or to respond to your inquiries submitted via the website, email and/or phone,
facilitate certain recruitment activities such as processing employment applications,
analyze and enhance our communications and strategies (including by identifying when emails sent to you have been received and read),
tailor the content we display on our website,
protect against, identify, investigate and respond to fraud, illegal activity (such as incidents of hacking or misuse of our website) and claims and other liabilities,
communicate with you for other purposes which are evident from the circumstances or about which we inform you when we collect Personal Data from you.
If we have sought your consent to process your Personal Data, you may subsequently withdraw it at any time by contacting us at the address listed in the “Your Privacy Rights” section below.
b. Legal obligation
We may be required by law or regulation to collect and process certain Personal Data about you. For example, we may be required to process certain Personal Data in relation to reporting of adverse events.
monitor the quality, safety and efficacy of our medicinal products, which includes detecting, assessing and preventing adverse events and reporting to the relevant health authorities to meet legal and regulatory obligations,
Adverse events refer to the unintended or undesirable events after using a medicinal product. They can be minor at times, or they can also involve serious health issues.
Moderna processes your Personal Data to comply with legal obligations under applicable pharmacovigilance laws and regulations worldwide and where necessary for our legitimate interests in ensuring appropriate pharmacovigilance standards.
Pharmacovigilance laws are issued for reasons of substantial public interest in public health, research as well as quality, safety, and efficacy of medicinal products.
c. Public interest
We may also process Personal Data to carry out scientific research in the public interest.
d. Our legitimate interests
We may process your Personal Data where it is necessary for our legitimate interest as a company, including to manage, promote and improve our business and manage our risk. For example, we may process your Personal Data to:
facilitate our recruitment activities (such as evaluating you as a job candidate for an employment activity, and monitoring our recruitment statistics),
tailor the content we display on our website,
protect against, identify, investigate and respond to fraud, illegal activity (such as incidents of hacking or misuse of our website) and claims and other liabilities,
help us comply with our legal or regulatory obligations or our contractual obligations to the U.S. government as a government contractor or other countries as applicable,
maintain the security, safety or property of the website, and
communicate with you for other purposes which are evident from the circumstances or about which we inform you when we collect Personal Data from you.
6. How Information is Retained and Secured
We retain information as long as it is necessary and relevant for our operations and in line with legal obligations. We retain Personal Data to comply with applicable law, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, and other actions permitted by law. When your Personal Data is no longer needed for Moderna’s business purposes, we dispose of it subject to applicable law.
In accordance with applicable laws, we employ reasonable security measures intended to help protect the security of all information submitted through the Services. The security of information transmitted through the internet cannot, however, be guaranteed. We are not responsible for any interception or interruption of any communications or for changes to or losses of data through the internet. Users of our sites and services are responsible for maintaining the security of any password, user ID or other form of authentication involved in obtaining access to password protected or secure areas. Any access to our sites or services through your user ID and password will be treated as authorized by you.
To help protect your Personal Data, we may suspend your use, without notice, if Moderna suspects or detects any breach of security. Unauthorized access to such areas is prohibited and may lead to criminal prosecution.
8. Your Privacy Rights
Moderna respects your rights related to the processing of your personal data. Depending on the applicable Data Protection Law you may have certain additional rights (see country-specific section below) and you will always have the below rights. You may exercise them by visiting our request web page.
a. Correct/update personal data
You may correct or update the Personal data you previously provided to Moderna.
b. Receive marketing communications
When you register for the services, you may request to receive emails containing information about Moderna you might find useful, including promotions, announcements of new services and products. If you decide, at any time, that you no longer wish to receive these emails you may unsubscribe from our email list by using the relevant “Unsubscribe” link within the respective electronic communications channel, or by contacting us at privacy@modernatx.com.
IMPORTANT NOTE: Moderna cannot comply with a consumer's request to amend or remove information that was provided to Moderna by a healthcare professional or a consumer regarding an adverse drug event due to legal obligations.
9. Our Children’s Policy
Our sites are not intended for use by children. If you are under the age of majority in your place of residence, you may visit our site only with the consent of or under the supervision of your parent or legal guardian.
If you believe Moderna may have any information from or about a child, please contact our Privacy Office at privacy@modernatx.com.
10. Changes to This Privacy Statement
We may change or update this Privacy Statement from time to time by publishing a new version on this website. When we do update this Statement, we will revise the “Last Updated” date at the top of this page. Your continued use of the services after the Effective Date constitutes your acceptance of the amended Privacy Statement. The amended Privacy Statement supersedes all previous versions.
11. Jurisdiction-Specific Privacy Information
California
Privacy Rights
If you are a California resident under age 18 and are a registered user of any of our services, then you may request that we remove any of your User Contributions you publicly posted on or in our services. To request removal of your User Contribution, please visit our request web page (You also may be able to log in to your account and delete your own User Contribution.) Moderna reserves the right to request that you provide information that will enable us to confirm that the User Contribution that you want removed was created and posted by you.
Moderna will make a good faith effort to delete or remove your User Contribution from public view as soon as reasonably practicable. Please note, however, that your request that we delete your User Contribution does not ensure complete or comprehensive removal of your User Contribution. Your User Contribution may remain on backup media, cached or otherwise retained by Moderna for administrative or legal purposes, or your User Contribution may remain publicly available if you or someone else has forwarded or re-posted your User Contribution on another website or service prior to its deletion. Moderna may also be required by law to not remove (or allow removal) of your User Contribution.
California Civil Code Section 1798.83 permits individual California residents to request certain information regarding Moderna’s disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please write or send an email to the address below.
California Consumer Privacy Act - Notice for California Residents
If you are a California resident, this Privacy Notice supplements the information above regarding the collection, use, and disclosure of your personal data.
The California Consumer Privacy Act of 2018 (CCPA) gives California consumers the right to know what personal data is collected about them, how it will be used and to whom it is disclosed. California consumers may have the right to request access to and deletion of their personal data, and the right to request that their personal data not be sold to the extent applicable under the CCPA.
The purpose of this notice is to describe our practices regarding the collection, use, disclosure, and sale of personal data and instructions for submitting CCPA data privacy requests. Some of the Personal Data that we collect, use, and disclose may be exempt from the CCPA because it is regulated by other federal and state laws that apply to us.
We collect personal data from you when you interact with us online (through our Site, our other websites, Apps and Services) or offline (such as through your health care providers, if you are a patient, with your authorization as applicable.) The personal data we may collect from you will depend on the nature of our interaction with you, but can include the following categories that we have collected in the preceding twelve (12) months:
Your Rights
California residents are provided specific rights subject to certain exceptions.
The Right to Know. You have the right to request that we disclose what personal data we collect, use, disclose, and sell. The process for exercising this right is describe below under How to Submit a Data Privacy Request.
The Right to Deletion. You have the right to request deletion of any personal data about you that we have collected from you. The process for exercising this right is describe below under How to Submit a Data Privacy Request
The Right to Opt-Out. You have the right to opt-out of the sale of your personal data.
The Right to Non-Discrimination. You have the right not to be discriminated against for exercising your rights.
How to Submit a Data Privacy Request
You may exercise your Right to Know and Right to Deletion by visiting our request web page or calling (844) 971-2551.
To process your request for access or deletion, we must be able to verify your identity to a reasonable degree of certainty. We will ask you to provide your contact information and additional identifiers based on your relationship with us.
You may designate an authorized agent to make a request to access, delete, or opt-out of the sale of your information on your behalf. When you use an authorized agent to submit a request for access or deletion, you must provide the authorized agent with written permission to do so, and, in certain circumstances, we may ask you to verify your own identity directly with us. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.
Right to Know:
Please note that we may not be required to provide you access to the specific pieces of information we have collected about you or delete information if we are unable to verify your identity.
Right to Delete:
We may not be required to delete information under certain circumstances. Specifically, the CCPA includes exemptions that provide that we do not have to delete data that, for example, is necessary to comply with legal obligations including those pertaining to the quality, safety or effectiveness of a product or activity regulated by the Food and Drug Administration (FDA), complete a transaction, detect security incidents, or for certain other internal purposes.
Sale or Disclosure of Personal data: The CCPA defines “sale” broadly to include sharing, transferring, disclosing or otherwise communicating personal data with a third party for monetary or other valuable consideration. We share personal data with service providers who work on our behalf and agree not to use or sell your personal data for other purposes or if you have intentionally directed us to share information with a third party. In addition, with your approval, we share certain internet tracking data, including cookies and the IP address used to access our websites.
Notice of Financial Incentive:
Moderna does not offer financial incentives in exchange for the collection or sale of personal data. However, we do provide discounts and incentives to individuals who use our products and services and enroll in incentive programs that we offer from time to time; enrolling in these programs requires you to provide certain of your personal data so that we may administer the programs and, in some cases, provide marketing and advertising to you. Under CCPA, this could be considered an offer of a “financial incentive” and so we provide this notice to you to describe our practice and to provide a good faith estimate of the value of your personal data that we may collect related to the programs.
In the normal course of our business, we do not assign monetary or other value to personal data, but in accordance with CCPA, we make a good faith estimate that the value of the personal data collected and used is equivalent to the value of the discount or financial incentive we provide in these programs. To make this good faith estimate, we may consider among other factors, the (i) categories of personal data collected, (ii) the discount or incentive offered, (iii) the sales or use of our products and services by those who enroll versus those who do not, and (iv) the cost and expenses we incur in offering the programs.
The incentive programs require you to opt-in to participate as set forth on the page where you can enroll or opt-in to the programs. You can opt-out either by contacting us at the information set forth below, or by following the terms and conditions provided when you are enrolling in the program. While we will not discriminate against you for exercising your rights under CCPA, if you request deletion of your personal data, we may not be able to delete such information if it is necessary to administer the incentive or discount you requested and still provide you such incentive or discount.
Personal data Collected from Employees, Contractors, Applicants, and Health Care Providers
Employees – If you are an Moderna employee and would like more information about the categories of personal data we collect from you and the purposes for which the personal data will be used, please contact us at
Contractors – If you are a contractor performing services for Moderna and would like information about the categories of personal data we collect from you as a contractor and the purpose for which the personal data will be used, please visit our request web page.
Job Applicants – If you are applying for a position with Moderna and would like information about the categories of personal data Moderna collects from you as a job applicant and the purposes for which the personal data, please view our Privacy Statement
Health Care Providers – If you are a health care provider with whom we have a contractual arrangement and would like information about the categories of personal data we collect from you and the purposes for which the personal data will be used, please visit our request web page.
Children’s Online Privacy Protection Act (COPPA)
Consistent (COPPA), if we learn that a child under age 13 has provided Personal Data to or through the site without first receiving his or her parent’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the services and subsequently we will dispose of such Personal Data in accordance with this Privacy Statement.
California residents who are unable to review or access this CCPA Notice due to a disability may contact us to request access this CCPA Notice in an alternative format. Please call 1-844- 971-2551 or email us at privacy@modernatx.com.
Nevada
Nevada Residents As Covered by Nevada Privacy Law
Moderna does not sell Covered Information as defined under Nevada law. If you would like to make a further inquiry regarding the selling of your Covered Information, as defined under Nevada law, visit our request web page.
EU/EEA, UK & Switzerland
Moderna’s processing of your personal data is based on any one of the following legal grounds: (A) legitimate business purposes, (B) where you have provided consent, (C) as necessary to comply with Moderna’s legal and regulatory obligations and (D) as necessary to perform a contract under which you have been engaged.
How can you access, correct or delete the personal data about you that we process? You have a right to request to access, correct/update or delete your personal data (including your health information). You may make such a request at any time, by visiting our request web page. We will provide you with access to the information we hold about you, correct/update, and or delete that information that was provided to us by a Healthcare Professional or a consumer regarding an adverse drug event.
It is not technologically possible to remove from our servers each and every record of your information. The need to back-up our systems to protect information from inadvertent loss means that a copy of information about you (including your health-related interests) may exist in a non-erasable form that will be difficult or impossible for us to locate.
Nevertheless, when permitted by law, Moderna will delete your personal data (including health information) stored in the databases Moderna actively uses for research and daily business activities or stored in other readily searchable media. In addition, we will use reasonable efforts not to disclose any personal data stored in a non-erasable format after receiving your request for removal, except as required by law.
How can you exercise the right to data portability? According to the right to data portability, you have the right to request that your personal data provided to Moderna be delivered to you in a structured, commonly used and machine-readable format, subject to certain conditions and can be requested by visiting our request web page.
Make a Privacy Complaint with the ICO (UK). If you feel Moderna’s processing your personal data violates any applicable law, rule or regulation, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at: https://ico.org.uk/make-a-complaint/.
Make a Privacy Complaint with the Federal Data Protection Commissioner of Switzerland. If you feel Moderna’s processing your personal data violates any applicable law, rule or regulation, you have the right to lodge a complaint with the Federal Data Protection Commissioner at: https://www.edoeb.admin.ch/edoeb/en/home.html.
How We Manage Disclosure of Transfers of Value
Moderna collects data about the transfers of value that you have received from us so that we can comply with our obligations under the IPHA Code, specifically that companies must document and publicly disclose annually certain transfers of value made directly or indirectly to health professionals and other relevant decision makers located in Europe.
Moderna recognizes the legitimate public interest in better understanding the financial relationships that healthcare professionals have with the pharmaceutical industry for the purposes of transparency and trust in the pharmaceutical industry.
The law requires us to inform you of the legal basis for collecting and processing your personal data where Moderna is the data controller. Where Moderna processes data relating to transfers of value made to you, Moderna relies on the legal basis of legitimate interests to process that data. Moderna’s compliance with the IPHA Code and these further objectives cannot be met without processing personal data about you and the transfers of value that you have received from us. We have carried out a Legitimate Interests Assessment and consider that this processing is necessary, proportionate and without unjustified harm to you.
If you do not agree to the disclosure of data relating to transfers of value made to you by Moderna, you can raise an objection via privacy@modernatx.com.
Japan
In accordance with the Act on Protection of Personal Information of Japan (APPI) and other applicable laws and regulations, Moderna will disclose the personal data that Moderna holds about you according to the applicable procedures. In addition, if you inform Moderna that your personal data is inaccurate, Moderna will review and correct, add or delete the data as required in accordance with applicable laws, regulations and procedures.
Requests may be filed by visiting our request web page; please note that this may require a fee.