PRIVACY POLICY
OUR COMMITMENT
SANOFI fully understands the importance of privacy and the protection of personal data in the digital era and is committed to ensure an adequate level of data protection for all persons with whom Sanofi has dealings. This includes, but not limited to, the patients and their relatives or close ones, participants in clinical trials, healthcare professionals, users of our products and services, including websites and apps users, representatives of our contractors and business partners, representatives of the scientific community etc.
What processing activities does this Policy cover?
This Policy is intended to apply to all processing activities SANOFI conducts towards the persons it deals with in its professional business activities, including the processing of personal data (i.e. any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual) (“Personal Data”) which may be carried out by SANOFI in relation to this website http://vaccines.sanofi.ph, including affiliated or related pages, social media sites, and various other platforms (collectively, the “Site”), or otherwise.
Specific privacy and data protection information notices (“Privacy Notice”) and/or consent forms will, if necessary, be communicated to you regarding specific situations where SANOFI may process your Personal Data. These Privacy Notices shall describe in more detail how your Personal Data will be processed in relation with the processing in question. SANOFI will provide individuals the necessary consent forms in an appropriate format and manner, informing the individuals of the details related to the processing of personal information by SANOFI, whenever personal data is collected (i.e., whether manual form or the applicable webpage where personal data may either be solicited or unsolicited, as the case may be).
SANOFI’s role
For the purposes of this Policy, SANOFI means Sanofi Pasteur, Inc. and/or all its affiliates.
THE PURPOSES: SANOFI WILL ALWAYS COLLECT YOUR PERSONAL DATA FOR EXPLICIT AND LEGITIMATE PURPOSES
SANOFI collects your Personal Data which you voluntarily provide to SANOFI, or otherwise, and only for the following purposes:
- to facilitate and/or process your concerns and/or requests, as needed.
- to carry out our business operations, including marketing activities; to keep track of our interactions and meetings, such as when you contact us for information and support.
- to comply with legal or regulatory obligations that apply to SANOFI; monitor safety; manage adverse events; carry out prevention and investigatory activities; carry out administrative formalities, registration, declarations or audits.
- to provide patient support, healthcare support services, patient engagement and prescription information; manage claims, including insurance claims.
- to conduct research and development; carry out clinical studies, registries and trials; manage and validate the recruitment and participation of individuals to studies, trials and other operations; analyze demographic data; offer special programs, activities, trials, events or promotions via our services; carry out market or consumer studies.
- to provide you access to online services, application and platforms; manage your online accounts.
- to allow us to identify or authenticate you; provide or verify your credentials including via passwords, password hints, security information and questions, and through other forms of identification.
- to improve and develop our products and services; identify usage trends and develop new products and services; understand how you and your device interacts with our services; track and respond to safety concerns; determine the effectiveness of our promotional campaigns, conduct surveys.
- to personalize your experience when using our services; ensure that our services are presented in the way that best suits you; understand your professional and personal interests in our content, products and services or other content and adapt our content to your needs and preferences; present you products and offers tailored to you.
- to allow us to communicate with you; respond to your requests or inquiries; provide support for products and services; provide you with important information, administrative information, required notices, and promotional materials; send you news and information about our products, our services, our brands, our operations; organize and manage professional events and congresses, including your participation to such events.
- to process payments we may need to issue in a specific situation; verify your financial data with your consent; facilitate further payments.
- to offer donations and sponsorships.
- to respond to legal requests from administrative or judicial authorities, in accordance with applicable laws; comply with a subpoena, required registration, or legal process.
- to protect our rights and interests; protect the health, safety, and security of SANOFI personnel and premises; carry out internal audits, asset management, system and other business controls; manage business administration (finance and accounting, fraud monitoring and prevention); maintain the security of our services and operations; protect our rights, privacy, safety or property, to allow us to pursue available remedies or limit the damages that we may incur as necessary; to protect ourselves against possible fraudulent actions.
ON WHAT GROUND? SANOFI WILL ALWAYS PROCESS YOUR PERSONAL DATA LAWFULLY
Depending on the data processing at stake, SANOFI will generally process your Personal Data on either one of the following legal basis:
- your prior consent: where you have clearly expressed your approval of SANOFI’s processing of your Personal Data. In practice, this will generally mean that SANOFI will ask you to sign a document, or to fill-in an online “opt-in” form or to follow any relevant procedure to allow you to be fully informed and then either clearly accept or refuse the data processing envisaged.
- a contractual relationship between you and SANOFI: in such case, the processing of your Personal Data is generally necessary to the execution or the performance of the contract; this means that if you do not wish SANOFI to process your Personal Data in that context, SANOFI may or will be obliged to refuse to enter into such contract with you or will not be able to provide the products or services covered in this contract.
- legal obligations applicable to SANOFI’s activities; for instance, SANOFI is required to implement pharmacovigilance procedures to monitor adverse effects of marketed products, which generally involves the collection and retention of Personal Data.
- the “legitimate interest” of SANOFI in the sense of applicable data protection law. In such a case, SANOFI shall consider your fundamental rights and interests in determining whether the processing is legitimate and lawful.
SANOFI may, on a case-by-case basis, rely on other legal grounds, such as the protection of your vital interests, in accordance with applicable data protection law, as set forth in the applicable Privacy Notice.
WHERE DOES THE PERSONAL DATA COME FROM? SANOFI WILL ALWAYS COLLECT PERSONAL DATA FROM TRUSTED SOURCES
SANOFI may collect your Personal Data from different sources:
- Data that you communicate to us through various media, through registrations, applications, surveys or direct and indirect interactions with SANOFI. For example, data you provide to register to scientific events sponsored by SANOFI, to submit an online application, to send us a request for information, etc.
- Data that we collect automatically, for instance when following your interactions with this Site, as well as our other websites, platforms, applications and services through certain technologies, such as cookies.
- Data that we collect in accordance with applicable law from public sources available, including data that is published by you in all supports.
- Data that we obtain legally from third parties, for example, when we may need to confirm contact or financial information or to verify licensure of healthcare professionals. In such case, we generally receive such Personal Data from third-parties that are authorized to do so in the framework of their own privacy and data protection policies or in accordance with the law. As applicable, we will inform you in the Privacy Notice of the identity of those third-parties and will invite you to refer to their privacy and data protection policies to inquire on the origin of such Personal Data and the condition of their collection.
WHO HAS ACCESS TO PERSONAL DATA: SANOFI WILL SHARE YOUR PERSONAL DATA ONLY WITH AUTHORIZED PARTIES
For the purposes described above, SANOFI may need to share your Personal Data with the following authorized third-parties:
- Sanofi and its affiliates
- our partners (healthcare professionals and organizations, distributors, other members of the healthcare and pharmaceutical industry)
- selected suppliers, service providers or vendors acting upon our instructions for website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing, etc.
- legal or administrative authorities, as required by applicable laws including laws outside your country of residence
- potential acquirers and other stakeholders in the event of a merger, legal restructuring operation such as, acquisition, joint venture, assignment, spin-off or divestitures.
- sponsors of sweepstakes, contests and similar promotions
SANOFI may need to share your Personal Data with other third-parties, in which case you will be duly informed through the applicable Privacy Notice.
In any case, SANOFI will require that such third-parties:
undertake to comply with data protection laws and the principles of this Policy; will only process the Personal Data for the purposes described in this Policy; and implement appropriate technical and organizational security measures designed to protect the integrity and confidentiality of your Personal Data.
WHERE PERSONAL DATA MAY BE TRANSFERRED: SANOFI WILL ENSURE THAT TRANSFERS OF YOUR PERSONAL DATA ARE SAFEGUARDED
SANOFI is a multinational organization with affiliates, partners and subcontractors located in many countries around the world. For that reason, SANOFI may need to transfer (via access, visualization, storage, etc.) your Personal Data in other jurisdictions.
Safeguards for international transfers of Personal Data: In cases where SANOFI needs to transfer Personal Data, it shall ensure that adequate safeguards, as required under applicable data protection legislation, will be implemented.
In this respect and in particular, for intra-group transfers of Personal Data implemented for clinical studies and pharmacovigilance purposes, SANOFI has implemented and shall apply its “Binding Corporate Rules” validated by the EU Data Protection Authorities.
HOW SECURE: SANOFI WILL IMPLEMENT SECURITY MEASURES TO PROTECT YOUR PERSONAL DATA
We have implemented a variety of technological and organizational procedures and measures to ensure the integrity and confidentiality of your Personal Data from unauthorized access, use and disclosure. These measures shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
For instance, we store your Personal Data on servers that have various types of technical and physical access controls, which may include, for instance, if appropriate, encryption. We may also aggregate, pseudonymize or anonymize Personal Data to ensure that no personally identifiable information is communicated to third parties.
HOW LONG: WE WILL RETAIN YOUR PERSONAL DATA FOR NO LONGER THAN NECESSARY
SANOFI will retain your Personal Data only for the period necessary to fulfill the purposes outlined in this Policy, which in any case shall not be longer than ten (10) years.
As an exception, SANOFI may be required to retain your Personal Data for longer periods as required or permitted by law, or as necessary to protect its rights and interests. In such a case, you will be informed of the intended retention period in the applicable Privacy Notice.
YOUR RIGHTS: SANOFI WILL ENSURE THAT YOU CAN EXERCISE YOUR RIGHTS PERTAINING TO YOUR PERSONAL DATA
You can exercise your rights as provided by data protection laws. To that end, SANOFI informs you that you are entitled:
- to have access upon simple request to your Personal Data – in which case you may receive a copy of such data (if requested), unless such data is made directly available to you, for instance within your personal account);
- to obtain a rectification of your Personal Data should your Personal Data be inaccurate, incomplete or obsolete;
- to obtain the deletion of your Personal Data in the situations set forth by applicable data protection law (‘right to be forgotten’) – said deletion shall not affect data which had already been or will be anonymized or aggregated to ensure that no personally identifiable information will remain;
- to withdraw your consent to the data processing without affecting the lawfulness of processing, where your Personal Data has been collected and processed on the basis of your consent;
- to object to the processing of your Personal Data, where your Personal Data has been collected and processed on the basis of legitimate interests of SANOFI, in which case you will need to justify your request by explaining to us your particular situation;
- to request a limitation of the data processing in the situations set forth by applicable law;
- to receive your Personal Data for transmission from SANOFI to a third-party or to have your Personal Data directly transferred by SANOFI to the third-party of your choice, where technically feasible (data portability right allowed only where the processing is based on your consent).
If you would like to exercise any of these rights, please contact us as described in the “How to Contact Us” section below and we will take necessary steps to respond as soon as possible.
You may also file a complaint before a competent data protection authority regarding the processing of your Personal Data. While we suggest that you contact us beforehand, if you wish to exercise this right, you should contact directly the competent data protection authority.
HOW TO CONTACT US
SANOFI welcomes any questions or comments you may have regarding this Policy or its implementation. Any such questions or comments, including any request pertaining to SANOFI’s use of your Personal Data should be submitted to the following email address: privacy.ph@sanofi.com.