You are receiving this Privacy Notice because you are visiting a website from one of the companies of the Novartis group. As a result, this company is processing information about you, which constitutes “personal data”, and Novartis considers the protection of your personal data and privacy a very important matter.
Novartis Pharma Logistics Inc., residing in Business Park, 1er Piso Avenida La Rotonda Costa del Este, Panamá, is responsible for the processing of your personal data as it decides why and how it is processed, thereby acting as the “controller”. In this Privacy Notice, “we” or “us” refers to Novartis.
This Privacy Notice is divided into two parts. Part I contains practical information about the specific personal data we process when you visit our corporate website, why we process this data and how. Part II contains more general information about the standard technical or transactional personal data which we are processing about visitors of our websites and users of our apps, the legal basis for using your personal data, as well as your rights in respect to all personal data collected about you.
We invite you to carefully read this Privacy Notice, and for any further question in relation to the processing of your personal data, contact us in the following e-mail address: [email protected]
Part I – Key information
Novartis treats your personal data when you visit our corporate website in which, you can visit the following sections: "History of Our Company", "Our Work", "About Us", "General Public - Pharmacovigilance", "Press Room "," Work with Us "," Contact Us.
Collected Personal Data:
The corporate website of Novartis is informative and does not collect personal data in addition to "cookies", while only providing the contact details of the relevant areas, such as Pharmacovigilance, Corporate Responsibility, Attention to Media, among others.
Part II – General information
The second part of this Privacy Notice sets out in more detail in which context we are processing your personal data and explains your rights and our obligations when doing so.
1. Who has access to your personal data and to whom you are transferring them?
We will not sell, share, or otherwise transfer your personal data to third parties other than those indicated in this Privacy Notice.
In the course of our activities and for the same purposes as those listed in this Privacy Notice, your personal data can be accessed by or transferred to the specific third parties identified in Part I of this Privacy Notice and the following categories of recipients, on a need to know basis to achieve such purposes:
- Our personnel (including personnel, departments or other companies of the Novartis group);
- Our other suppliers and services providers that provide products and services to us;
- Our IT systems providers, cloud service providers, database providers and consultants;
- Our business partners who offer products or services jointly with us;
- Any third party to whom we assign or novate any of our rights or obligations;
- Our advisors and external lawyers in the context of the sale or transfer of any part of our business or its assets.
The above third parties are contractually obliged to protect the confidentiality and security of your personal data, in compliance with applicable law.
Your personal data can also be accessed by or transferred to any national and/or international regulatory, enforcement, public body or court, where we are required to do so by applicable law or regulation or at their request.
If we transfer your personal data to external companies in other jurisdictions, we will make sure to protect your personal data by (i) applying the level of protection required under the local data protection/privacy laws applicable to Novartis, (ii) acting in accordance with our policies and standards and, (iii) for Novartis located in the European Economic Area (i.e. the EU Member States plus Iceland, Liechtenstein and Norway, the "EEA"), unless otherwise specified, only transferring your personal data on the basis of standard contractual clauses approved by the European Commission. You may request additional information in relation to international transfers of personal data and obtain a copy of the adequate safeguard put in place by exercising your rights as set out in Section 6 below.
For intra-group transfers of personal data the Novartis Group has adopted Binding Corporate Rules, a system of principles, rules and tools, provided by European law, in an effort to ensure effective levels of data protection relating to transfers of personal data outside the EEA and Switzerland. If you are interested in finding more about the Novartis Binding Corporate Rules please contact our Data Privacy Office for CAC.
2. How do we protect your personal data?
We have implemented appropriate technical and organizational measures to provide an adequate level of security and confidentiality to your personal data.
These measures take into account:
The state of the art of the technology
The costs of its implementation;
The nature of the data; and
The risk of the processing.
The purpose thereof is to protect it against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and against other unlawful forms of processing.
Moreover, when handling your personal data, we comply with the following obligations:
- We only collect and process personal data which is adequate, relevant and not excessive, as required to meet the above purposes;
- We ensure that your personal data remains up to date and accurate (for the later, we may request you to confirm the personal data we hold about you and you are also invited to spontaneously inform us whenever there is a change in your personal circumstances so we can ensure your personal data is kept up-to-date); and
- We may process any sensitive data about yourself if you voluntary provide in compliance with applicable data protection rules and strictly as required for the relevant purposes listed above, the data being accessed and processed solely by the relevant personnel, under the responsibility of one of our representatives who is subject to an obligation of professional secrecy or confidentiality.
3. How long do we store your personal data?
We will only retain your personal data as long as necessary to fulfil the purpose for which it was collected or to comply with legal or regulatory requirements.
Unless otherwise indicated in Part I of this Privacy Notice, the retention period is 24 months after your last use of/access to the relevant website or app. When this period expires, your personal data is removed from our active systems.
In particular, in addition to the cookies listed in Part I of this Privacy Notice, we may also use the following types of usual cookies:
- User interface customization cookies (i.e. cookies memorizing your preferences);
- Authentication cookies (i.e. cookies allowing you to leave and return to our websites without having to re-authenticate yourself);
- Video player cookies (i.e. cookies storing data needed to play back video or audio content and storing your preferences);
- First party analytics cookies (i.e. cookies memorizing the pages you visited and providing information about your interaction with those pages); and
- Third party analytics cookies (i.e. cookies from third party suppliers tracking our website’s statistics and vice versa).
For more information as to how to manage cookies on your device, please consult the Help function of your browser or visit www.aboutcookies.org, which contains comprehensive information on how to do so on a wide variety of browsers (link is external).
4.2 Other technologies
We may also use other technologies on our websites and apps to collect and process your personal data for the same purposes as set out above, including:
- Internet tags (such as action tags, single-pixel GIFs, clear GIFs, invisible GIFs and 1-by-1 GIFs, which are technologies allowing us to track users’ hits); and
- Adobe Flash technology (including Flash Local Shared Objects, unless you set your setting otherwise).
5. What are your rights and how can you exercise them?
You may exercise the following rights under the conditions and within the limits set forth in the law:
Access. Upon acceptance of your request, personal data was granted without cost (except for shipping and reproduction costs) either through physical copies, electronic documents and any other means as appropriate. You must access your information after proving your identity to Novartis;
Rectification. If your personal data is inaccurate or incomplete, you will have the right to request its rectification;
The right to withdraw your consent at any time, without affecting the lawfulness of the processing before such withdrawal. Novartis will notify once the cancelation process has end. Novartis is not deemed to cancel your personal data when; (a) refers to the parts of a contract and are necessary for its performance and compliance; (b) must be retained by Novartis in accordance with the Law; (c) the elimination of said personal data is related to judicial or administrative procedures related to tax obligations, the investigation and the prosecution of crimes or administrative sanctions; (d) are necessary for the protection of a legally protected interest of the owner; (e) are necessary to protect the public interest; and (f) are necessary to comply with a legal obligation.
Opposition. At any time and with a legitimate cause, you can oppose the processing of your personal data when it is for purposes other than those indicated here. If the opposition is valid, Novartis will stop processing your personal data.
If your request is appropriate, Novartis will use or disclose your personal data subject to the limits you indicated in writing.
Cookies: Please note that, in certain circumstances, your refusal to accept cookies or the configuration of your browser may affect your browsing experience and prevent the use of certain functions on our websites.
If you have any question or want to exercise the above rights, you may send an email to [email protected] with a scan of your official identity card, understanding that we will only use this information to verify your identity. When sending us such a scan, please make sure to redact your picture and national registry number or equivalent on the scan.
In any case, you also have the right to file a complaint with the competent data protection authorities, in addition to your rights above.
6. What technical and transactional data may we collect about you?
6.1 Categories of technical and transactional data
In addition to the information collected about you described in Part I, we collect various types of technical and transactional personal data about you during your stay within our websites and apps which are necessary to ensure a proper functioning of our websites and apps, including:
- Information regarding your browser and device (e.g. internet service provider’s domain, browser’s type and version, operating system and platform, screen resolution, device manufacturer and model);
- Statistics in relation to your use of our website and our app (e.g. information regarding the pages visited, information researched, time spent on our website);
- Usage data (i.e. date and time of access of our website and app, files downloaded);
- Your device’s location when using our app (unless you disabled this function by changing your device’s settings); and
- Any additional information that you provide us voluntarily while using our website and app.
Please note that we will not knowingly collect, use or disclose personal data from a minor under the age of 18 without obtaining prior consent from a parent or legal guardian.
6.2 Why are we collecting technical and transactional data?
We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. In addition to any purposes already communicated to you in Part I of this Privacy Notice, we also process your personal data collected during your use of one of our websites or apps for the following standard purposes:
- Manage our users (e.g. registration, account management, answer questions and provide technical support);
- Manage and improve our website and apps (e.g. diagnose server problems, optimize traffic, integrate and optimize web pages where appropriate);
- Measure the usage of our website and apps (e.g. by drawing up statistics about the traffic, by gathering information regarding the users’ behaviour and the pages they visit);
- Improve and personalize your experience and better tailor content to you (e.g. by remembering your selections and preferences, by using cookies);
- Send you personalized location-based services and content;
- Improve the quality of our products and services and expand our business activities;
- Monitor and prevent fraud, infringement and other potential misuse of our website and app;
- Reply to an official request from a public or judicial authority with the necessary authorization;
- Manage our IT resources, including infrastructure management and business continuity;
- Preserve the company’s economic interests and ensure compliance and reporting (such as complying with our policies and local legal requirements, tax and deductions, managing alleged cases of misconduct fraud, conducting audits, defending litigation);
- Archiving and record keeping; and
- Any other purposes imposed by law and authorities.
7. How will you be informed of the changes to our Privacy Notice?
Any future changes or additions to the processing of your personal data as described in this Privacy Notice will be notified to you in advance through an individual notice using our usual communication channels (e.g. by email) as well as through our websites or apps (via banners, pop-ups or other notification mechanisms).