Privacy Notice [1]
February 1st, 2021
You are receiving this Privacy Notice because you are visiting a website or using a mobile application (”app”) from one of the companies of the Novartis group. As a result, this company is processing information about you which constitutes “personal information” and Novartis considers the protection of your personal information and privacy a very important matter.
Sandoz Canada Inc., having its registered office at 110 de Lauzon
Boucherville, Qc, J4B 1E6, Canada (“Sandoz Canada”) is responsible for the processing (e.g. handling) of your personal information. In this Privacy Notice, “we” or “us” refers to Sandoz Canada.
This Privacy Notice is divided into two parts. Part I contains practical information about the specific personal information we process when you visit our website Sandoz-Connect.com, why we process this data and how. Part II contains more general information about the standard technical or transactional personal information which we are processing about visitors of our websites and users of our apps, the legal basis for using your personal information, as well as your rights in respect to all personal information collected about you.
We invite you to carefully read this Privacy Notice, and for any further question in relation to the processing of your personal information, we invite you to contact the Privacy Officer at 385 Bouchard Boulevard, Dorval Province of Quebec, Canada H9S 1A9 or [email protected] [2]
Part I – Key information
Sandoz Canada is processing personal information about you when you are visiting our website. Sandoz-Connect.com is a professional’s corporate portal to provide approved documentation on products and disease awareness. This website also provides a link to direct professionals to the Engagements portions of the website in order to process payments for health care professional activities.
Specific personal information to be collected
For this purpose, we will collect the following specific personal information about you:
- professional identification information such as name, email, postal address, phone number
- title, position, name of company, as well as, specialty, year of graduation from medical school, publications, congress activities, awards, biography, education, links to universities, expertise and participation in/contribution to clinical trials, guidelines, editorial boards and organizations;
- information regarding your interests and preferences including in terms of types and channels of communication;
- information about the scientific and medical activities/interactions you have with us, including potential future interactions;
- information about the scientific and medical activities/interactions you have with us, including potential future interactions.
This information may either be directly provided by you (e.g. when filling a web form or interacting with a website or app), provided by third parties or obtained through trusted publicly available sources, having obtained your consent to provide us with such personal information where necessary under applicable law.
Specific purposes for which we require your personal information
The collected information will be used by us for the following specific purposes:
- manage our relationship with you;
- implement tasks in preparation of or to perform existing contracts;
- evidence transactions;
- provide you with information about disease, drugs as well as our products and services;
- improve the quality of our services by adapting our offering to your specific needs;
- answer your requests and provide you with efficient support;
- send you surveys (e.g. to help us improve your future interactions with us);
- send you communications regarding products or services that we promote;
- invite you to events or promotional meetings sponsored by us (e.g. medical events, speaker events, conferences);
- billing and invoicing;
and any other purposes imposed by law and authorities.
Please note that the collected data may also be used by us for a number of other standard purposes (e.g. to measure the usage of our website and app), as set out in Part II below
Specific third parties with whom we share your personal information
We will share your personal information with the following third parties:
- authorized external service providers assisting with the management of the website and/or delivery of the website services
Please note that we may also have to share your data with a number of other recipients (e.g. another entity of the Novartis Group if the entity collecting the data is not the same as the one using it) but always under strict conditions, as further explained in Part II.
Duration of storage
We will only store the above personal information and the personal information listed in Part II you share with us is stored on our database servers at Novartis data centres (in whatever country they may be located), or hosted by third parties who have entered into agreements with us that require them to observe this Privacy Policy. We have implemented technological measures to prevent individuals from accessing information without authorization. Data centres are designed to be physically secure and protected from unauthorized access by unauthorized persons. Information is stored for as long as is necessary to fulfil the purposes for which the information was collected and to comply with legal requirements.
Cookies and other similar technologies
We rely on the usual cookies and other technologies for the standard purposes set out in Part II below (e.g. to ensure the proper functioning of our website or app).
Dedicated point of contact
Should you have any question in relation to the processing of your personal information in the above context, please contact 385 Bouchard Boulevard, Dorval, Province of Quebec, Canada H9S 1A9 or [email protected] [2].
Part II – General information
The second part of this Privacy Notice sets out in more detail in which context we are processing your personal information and explains your rights and our obligations when doing so.
1 . On what basis do we use your personal information?
We will not process your personal information if we do not have a proper justification foreseen in the law for that purpose. Therefore, we will only process your personal information, if we have obtained your prior consent or, as permitted if the processing is necessary to comply with our legal or regulatory obligations.
2 . Who has access to your personal information and to whom are they transferred?
We will not sell, share, or otherwise transfer your personal information to third parties other than those indicated in this Privacy Notice.
In the course of our activities and for the same purposes as those listed in this Privacy Notice, your personal information can be accessed by or transferred to the specific third parties identified in
Part I of this Privacy Notice and the following categories of recipients, on a need to know basis to achieve such purposes:
- our personnel (including personnel, departments or other companies of the Novartis group);
- our other suppliers and services providers that provide products and services to us;
- our IT systems providers, cloud service providers, database providers and consultants;
- our business partners who offer products or services jointly with us;
- any third party to whom we assign or novate any of our rights or obligations;
- our advisors and external lawyers in the context of the sale or transfer of any part of our business or its assets
The above third parties are contractually obliged to protect the confidentiality and security of your personal information, in compliance with applicable law.
Your personal information can also be accessed by or transferred to any national and/or international regulatory, enforcement, public body or court, where we are required to do so by applicable law or regulation or at their request.
The personal information we collect from you may also be processed, accessed or stored in a country outside the country where Sandoz Canada is located, which may not offer the same level of protection of personal information.
If we transfer your personal information to external companies in other jurisdictions, we will make sure to protect your personal information by (i) applying the level of protection required under the local data protection/privacy laws applicable to Sandoz Canada, (ii) acting in accordance with our policies and standards. You may request additional information in relation to international transfers of personal information and obtain a copy of the adequate safeguard put in place by exercising your rights as set out in Section 6 below
For intra-group transfers of personal information, the Novartis Group has adopted Binding Corporate Rules, a system of principles, rules and tools, provided by European law, in an effort to ensure effective levels of data protection relating to transfers of personal information outside the EEA and Switzerland. Read more about the Novartis Binding Corporate Rules by clicking here https://www.novartis.com/privacy-policy/novartis-binding-corporate-rules... [3]
1. How do we protect your personal information?
We have implemented appropriate technical and organisational measures to provide an adequate level of security and confidentiality to your personal information.
These measures take into account:
(i) the state of the art of the technology
(ii) the costs of its implementation;
(iii) the nature of the data; and
(iv) the risk of the processing.
The purpose thereof is to protect it against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and against other unlawful forms of processing.
Moreover, when handling your personal information, we comply with the following obligations:
- we only collect and process personal information which is adequate, relevant and not excessive, as required to meet the above purposes;
- we ensure that your personal information remains up to date and accurate (for the latter, we may request you to confirm the personal information we hold about you and you are also invited to spontaneously inform us whenever there is a change in your personal circumstances so we can ensure your personal information is kept up-to-date); and
- we may process any sensitive data about yourself you voluntary provide in compliance with applicable data protection rules and strictly as required for the relevant purposes listed above, the data being accessed and processed solely by the relevant personnel, under the responsibility of one of our representatives who is subject to an obligation of professional secrecy or confidentiality.
3. How do we use cookies and other similar technologies on our websites and apps?
3.1 Cookies
Cookies are small text files which are sent to your computer when you visit our websites or use our apps. We use cookies for the purposes set out above and in accordance with this Privacy Notice.
We do not use cookies to track individual visitors or to identify you but to gain useful knowledge about how our website and apps are used so that we can keep improving them for our users. Personal information generated through cookies are collected in a pseudonymised form and subject to your right to object to such data processing, as set out below.
In particular, in addition to the cookies listed in Part I of this Privacy Notice, we may also use the following types of usual cookies:
- user interface customization cookies (i.e. cookies memorizing your preferences);
- authentication cookies (i.e. cookies allowing you to leave and return to our websites without having to re-authenticate yourself);
- video player cookies (i.e. cookies storing data needed to play back video or audio content and storing your preferences);
- first party analytics cookies (i.e. cookies memorizing the pages you visited and providing information about your interaction with those pages); and
- third party analytics cookies (i.e. cookies from third party suppliers tracking our website’s statistics and vice versa).
Please note that you can modify your browser so that it notifies you when cookies are sent to it. If you do not want to receive cookies, you can also refuse cookies altogether by activating the relevant settings on your browser. Finally, you can also delete cookies that have already been set.
For more information as to how to manage cookies on your device, please consult the Help function of your browser or visit www.aboutcookies.org [4], which contains comprehensive information on how to do so on a wide variety of browsers (link is external).
3.2 Other technologies
We may also use other technologies on our websites and apps to collect and process your personal information for the same purposes as set out above, including:
- Internet tags (such as action tags, single-pixel GIFs, clear GIFs, invisible GIFs and 1-by-1 GIFs, which are technologies allowing us to track users’ hits); and
- Adobe Flash technology (including Flash Local Shared Objects, unless you set your setting otherwise).
4. What are your rights and how can you exercise them?
You may exercise the following rights under the conditions and within the limits set forth in the law:
- the right to access your personal information as processed by us and, if you believe that any information relating to you is incorrect, obsolete or incomplete, to request its correction or updating;
- the right to withdraw your consent at any time, without affecting the lawfulness of the processing before such withdrawal;
Please note however that, in certain circumstances, your refusal to accept cookies or your browser settings may affect your browsing experience and prevent you from using certain features on our websites or apps.
If you have a question or want to exercise the above rights, you may send an email to [email protected] [2] or write to Privacy Officer, Novartis Pharmaceuticals Canada Inc., 385 Bouchard Boulevard, Dorval Province of Quebec, Canada, H9S 1A9.
5. What technical and transactional data may we collect about you?
5.1 Categories of technical and transactional data
In addition to any information collected about you under Part I of this Privacy Notice, we may collect various types of standard technical and transactional personal information about you during your use of our websites and apps which are necessary to ensure a proper functioning of our websites and apps, including:
- information regarding your browser and device (e.g. internet service provider’s domain, browser’s type and version, operating system and platform, screen resolution, device manufacturer and model);
- statistics in relation to your use of our website and our app (e.g. information regarding the pages visited, information researched, time spent on our website);
- usage data (i.e. date and time of access of our website and app, files downloaded);
- your device’s location when using our app (unless you disabled this function by changing your device’s settings); and
- more generally, any information you provide to us when using our website and app.
Please note that we will not knowingly collect, use or disclose personal information from a minor without obtaining prior consent from a parent or legal guardian.
5.2 Why are we collecting technical and transactional data?
We always process your personal information for a specific purpose and only process the personal information which is relevant to achieve that purpose. In addition to any purposes already communicated to you in Part I of this Privacy Notice, we also process your personal information collected during your use of one of our websites or apps for the following standard purposes:
- manage our users (e.g. registration, account management, answer questions and provide technical support);
- manage and improve our website and apps (e.g. diagnose server problems, optimize traffic, integrate and optimize web pages where appropriate);
- measure the usage of our website and apps (e.g. by drawing up statistics about the traffic, by gathering information regarding the users’ behaviour and the pages they visit);
- improve and personalize your experience and better tailor content to you (e.g. by remembering your selections and preferences, by using cookies);
- send you personalized location-based services and content;
- improve the quality of our products and services and expand our business activities;
- monitor and prevent fraud, infringement and other potential misuse of our website and app;
- reply to an official request from a public or judicial authority with the necessary authorisation;
- manage our IT resources, including infrastructure management and business continuity;
- preserve the company’s economic interests and ensure compliance and reporting (such as complying with our policies and local legal requirements, tax and deductions, managing alleged cases of misconduct fraud, conducting audits, defending litigation);
- archiving and record keeping; and
- any other purposes imposed by law and authorities.
6. How will you be informed of the changes to our Privacy Notice?
Any future changes or additions to the processing of your personal information as described in this Privacy Notice will be notified to you in advance through an individual notice using our usual communication channels (e.g. by email) as well as through our websites or apps (via banners, pop-ups or other notification mechanisms).