1. What Personal Data do we process and for which purposes?
Most of our services do not require any form of registration, allowing you to visit our site without telling us who you are. However, some services may require you to provide us with Personal Data, which may include your direct identifiers, such as name, birth date, email address or telephone number. We may collect and use Personal Data to provide you with products or services, to bill you for products and services you request, to market products and services which we think may be of interest to you, or to communicate with you for other purposes which are evident from the circumstances or about which we inform you when we collect Personal Data from you.
We will not process your Personal Data if we do not have a proper justification foreseen in the law for that purpose. Therefore, we will only process your Personal Data if:
we have obtained your prior consent;
the processing is necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request;
the processing is necessary to comply with our legal or regulatory obligations;
the processing is necessary to protect your vital interests or those of another person; or
the processing is necessary for our legitimate interests and does not unduly affect your interests or fundamental rights and freedoms.
1.1 Personal Data used for website usage analytics
We may collect and process information about your visit to this website, such as the pages you visit, the website you came from and some of the searches you perform. Such information is used by us to help improve the contents of the site and to compile aggregate statistics using our site for internal, market research purposes. In doing this, we may install "cookies" that collect the domain name of the user, your internet service provider, your operating system, and the date and time of access. A "cookie" is a small piece of information, which is sent to your browser and stored on your computer’s hard drive. Cookies do not damage your computer. You can set your browser to notify you when you receive a "cookie”, this will enable you to decide if you want to accept it or not. However, if you do not accept, you may not be able to use all functionalities of your browser software.
Occasionally, we may use internet tags (also known as action tags, single-pixel GIFs, clear GIFs, invisible GIFs and 1-by-1 GIFs) and cookies at this site and may deploy these tags/cookies through a third-party advertising partner or a web analytical service partner which may be located and store the respective information (including your IP-address) in a foreign country. These tags/cookies are placed on both online advertisements that bring users to this site and on different pages of this site. We use this technology to measure the visitors' responses to our sites and the effectiveness of our advertising campaigns (including how many times a page is opened and which information is consulted) as well as to evaluate your use of this website. The third-party partner or the web analytical service partner may be able to collect data about visitors to our and other sites because of these internet tags/cookies, may compose reports regarding the website’s activity for us and may provide further services which are related to the use of the website and the internet. They may provide such information to other parties if there is a legal requirement that they do so, or if they hire the other parties to process information on their behalf. If you would like more information about web tags and cookies associated with on-line advertising or to opt-out of third-party collection of this information, please visit the Network Advertising Initiative website http://www.networkadvertising.org.
We use Google Analytics to rationalise our portfolio of websites by (i) optimising traffic to and between corporate websites, and (ii) integrating and optimising web pages where appropriate. “Google Analytics” is a service offered by Google Inc. (“Google”) that generates detailed statistics about a website's traffic and traffic sources and measures conversions and sales. Google Analytics uses “cookies” stored on your computer to help analyse how users use our website. The information generated by the cookies about your use of our website, including your IP address, will be anonymised by use of the appropriate settings prior to be transmitted to Google servers in the United States. For more information on how IP anonymisation works, please see https://support.google.com/analytics/answer/2763052.
You may prevent or stop the installation and storage of cookies by you browser settings by downloading and installing the free Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout?hl=en. If you do not accept cookies, you may not be able to fully experience all functions of our website.
2. Who has access to your Personal Data and to whom are they transferred?
Also, Personal Data may be disclosed to a third party if we are required to do so because of an applicable law, court order or governmental regulation, or if such disclosure is otherwise necessary in support of any criminal or other legal investigation or proceeding here or abroad.
The Personal Data we collect from you may also be processed, accessed, or stored in countries outside the UK. Such countries may offer a different level of protection of Personal Data. If we transfer your Personal Data to external companies in other jurisdictions, we will make sure to protect your Personal Data by applying the level of protection required under applicable data privacy laws.
For intra-group transfers of Personal Data, Novartis has adopted Binding Corporate Rules, a system of principles, rules, and tools, provided by European law, that ensures effective levels of data protection relating to transfers of Personal Data outside the EEA and Switzerland. Read more about the Novartis Binding Corporate Rules at https://www.novartis.com/privacy-policy.
3. How do we protect your Personal Data?
To ensure the security and confidentiality of Personal Data that we collect online, we use data networks protected, inter alia, by industry standard firewall and password protection. In the course of handling your Personal Data, we take measures reasonably designed to protect that information from loss, misuse, unauthorised access, disclosure, alteration or destruction and against other unlawful forms of processing.
4. How long do we store Personal Data?
We will only retain your Personal Data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal or regulatory requirements.
5. What are your rights and how can you exercise them?
Whenever we process Personal Data, we take reasonable steps to ensure that your Personal Data is kept accurate and up-to date for the purposes for which it was collected. We will provide you with the ability to exercise the below rights under the conditions and within the limits set forth in the law.
If you wish to contact us regarding the use of your Personal Data or you want to object in whole or in part to the processing of your Personal Data, please email us at [email protected]. If you have provided consent, you may wish to withdraw consent. You may request to access your Personal Data as processed by us, to ask for correction, erasure or to request portability, where applicable, of your Personal Data, i.e. that the Personal Data you have provided to us be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable format, subject to your confidentiality obligations.
By contacting us, please note the name of the website related to your request, your relationship and/or interactions with us (as applicable), as well as the specifics of the information you would like us to provide.
We do not currently respond to web browser “do not track” signals or other mechanisms that provide a method to opt out of the collection of information across websites or other online services.
6. Binding Corporate Rules ("BCR")
Binding Corporate Rules, so called “BCR”, are the system of privacy principles, rules and tools based on European Law that govern data privacy at Novartis. BCR represent today’s best practice to meet the European Economic Area’s (“EEA”) data protection requirements for the transfer of Personal Data within a Group of companies.
To be legally effective, the BCR have to be approved by EEA Data Protection Supervisory Authorities. You may find more information on BCR on the official European site.
7. Contact us
If you wish to contact us regarding our use of your Personal Data or you wish to exercise your data privacy rights, you may send an email to [email protected]. If you contact us, please include the following information in your email, so that we may efficiently respond to your request and so that we may identify you and the subject of your request:
the name of the website your inquiry is referring to;
your relationship and/or interactions with us (as applicable); and
the specifics of the information you would like us to provide or you want us to take action upon.
If you are not satisfied with how we process your Personal Data, please address your request to our Data Protection Officer at [email protected], who will investigate your concern.
In any case, you also have the right to file a complaint with the competent data protection authorities, in addition to your rights above.