Effective January 3, 2020
Last update: August 2023
Do take note that if you access any third-party link or website from our Services, you may need to refer to the privacy policies of such third parties. Sandoz does not endorse and is not responsible for the information or privacy practices of websites or services owned by third parties.
1. Pledge on Privacy
The next sections explain how and when we collect personal data from you.
2. Intended Use of Personal Data: Processing and Purposes of Processing
Most of our services do not require any form of registration, allowing you to visit our site without telling us who you are. However, some services may require registration.
2.1. Information that you provide to us voluntarily
2.1.1 Registration of user accounts
In order to use some Services (or individual parts of them) it may be necessary to create a user account by registering beforehand. This is the case, for example, when you visit websites, whose content is only accessible to licensed medical specialists or accredited press representatives. When registering, you must provide your name, email address, encrypted passwords, telephone number and, if applicable, your license to practice medicine or accreditation.
We process and save the Personal Information provided during registration exclusively to enable you to access the content specifically relevant to you. The legal basis for processing your Personal Information may be fulfilment of obligations under an agreement with you or consent from you.
2.1.2 Contact requests, customer support or feedback
For inquiries via our contact form, you must provide your name, postal address, e-mail address, telephone number, the reason for contacting you and your message. You may provide your social media profile information including name, email address, contact details, comments, and reactions when you interact with us on social media platforms or using your social media login credentials to authenticate on our website.
We process and save the Personal Information provided in the contact request only to process and answer your request regarding our products and services and to get in touch with you.
The legal basis for processing your Personal Information is the fulfillment of our contractual obligations to communicate any relevant concerns about which you have contacted us.
When subscribing to our newsletter service, you will need to provide your name, email address and/or postal address.
Insofar as you have given us your consent to data processing when registering for the newsletter service, we process and save the Personal Information provided when subscribing for the newsletter only to provide the newsletter service and you in accordance with the newsletter service you have subscribed to inform about Sandoz events, products, services and / or promotions.
If you have consented to this when subscribing for the newsletter, we can also analyze your user behavior when opening the relevant newsletter and process the data collected for the personalization of future newsletters and other promotional communication.
The legal basis for the processing of your Personal Information is your consent.
2.1.4 Orders and services
When ordering products and services via the website (such as information materials, brochures, etc.), you will need to provide your name, email address and postal address and, if applicable, your payment details.
We process and save the Personal Information provided when placing an order in order to provide you with the products and services you have ordered and for our business purposes including improving our products and services and tailoring your experiences when interacting with the Services. The legal basis for processing your Personal Information is fulfilment of contractual obligations and our legitimate interests.
2.1.5 Tracking and monitoring adverse events
Sandoz is legally obliged to inform itself about undesirable side effects and interactions, the lack of drug effectiveness, quality complaints and / or other aspects related to the safety or quality of Sandoz products. If you provide us with information about Sandoz products (e.g. via our website), we will evaluate and review your information (which may include information about your state of health, side effects and, if applicable, your name). For this purpose, we may also contact you if you have any questions.
Sandoz is also legally obliged to report significant side effects to the responsible health authorities, whereby we only pass on your information in pseudonymous form so that no information that directly identifies you is passed on. We can also share this information with other Sandoz Group companies, provided they are obliged to report to the health authorities responsible for them.
The legal basis for the processing of your Personal Information is the fulfillment of our legal obligations or the safeguarding of our legitimate interests; which consist in particular of ensuring high safety and quality standards for Sandoz products; or your consent.
2.2 Information that is collected automatically
2.2.1 Website usage analytics
Certain of our Services, including websites, may use the web analysis service “Google Analytics” from Google LLC, of 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) to optimize them. Google uses this information obtained by the cookie to save a profile of which pages you have visited within a session. The information generated by the cookie about the use of the Services is transmitted to Google servers and stored there. In order to increase the security of your Personal Information, we use the "anonymize IP" function or other features provided by Google to keep you anonymous. For more information on how IP anonymization works, click https://support.google.com/analytics/answer/2763052
Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity for us and to provide us with other services relating to website activity and internet usage. Sandoz uses the data received from Google Analytics for business planning, for its own business activities and for marketing measures in order to better understand how the content of our web services and the associated experience can be improved.
The legal basis for the processing of your Personal Information when we do website analytics is your consent or our legitimate business interests.
2.2.2 Other tracking technologies
We may use other technologies including the tags that may collect some of your information like IP address to support website analytics offered by the providers, including but not limited to, mentioned below:
The legal basis for the processing of your Personal Information is your consent or our legitimate business interests.
2.2.3 Website preferences and security
We may collect certain information about you like your IP address, unique device identifiers like Media Access Control (MAC) address, computer type (Windows or Mac), browser type and version, screen resolution, operating system name and version. We may also derive your location information from your IP address. We use this information to secure our websites and network systems and to improve our services by recording your preferences, maintaining service levels, diagnosing and troubleshooting technical issues.
The legal basis for the processing of your Personal Information is our legitimate business interests.
We may combine, aggregate, or anonymize Personal Information with data we may collect from or about you from other sources, such as public databases, providers of demographic information, joint marketing partners, public social media platforms (data made public by you), and other third parties.
We may use your data for our business purposes, including audits, monitoring and prevention of fraud, infringement, and other potential misuse of our products and services, and for modifying our services.
Also, we may use your Personal Information:
- if we are required to do so because of an applicable law, requests from public and government authorities (including court order, subpoena, or governmental regulation), even outside your country of residence;
- if we need to enforce our terms and conditions;
- when we believe in good faith that the use of Personal Information is necessary to protect legal rights, the security or integrity of this website;
- to protect your safety or the safety of others;
- as part of any criminal or other legal investigation or proceeding in your country or in other countries; or,
- to the extent necessary for development of or to proceed with the negotiation or completion of a corporate or commercial transaction.
We do not usually collect Sensitive Personal Information for purposes other than monitoring and management of adverse events where we have a regulatory obligation. You are requested to not disclose your Sensitive Personal Information to us unless we specifically ask for it (e.g., national identification card numbers, information related to racial or ethnic origin, political opinions, religion or philosophical beliefs, health, sex life or sexual orientation, criminal background, or trade union membership, or biometric or genetic data for the purpose of uniquely identifying an individual).
3. Disclosure of Information and transfer of personal data
- our personnel (including personnel, departments, or other companies of the Sandoz group);
- our independent agents or brokers (if any);
- our other suppliers and services providers that provide services and products to us;
- our IT systems providers, cloud service providers, database providers and consultants;
- any third party to whom we assign or novate any of our rights or obligations; and
- our advisors and external lawyers in the context of the sale or transfer of any part of our business or its assets.
Also, we may disclose your Personal Information to a third party if we are required to do so because of an applicable law, requests from public and government authorities (including court order, subpoena, or governmental regulation), even outside your country of residence; if we need to enforce our terms and conditions; when we believe in good faith that the disclosure is necessary to protect legal rights, the security or integrity of this website; to protect your safety or the safety of others; as part of any criminal or other legal investigation or proceeding in your country or in other countries; or to third parties, advisors, and other entities to the extent reasonably necessary for development of or to proceed with the negotiation or completion of a corporate or commercial transaction.
Your Personal Information may also be processed, accessed, or stored in countries outside Switzerland. Such countries may offer a different level of protection of Personal Information. If we transfer your Personal Information to external companies in other jurisdictions, we will make sure to protect your Personal Information by applying the level of protection required under applicable data privacy laws by implementing adequate technical and organizational measures. In the event that your Personal Information is transferred to a service provider based in a third country (countries outside the European Union that do not have a level of data protection comparable to the data protection law of the European Union, as determined by a competent data protection authority) and processed there, Sandoz ensures the protection of your Personal Information by means of Standard Contractual Clauses or EU Model Clauses or another method in accordance with applicable law. Should these Standard Contractual Clauses in the future be declared null and void and/or be revised by the European Commission, we will adopt other applicable and/or approved instruments to provide for appropriate safeguards required for the third country transfers and enter into such agreed instruments in a written and legally binding form.
For transfers of Personal Information between our group companies, Sandoz group has concluded the Sandoz Intra-Group Data Transfer and Processing Agreement (all Sandoz entities are parties to) in which Sandoz rely on Standard Contractual Clauses approved by the European Commission as the relevant transfer mechanism for transfers of Personal Information outside the EEA, United Kingdom, and Switzerland to ensure that this global exchange of Personal Information complies with data protection laws.
4. Data retention
We will only retain your Personal Information for as long as necessary to fulfil the purpose for which it was collected or to comply with legal or regulatory requirements.
When this period expires, your Personal Information is removed from our systems and repositories.
Personal Information collected and processed in the context of a dispute are deleted or archived (i) as soon as a settlement has been reached, (ii) once a decision in last resort has been rendered or (iii) when the claim becomes time barred.
5. Your rights and how to exercise them
Whenever we process Personal Information, we take reasonable steps to keep your Personal Information accurate and up to date for the purposes for which it was collected. We will provide you with the ability to exercise the following rights under the conditions and within the limits set forth in the law.
- the right to be informed about what personal information we have about you and how we process your Personal Information;
- the right to access your Personal Information as processed by us and, if you believe that any information relating to you is incorrect, obsolete, or incomplete, to request its correction or updating;
- the right to request the erasure of your Personal Information or the restriction thereof to specific categories of processing;
- the right to withdraw your consent at any time, without affecting the lawfulness of the processing before such withdrawal;
- the right to object, in whole or in part, to the processing of your Personal Information. With certain exceptions, this includes the right to object to direct marketing and the right to object to your Personal Information being used for research;
- the right to request a data portability, i.e. that the Personal Information you have provided to us be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable format without hindrance from us and subject to your confidentiality obligations; and
- the right to object to automated decision making including profiling resulting in a significant or legal effect, i.e. you can request an human intervention in any automated decision making process related to processing of your data resulting in a significant or legal effect, and where such processing is not based on your consent, authorized by law or necessary for the performance of a contract. However, we do not currently make decisions using automated processes only that result in significant or legal effects on individuals.
If you wish to exercise your data privacy rights, under the conditions and within the limits set forth in the law, please click here.
If you have a question or you are not satisfied with how we process your personal information, you may address your request to our data protection officer at [email protected], who will investigate your concern.
In any case, in addition to the above rights, you also have the right to file a complaint with the competent data protection authority.
6. Security and Confidentiality
We have implemented appropriate technical and organizational measures designed to provide an adequate level of security and confidentiality for your Personal Information.
To ensure the security and confidentiality of personal data that we collect on-line, we use data networks protected, inter alia, by industry standard firewall and password protection. In the course of handling your personal data, we take measures reasonably designed to protect that information against accidental or unlawful loss, misuse, unauthorized access, disclosure, alteration or destruction. These measures take into account the state of the art of technology, the costs of its implementation, the nature of the data and the risk of processing.
7. Personal Information and Children
Most of the services available on this site are intended for persons 18 years of age and older. Any individual who requests information about a medicine indicated for use for children must be 18 or over. We will not knowingly collect, use or disclose personal data from a minor under the age of 18, without obtaining prior consent from a person with parental responsibility (e.g., a parent or guardian) through direct off-line contact. We will provide the parent with (i) notice of the specific types of personal data being collected from the minor, and (ii) the opportunity to object to any further collection, use, or storage of such information. We abide by laws designed to protect children.
8. Contact Us
Further information about how we process personal data is available at https://www.sandoz.com/sandoz-privacy-hub.