September 1, 2024
This Privacy Notice is addressed to our stakeholders, including:
- Institutional decision-makers;
- Civil servants;
- Politicians and political decision-makers;
- Journalists and representatives of medias;
- Patient associations representatives;
- Industry affiliations representatives;
- Influencers.
(hereinafter, collectively, “external stakeholders”)
You are receiving this Privacy Notice because Novartis Pharmaceuticals Canada Inc. (“Novartis”) is processing information about you which constitutes personal information and Novartis considers the protection of your personal information and privacy a very important matter.
Novartis is responsible for the processing of your personal information as it decides why and how it is processed. It may exercise this responsibility alone or jointly with other companies in the Novartis group. In this Privacy Notice, “we” or “us” refers to Novartis Pharmaceuticals Canada Inc.
We invite you to carefully read this Privacy Notice, which sets out in which context we are processing your personal information and explains your rights and our obligations when doing so.
Definitions
“Applicable Privacy Laws” means any legislation, regulation, recommendation or opinion applicable to privacy and the protection of Personal , including, where applicable, the Act Respecting the Protection of Personal Information in the Private Sector (Québec), Personal Information Protection and Electronic Documents Act (Canada) as well as any other applicable legislation, regulation, recommendation or opinion replacing, adding to or amending, extending, reconstituting or consolidating the Applicable Privacy Laws.
“personal information” means any information which relates to a person and allows that person to be identified either directly or indirectly.
What information do we have about you?
We collect various types of personal information about you, including:
- your general and identification information (e.g. name, first name, last name, gender, email and/or postal address, fixed and/or mobile phone number);
- your function and professional activities (e.g. title, position, name of company/organization, publications, congress activities, media and social media activities, awards, biography, education, links to universities, expertise and contributions, and organizations);
- your electronic identification data where required for our interactions (e.g. login, access right, passwords, badge number, IP address, online identifiers/cookies, logs, access and connection times, image recording or sound such as badge pictures, CCTV or voice recordings);
- information regarding your responses and/or preferences including in terms of types of messages discussed, channels of communication and frequency;
- data you provide to us for example when you fill in forms or during events you attend, or when you answer questions during a conversation or in a survey;
- data collected in connection with our products and services; and
- information about the activities/interactions you have with us, including potential future interactions.
This information is provided by you directly, by our partners (which may be the entities for which you work) or by third parties (for example, consulting companies, public authorities), or obtained through reliable public sources (such as governmental internet websites, social media, university or congress websites). Therefore, by continuing to interact with us, you hereby consent to the collection of personal information from third persons.
If you intend to provide us with personal information about other individuals (e.g. your colleagues), you must provide a copy of this Privacy Notice to the relevant individuals, directly or through their employer.
We do not intend to collect personal information of individuals under the legal age of majority to consent in your jurisdiction, and we request that these individuals not provide personal information as a stakeholder. If your child has submitted personal information and you would like to request that such personal information be deleted, please contact us as explained below under How can you contact us?
How do we obtain your consent?
We collect, use and disclose your personal information with your consent or as permitted or required by law. How we obtain your consent (that is, in what manner) will depend on the circumstances, as well as the sensitivity of the information collected.
Your consent may be express or implied, depending on the circumstances and the sensitivity of the personal information in question. If you choose to provide personal information to us, we assume that you consent to the collection, use and disclosure of your personal information as outlined in this Privacy Notice.
Typically, we will seek your consent at the time your personal information is collected. Where we want to use your personal information for a purpose not previously identified to you in this Privacy Notice, we will seek your consent prior to our use of such information for this new purpose.
If you provide personal information about another individual to us, you are responsible for obtaining their consent to enable us to collect, use and disclose their information in accordance with this Privacy Notice.
You may withdraw your consent to our collection, use or disclosure of your personal information at any time by contacting us using the contact information in the “What are your rights and how can you exercise them?” section below. However, before we implement the withdrawal of consent, we may require proof of your identity. In some cases, withdrawal of your consent may mean that we will no longer be able to continue the business relationship.
For which purposes do we use your personal information and why is this justified?
Purposes of the processing
We always process your personal information for a specific purpose and only process the personal information which is relevant to achieve that purpose. In particular, we process your personal information for the following purposes:
- manage our relationship with you (e.g. through our databases);
- provide you with appropriate, adequate and updated information about disease, drugs as well as our products and services;
- improve the quality of our interactions, answer your requests and provide you with efficient support;
- send you general communications and information, send you communications regarding products, therapeutic areas or services that we promote as well as surveys (e.g. to help us improve your future interactions with us);
- manage, plan and execute communications and interactions with you, mapping your connections with other stakeholders who are relevant to us;
- invite you to events or promotional meetings sponsored by us (e.g. medical events, speaker events, conferences);
- implement tasks in preparation of or to perform existing contracts;
- manage our IT resources, including infrastructure management and business continuity;
- preserve the company’s economic interests and ensure compliance and reporting (such as complying with our policies and local legal requirements, tax and deductions, managing alleged cases of misconduct or fraud; conducting audits and defending litigation);
- manage mergers and acquisitions involving our company;
- archiving and record keeping
- identify key-stakeholders, to develop a better understanding of their activities, and to initiate further contacts with them;
- develop a proximity and trustful professional relationship with external stakeholders;
- promote Novartis innovations in the pharmaceutical field and to understand the markets;
- manage Novartis human and financial resources and optimize the interactions with our stakeholders;
- ensure that the right medicine reaches the patient according to a well-informed technical and professional opinion of our external stakeholders;
- prevent fraud or criminal activity, to ensure security of our IT systems, architecture and networks;
- sell any part of our business or its assets or to enable the acquisition of all or part of our business or assets by a third party; and
any other purposes imposed by law and authorities.
Who has access to your personal information and to whom are they transferred?
We will not sell, share, or otherwise transfer your personal information to third parties other than those indicated in this Privacy Notice.
In the course of our activities and for the same purposes as those listed in this Privacy Notice, your personal information can be accessed by, or transferred to the following categories of recipients, on a need to know basis to achieve such purposes:
- our personnel (including personnel, departments or other companies of the Novartis group);
- our independent agents or brokers (if any);
- our suppliers and services providers that provide services and products to us;
- our IT systems providers, cloud service providers, database providers and consultants;
- our business partners who offer products or services jointly with us or with our subsidiaries or affiliates;
- any third party to whom we assign or novate any of our rights or obligations; and
- our advisors and external lawyers in the context of the sale or transfer of any part of our business or its assets.
The above third parties are contractually obliged to protect the confidentiality and security of your personal information, in compliance with applicable law. We also require that they only use your personal information for the limited purposes for which it is provided. When our service providers no longer need your personal information for those limited purposes, we require that they dispose of the personal information. In some circumstances, we may permit our service providers to retain aggregated, anonymized or statistical information that does not identify you. We do not authorize the service providers to disclose your personal information to unauthorized parties or to use your personal information for their direct marketing purposes.
Your personal information can also be accessed by or transferred to any national and/or international regulatory, enforcement, public body or court, where we are required to do so by applicable law or regulation or at their request.
In addition, we may transfer your personal information and other information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, brands, affiliates, subsidiaries or other assets.
If we otherwise intend to disclose your personal information to a third party, we will identify that third party and the purpose for the disclosure, and obtain your consent.
Where is your personal information located?
The personal information we collect from you may also be processed, accessed or stored in a country outside the country or the province where you are located. While such information is outside of your country, it is subject to the laws of the country or the province in which it is located, which may not offer the same level of protection of personal information, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country or province.
If we transfer your personal information to external companies in other jurisdictions, we will make sure to protect your personal information by (i) applying the level of protection required under the Applicable Privacy Laws, (ii) acting in accordance with our policies and standards and, (iii) unless otherwise specified
You may request additional information in relation to international transfers of personal information and obtain a copy of the adequate safeguard put in place by exercising your rights as set out below.
How do we protect your personal information?
We have implemented appropriate technical and organizational measures to provide an adequate level of security and confidentiality to your personal information. These measures take into account:
- the sensitivity and nature of the personal information;
- the state of the art of the technology;
- the costs of its implementation;
- the purposes for which the personal information is to be used;
- the quantity and distribution of the personal information;
- the medium on which the personal information is stored; and
- the risk of the processing.
These measures protect against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and against other unlawful forms of processing.
Unfortunately, no data transmission or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you have with us has been compromised), please immediately notify us in accordance with the How can you contact us? section below.
Moreover, when handling your personal information, we:
- only collect and process personal information which is adequate, relevant and not excessive, as required to meet the above purposes; and
- ensure that your personal information remains up to date and accurate.
For the latter, we may request you to confirm the personal information we hold about you. You are also invited to spontaneously inform us whenever there is a change in your personal circumstances so we can ensure your personal information is kept up-to-date.
How long do we store your personal information?
We will only retain your personal information for as long as necessary to fulfil the purpose for which it was collected or as permitted required under applicable laws, notably to comply with legal or regulatory requirements.
For contracts, the retention period is the term of your (or your company’s) contract with us, plus the period of time until the legal claims under this contract become time-barred, unless overriding legal or regulatory schedules require a longer or shorter retention period. When this period expires, your personal information is removed from our active systems.
Personal information collected and processed in the context of a dispute is deleted or archived (i) as soon as an amicable settlement has been reached, (ii) once a decision in last resort has been rendered or (iii) when the claim becomes time barred.
What are your rights and how can you exercise them?
You may exercise the following rights under the conditions and within the limits set forth in the Applicable Privacy Laws:
- the right to access your personal information as processed by us and, if you believe that any information relating to you is incorrect, obsolete or incomplete, to request its correction or updating;
- the right to request the erasure or the de-indexation of, of your personal information or the restriction thereof to specific categories of processing;
- the right to request its portability, i.e. that the personal information you have provided to us be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable format without hindrance from us and subject to your confidentiality obligations.
If you have a question or want to exercise the above rights, please click here.
If you are not satisfied with how we process your personal information, please address your request to our privacy officer at [email protected], who will investigate your concern.
In any case, you also have the right to file a complaint with the competent data protection authorities, in addition to your rights above.
How can you contact us?
If you want to contact our Data Protection Officer, please email us at: [email protected] or write to Data Privacy Office, Novartis Pharmaceutical Canada, 700 St-Hubert, Montreal, Quebec, H2Y 0C1.
How will you be informed of the changes to our Privacy Notice?
This Privacy Notice was last updated on September 1, 2024.
We may change this Privacy Notice. Any future changes or additions to the processing of your personal information as described in this Privacy Notice will be notified through our usual communication channels (e.g. by email or via our internet websites) and will become effective immediately.