SANOFI’S DATA PRIVACY POLICY
Sanofi & your Privacy
Sanofi respects individual privacy and values the confidence of its customers, partners, patients, users and employees. Therefore, Sanofi takes your privacy seriously and all processing of personal data is done in accordance with applicable laws and regulation on data protection.
This Data Privacy Policy sets forth Sanofi’s practices regarding the collection, use and disclosure of information that you may provide through Sanofi’s websites. This Data Privacy Policy applies to the websites which are operated or controlled by Sanofi and its affiliated companies and describes how and why Sanofi collects information about you as a customer, partner, patient, user or employee.
Some Definitions
“Adverse event” shall mean any undesirable experience associated with the use of a medical product in a patient.
“Data controller” shall mean the person(s) who determine the purposes and means of processing personal data
“Medical information enquiry” shall mean any unsolicited enquiry arriving via phone, mail, websites and other sources from internal and external customers.
“Personal Data” shall mean information related to an identified or identifiable individual.
“Sensitive personal data” are personal data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, data concerning health or sex life and sexual orientation as well as genetic data or biometric data. Sensitive Personal Data are special categories of personal data that are subject to additional and protections with regard to EU data protection law.
Please read this entire Data Privacy Policy before using our websites or submitting information to Sanofi through our websites. As Sanofi’s Data Privacy Policy may be amended at any time, without prior notice, we also advise you to consult it regularly.
General Information
What personal data of yours is collected and processed
Your personal data
Sanofi may process the following personal data:
- Information we collect about you: Sanofi may collect automatically some technical information, including but not limited to the Internet Protocol (IP) address, your log-in information, browser information, plug-ins, time zone setting and operating system, with regard to each of your visit on Sanofi’s website. Sanofi may also collect information about your visit, including but not limited to the page you access before, during and after your visit to Sanofi’s website (including date and time), your activities on the website, page response time, length of visit to certain pages, and page interaction information with regard to each of your visit on Sanofi’s website.
- Information you give us: You may give Sanofi personal data by filling in form(s) available on the website or by simply corresponding with Sanofi by email, phone, fax, post or by any other means. This includes, for example, information you provide when you register to use any of the features of Sanofi’s websites to any of Sanofi’s services.
The personal data Sanofi may collect includes (but might not be limited to) your Name, and/or Address, and/or Email address, and/or Telephone number, and/or Place of employment.
- In certain cases, Sanofi may also receive information about you from other sources.
Legal basis
The legal basis for processing your non-sensitive personal data, such as technical data that Sanofi may collect during your visit to Sanofi’s website or your name, e-mail address etc., is the legitimate purposes that Sanofi pursues in order to optimize and improve your visit to Sanofi’s websites or to receive and process your inquiries by your submission of a form or when contacting Sanofi by email, phone or any other means.
If you submit sensitive personal data, such as your health data related to an adverse event, the legal basis for processing these personal data will be the legal obligation for Sanofi to collect, process and retain these data pursuant to the relevant and applicable local and European legislation. If you have submitted sensitive personal data, such as your health data when you use the any user forum or application made available by the Company, such personal data will be processed based on the consent that you gave before using the forum or application.
Please note, that you are free to withdraw your consent to the processing of your personal data at any time.
Special rules apply to information concerning adverse events. For more information, please see our Pharmacovigilance Section of this Privacy Policy.
For what purpose(s) and for how long is your personal data processed
Purposes for which your personal data is collected
Sanofi may process your personal data:
- for statistical purposes; and/or
- to be able to analyse the use of Sanofi’s websites; and/or
- to ensure and improve the functionality of Sanofi’s webpages; and/or
- to identify you so we can reply to your inquiries; and/or
- to meet all legal, medical, regulatory, pharmacovigilance and compliance requirements; and/or
- to send, information on seminars and presentations, greetings, newsletters, or other notifications relating to Sanofi and its activities; and/or
- to provide you with the requested services, documentation and products.
Retention period
Your personal data will be stored as long as it is necessary in order for Sanofi to fulfil the purposes for which your personal is collected as stated above, or for which it is further processed. Sanofi stores and processes your personal data for a period reasonably determined by business necessity and for all the obligations Sanofi may have to comply with, as it may be required by law.
Disclosure or transfer of personal data to third parties
International transfer of your personal data
As Sanofi is part of a global group of companies, Sanofi may share your personal data with other affiliates of the Sanofi Group. Such transfer to group companies will be done for the abovementioned purposes (cf. section “For what purposes and for how long is your personal data processed”) and based on the same legal ground as the processing as such.
Sanofi may also transfer your data to external service provider(s) (such as IT resources providers, research organizations, marketing agencies, IT solutions service providers, etc.) who assist Sanofi in the processing of your personal data (the "Recipients"). Some of these Recipients may be located in countries outside the EU/EEA, which do not ensure the same level of personal data protection as the country where you are located. In such case, Sanofi has implemented appropriate mechanisms to protect your personal data, including notably (but not limited to) data transfer agreements based on the European Commission standard contractual clauses, or Binding Corporate Rules.
For more information on the countries where the data are transferred or on the data transfers mechanisms implemented, you can contact dataprivacysweden@sanofi.com
Which security measures are in place?
Any such sharing will be in compliance with the applicable law.
Sanofi will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with our Data Privacy Policy and that your personal data collected by Sanofi has the same protection that Sanofi extends to its own confidential information.
However, please be aware that there is always some risk involved when submitting data over the Internet and that Sanofi cannot guarantee that its websites are 100% safe from illegal tampering or “hacking.”
Any data transmitted over the Internet may be at risk.
Your rights
As a user of Sanofi’s websites, you have the following basic rights under the applicable data protection laws and regulation:
Right to access: You may at any time inquire whether your personal data is being processed by Sanofi, and, if so, you may for example enquire what data is processed about you, the purpose of such processing and to whom such data may be disclosed. In addition, when a Sanofi’s website includes a feature relevant for the right of data portability, you have the right to receive your personal data provided to Sanofi in a structured, commonly used and machine-readable format to transmit such data to another data controller.
Right to rectification and deletion: If the personal data collected about you is incorrect or inaccurate, you may request Sanofi to rectify the incorrect or inaccurate personal data of yours.
Right to object and file a complaint: You may at any time object against the processing of your personal data with request to stop or limit Sanofi's processing of your personal data. Further, you are entitled to file a complaint about the processing of your personal data to the following data protection authority:
the Swedish Data Inspektion Board, Drottninggatan 29, 5tr, Box 8114, 104 20 Stockholm - datainspektionen@datainspektionen.se
Sanofi warrants that it will work in good faith, cooperate with the relevant Data Protection Authority and comply with its decision.
Right to be forgotten: You also have the right to obtain erasure of your personal data (“right to be forgotten”).
Please note that your right to such access or correcting may be limited by applicable law.
Other confidential information
Apart from the information (including personal data) that Sanofi requests from you, Sanofi’s Websites are not intended to receive other information from you, including confidential information. Consequently, and except for personal data mentioned above, any information not requested by Sanofi, whatever its form - document, data, graphic, question, suggestion, concept, comment or other - that you send to Sanofi through its websites, will be sent at your own risk and will not under any circumstances be deemed confidential, unless otherwise provided for in applicable laws.
Also, unless otherwise provided for in applicable laws, the act of sending such information to Sanofi gives Sanofi the right to use it, reproduce it, publish it, alter it or send it with a view to dealing with your request as well as delete it, when your request has been dealt with.
Contact details
The website you are visiting (the “Site”) belongs to and is operated by SANOFI AB, a company duly organized under the laws of Sweden, having its head office located at Lindhagensgatan 120, 10425 Stockholm, Sweden which determines the purposes and means of the processing of your personal data.
If you wish to exercise the rights laid out in this Privacy Policy, or have any questions to the processing of your personal data, you may contact Sanofi via email at:
Please note that when you contact Sanofi via email, you may be asked to answer several questions related to your personal data in order to allow Sanofi verify your identity.
PHARMACOVIGILANCE
Scope of this pharmacovigilance section
Sanofi, as a pharmaceutical company, is obliged to collect, register and follow-up on any information regarding adverse events on human medicinal products which are brought to its attention, and to report to concerned Competent Authorities according to current pharmacovigilance legislation (Directive 2010/84//EU and Regulation (EU) No 1235/2010).
In addition to adverse events, Sanofi is also obliged to collect information about lack of therapeutic efficacy of a product, overdose or misuse/off-label, if a product was used during pregnancy and / or lactation, medication error/unintended failure in the drug treatment, transmission of infectious agent, occupational exposure and unexpected positive effect of a product.
Information we may collect about you
When you contact Sanofi by filling out a form available on Sanofi’s websites or by corresponding with Sanofi by email, phone, fax, post or by any other means:
• you may provide Sanofi with personal data in connection with an adverse event that has affected you or someone else. In such a case, Sanofi may collect the following personal information:
- name/initials;
- age and date of birth;
- weight and height;
- gender;
- relevant medical history and/or details of the product causing the reaction;
- details of the adverse event reaction you suffered and other medicines and remedies you are taking or were taking when the adverse event occurred;
- relationship with the subject of an adverse event report, if you have reported this event for him/her.
• If you have provided information about your name, address, phone/fax number, email address as a reporter, these data will also be recorded as well as your occupation if relevant.
Purposes
Pharmacovigilance data and medical information are considered as sensitive personal data and are only processed where relevant and necessary for Sanofi to document your reaction properly and for the purpose of meeting all pharmacovigilance and legal requirements (e.g. provide mandatory reports to national competent authorities) and to answer your enquiry.
As part of meeting Sanofi’s pharmacovigilance obligations, Sanofi may use your information to contact you and/or further investigate the adverse event.
International transfers
The personal data provided by you will be captured in a protected and secured global safety database which by design guarantees from any compliance breach to non-authorized personnel.
The data is disclosed to the European Medicines Agency (EMA) and the corresponding competent authorities in other countries of the world. It could also be disclosed to Sanofi's partners for the above purposes. The disclosure of personal data is normally only in a pseudonymous form, but upon disclosure to partners, identifiable personal data such as name and address could also be submitted so the recipient can fulfill their legal obligations.
Retention period
All Pharmacovigilance data, and all documents relating to authorized human medicinal products, will be retained by Sanofi as long as the product is marketed, and for at least 10 years after the product has ceased to exist. After that, the data will be anonymized. The anonymized data is stored in the global safety database without time limit.
Medical device, nutraceuticals and cosmetics
If you report safety data regarding medical device, nutraceuticals or cosmetics the personal data will be handled as explained above.
For more information on the legal basis with regard to medical devices, nutraceuticals and cosmetics, you can contact dataprivacysweden@sanofi.com.
Your Rights
You may access and correct your personal data at any time by contacting us (see section below “contact details”).
However, for legal reasons, Sanofi cannot delete information that has been collected as part of an adverse event report. Sanofi may also require you to provide proper identification before Sanofi comply with any request to access or correct your data. Your right to such access and/or correction may be limited by applicable law.
Contact details
Comments, questions, complaints and requests for disclosure relating to Sanofi’s handling of personal information should be directed to:
