Effective January 3, 2020
Last update: August 2023
This Policy is a statement of the ways in which Sandoz AG (“Sandoz”, “we” or “us) having its registered office at Lichtstrasse 35, 4056 Basel, Switzerland, collects, holds and uses information about individual persons. This Policy applies only to information gathered by us from online resources that display a link to this Policy and not from any other source. BY USING THIS WEBSITE, YOU CONSENT TO THE COLLECTION AND USE OF INFORMATION AS SET FORTH IN THIS PRIVACY POLICY. YOU ALSO ACKNOWLEDGE THAT SANDOZ MAY PERIODICALLY CHANGE, MODIFY, ADD OR REMOVE OR OTHERWISE UPDATE THIS PRIVACY POLICY AT ITS DISCRETION, WITHOUT PRIOR NOTIFICATION. It is our intention to post any such changes on this page so that you are fully informed concerning the types of information we are gathering, how we use it, and under what circumstances it may be disclosed.
Our privacy policy is easy to find as it is located on our homepage and is linked to any part of a site where personal data are requested. At such data collection points, further explanation may be provided, where appropriate, as to the purposes for which the data will be used. This Policy, coupled with any supplementary explanation, will tell you how we will treat any data about yourself that you voluntarily submit in connection with your use of our websites.
Sandoz is responsible for the processing of your Personal Information as it decides why and how it is processed, thereby acting as the “Data Controller” of such Personal Information. It may exercise this responsibility alone or jointly with other company(-ies) / affiliates in the Sandoz Group, acting as “co-controller(s)”. The relevant privacy notices of the individual Sandoz affiliates are available in the footer of this webpage. The Privacy Policy covers how we respect your privacy rights with respect to the processing of your Personal Information in relation to the Services, and/or for the purposes described in this Privacy Policy.
Do take note that if you access any third-party link or website from our Services, you may need to refer to the privacy policies of such third parties. Sandoz does not endorse and is not responsible for the information or privacy practices of websites or services owned by third parties.
By continuing to use the Services, you agree to this Privacy Policy. We consider the protection of your Personal Information and privacy to be a particularly important matter. As such, we invite you to carefully read this Privacy Policy.
1. Pledge on Privacy
The term "personal data" as used in this Privacy Policy refers to information such as your name, birth date, e-mail address, mailing address, telephone number or IP address that can be used to identify you. Generally, Sandoz will not process your personal data without your consent. However, we reserve the right, in exceptional circumstances to conduct additional processing to the extent permitted or required by law, or in support of any legal or criminal investigation.
The next sections explain how and when we collect personal data from you.
2. Intended Use of Personal Data: Processing and Purposes of Processing
Most of our services do not require any form of registration, allowing you to visit our site without telling us who you are. However, some services may require registration.
However, depending on how you interact with us, we may collect and process Personal Information that directly identifies you such as your name, contact details and email address. We may also collect certain Personal Information that does not directly identify you, but which makes identification possible through the combination of other information or identifiers such as your company name and position or ID number. Personal Information may also include information such as computer or device serial numbers, IP addresses or information relating to a company (“legal person”). If you submit personal information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.
2.1. Information that you provide to us voluntarily
2.1.1 Registration of user accounts
In order to use some Services (or individual parts of them) it may be necessary to create a user account by registering beforehand. This is the case, for example, when you visit websites, whose content is only accessible to licensed medical specialists or accredited press representatives. When registering, you must provide your name, email address, encrypted passwords, telephone number and, if applicable, your license to practice medicine or accreditation.
We process and save the Personal Information provided during registration exclusively to enable you to access the content specifically relevant to you. The legal basis for processing your Personal Information may be fulfilment of obligations under an agreement with you or consent from you.
2.1.2 Contact requests, customer support or feedback
For inquiries via our contact form, you must provide your name, postal address, e-mail address, telephone number, the reason for contacting you and your message. You may provide your social media profile information including name, email address, contact details, comments, and reactions when you interact with us on social media platforms or using your social media login credentials to authenticate on our website.
We process and save the Personal Information provided in the contact request only to process and answer your request regarding our products and services and to get in touch with you.
The legal basis for processing your Personal Information is the fulfillment of our contractual obligations to communicate any relevant concerns about which you have contacted us.
2.1.3 Newsletters
When subscribing to our newsletter service, you will need to provide your name, email address and/or postal address.
Insofar as you have given us your consent to data processing when registering for the newsletter service, we process and save the Personal Information provided when subscribing for the newsletter only to provide the newsletter service and you in accordance with the newsletter service you have subscribed to inform about Sandoz events, products, services and / or promotions.
If you have consented to this when subscribing for the newsletter, we can also analyze your user behavior when opening the relevant newsletter and process the data collected for the personalization of future newsletters and other promotional communication.
The legal basis for the processing of your Personal Information is your consent.
2.1.4 Orders and services
When ordering products and services via the website (such as information materials, brochures, etc.), you will need to provide your name, email address and postal address and, if applicable, your payment details.
We process and save the Personal Information provided when placing an order in order to provide you with the products and services you have ordered and for our business purposes including improving our products and services and tailoring your experiences when interacting with the Services. The legal basis for processing your Personal Information is fulfilment of contractual obligations and our legitimate interests.
2.1.5 Tracking and monitoring adverse events
Sandoz is legally obliged to inform itself about undesirable side effects and interactions, the lack of drug effectiveness, quality complaints and / or other aspects related to the safety or quality of Sandoz products. If you provide us with information about Sandoz products (e.g. via our website), we will evaluate and review your information (which may include information about your state of health, side effects and, if applicable, your name). For this purpose, we may also contact you if you have any questions.
Sandoz is also legally obliged to report significant side effects to the responsible health authorities, whereby we only pass on your information in pseudonymous form so that no information that directly identifies you is passed on. We can also share this information with other Sandoz Group companies, provided they are obliged to report to the health authorities responsible for them.
The legal basis for the processing of your Personal Information is the fulfillment of our legal obligations or the safeguarding of our legitimate interests; which consist in particular of ensuring high safety and quality standards for Sandoz products; or your consent.
2.2 Information that is collected automatically
2.2.1 Website usage analytics
We may also collect and Process Information about your visit to this website, such as the pages you visit, the website you came from and the searches you perform. We may use such information to help improve the contents of the site and to compile aggregate statistics about people using our site for our internal usage statistics and market research purposes. In doing this, we may install "cookies" or similar technologies that collect the domain name of the user, your internet service provider, your operating system, and the date and time of access. Cookies are created and stored on the user's computer, phone or other devices when the user's browser loads a particular website. Every time the user goes back to the same website, the browser retrieves and sends this "cookie" file to the website. Cookies are useful because they serve key purposes like helping a website remember your preferences and settings, performing analytics to improve services, serving you relevant content or advertisements and authenticating you on the websites. Cookies do not damage your computer. You can set your browser to notify you when you receive a cookie, this will enable you to decide if you want to accept it or not. You can also refuse cookies altogether. However, if you do not accept our cookies, you may not be able to use all functionalities of our website. When you visit our websites, you may be presented with a cookie-setting banner that allows you to manage the settings and accept or deny the cookies. It is legally permitted to store cookies on your machine if they are essential to the operation of the website, but for all other types of cookies we need your permission to do so. On Sandoz websites, you have the option to consent to the use of cookies by using Cookie Settings banner that pops up while visiting the website for the first time or manage these settings anytime later. This cookie policy gives you the option of accepting or denying your consent to every category of cookies (except the necessary cookies). Please refer to our Cookie Settings to learn more about what types of cookies we use (the purpose they serve, their lifespan, and their provenance) and how you can manage your preferences.
Certain of our Services, including websites, may use the web analysis service “Google Analytics” from Google LLC, of 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) to optimize them. Google uses this information obtained by the cookie to save a profile of which pages you have visited within a session. The information generated by the cookie about the use of the Services is transmitted to Google servers and stored there. In order to increase the security of your Personal Information, we use the "anonymize IP" function or other features provided by Google to keep you anonymous. For more information on how IP anonymization works, click https://support.google.com/analytics/answer/2763052
Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity for us and to provide us with other services relating to website activity and internet usage. Sandoz uses the data received from Google Analytics for business planning, for its own business activities and for marketing measures in order to better understand how the content of our web services and the associated experience can be improved.
Certain of our websites also use OneTrust cookies to enable you to manage the cookies easily and help us to obtain your consent for our placement and use of cookies on your device. We need these cookies to remember the choices that you have made regarding cookie settings.
The legal basis for the processing of your Personal Information when we do website analytics is your consent or our legitimate business interests.
2.2.2 Other tracking technologies
We may use cookies or other tracking technologies (also known as action tags, single-pixel GIFs, clear GIFs, invisible GIFs and 1-by-1 GIFs) provided by third party advertisement companies to provide relevant advertisements (interactive or non-interactive) to you based on your interests or browsing history. Typically, we use the services of social media companies and other third-party advertisement companies to collect information like your browser details, unique client ID etc. so that we may serve you ads on our websites and on other websites you may use. Please refer to our Cookie Settings to learn more about our marketing or advertisement cookies and manage your preferences.
Our Services, including websites, may use Google Tag Manager (“GTM”) which is a tag management system operated by Google to manage JavaScript and HTML tags used for tracking and analytics on websites. Tags are small code elements that, among other things, are used to measure traffic and visitor behavior: to understand the effect of online advertising and social channels; to set up remarketing and orientation towards target groups; and to test and optimize websites. GTM makes it easier for us to integrate and manage our tags.
We may use other technologies including the tags that may collect some of your information like IP address to support website analytics offered by the providers, including but not limited to, mentioned below:
Megaphone (Megaphone LLC, 1255 23rd St. NW, Suite 650 Washington DC, 20037) Privacy Policy
GlobeNewswire (Intrado Corp. 11808 Miracle Hills Drive Omaha, NE 68154 United States) Privacy Policy
Fouanalytics (Marketing Science Consulting Group, Inc. 425 Fifth Ave #33A, New York, NY 10016, US) Privacy Policy
Kaltura (Kaltura Inc., 250 Park Avenue South, 10th Floor, New York, NY 10003, United States) Privacy Policy
Crazy Egg (Crazy Egg, Inc., 16220 E. Ridgeview Lane, La Mirada, CA, 90638, USA) Privacy Policy
The legal basis for the processing of your Personal Information is your consent or our legitimate business interests.
2.2.3 Website preferences and security
We may collect certain information about you like your IP address, unique device identifiers like Media Access Control (MAC) address, computer type (Windows or Mac), browser type and version, screen resolution, operating system name and version. We may also derive your location information from your IP address. We use this information to secure our websites and network systems and to improve our services by recording your preferences, maintaining service levels, diagnosing and troubleshooting technical issues.
The legal basis for the processing of your Personal Information is our legitimate business interests.
We may combine, aggregate, or anonymize Personal Information with data we may collect from or about you from other sources, such as public databases, providers of demographic information, joint marketing partners, public social media platforms (data made public by you), and other third parties.
We may use your data for our business purposes, including audits, monitoring and prevention of fraud, infringement, and other potential misuse of our products and services, and for modifying our services.
Also, we may use your Personal Information:
- if we are required to do so because of an applicable law, requests from public and government authorities (including court order, subpoena, or governmental regulation), even outside your country of residence;
- if we need to enforce our terms and conditions;
- when we believe in good faith that the use of Personal Information is necessary to protect legal rights, the security or integrity of this website;
- to protect your safety or the safety of others;
- as part of any criminal or other legal investigation or proceeding in your country or in other countries; or,
- to the extent necessary for development of or to proceed with the negotiation or completion of a corporate or commercial transaction.
We do not usually collect Sensitive Personal Information for purposes other than monitoring and management of adverse events where we have a regulatory obligation. You are requested to not disclose your Sensitive Personal Information to us unless we specifically ask for it (e.g., national identification card numbers, information related to racial or ethnic origin, political opinions, religion or philosophical beliefs, health, sex life or sexual orientation, criminal background, or trade union membership, or biometric or genetic data for the purpose of uniquely identifying an individual).
3. Disclosure of Information and transfer of personal data
This Privacy Policy describes the circumstances in which we may share your Personal Information. We may share your Personal Information with other Sandoz subsidiaries and affiliates worldwide to exchange information and maintain databases in different countries. We also may transfer Personal Information to third parties who act on our behalf, for further processing in accordance with the purpose(s) for which the data were originally collected or may otherwise be lawfully processed, such as services delivery, evaluating the usefulness of our Services, marketing, advertising, data management, or technical support.
We will not sell, share, or otherwise transfer your personal information to third parties other than those indicated in this Privacy Policy.
In the course of our activities and for the same purposes as those listed in this Privacy Policy, your Personal Information can be accessed by, or transferred to the following categories of recipients on a need-to-know basis to achieve such purposes:
- our personnel (including personnel, departments, or other companies of the Sandoz group);
- our independent agents or brokers (if any);
- our other suppliers and services providers that provide services and products to us;
- our IT systems providers, cloud service providers, database providers and consultants;
- any third party to whom we assign or novate any of our rights or obligations; and
- our advisors and external lawyers in the context of the sale or transfer of any part of our business or its assets.
These third parties have contracted with us to only use Personal Information for the agreed upon purpose, and not to sell Personal Information to third parties, and not to disclose it to third parties except as may be permitted by us, as required by law, or as stated in this Privacy Policy.
We may disclose your Personal Information to a third party in the event that the business or a part of it and the customer data connected with it is sold, assigned, or transferred, in which case we would require the buyer, assignee or transferee to treat Personal Information in accordance with this Privacy Policy.
Also, we may disclose your Personal Information to a third party if we are required to do so because of an applicable law, requests from public and government authorities (including court order, subpoena, or governmental regulation), even outside your country of residence; if we need to enforce our terms and conditions; when we believe in good faith that the disclosure is necessary to protect legal rights, the security or integrity of this website; to protect your safety or the safety of others; as part of any criminal or other legal investigation or proceeding in your country or in other countries; or to third parties, advisors, and other entities to the extent reasonably necessary for development of or to proceed with the negotiation or completion of a corporate or commercial transaction.
Your Personal Information may also be processed, accessed, or stored in countries outside Switzerland. Such countries may offer a different level of protection of Personal Information. If we transfer your Personal Information to external companies in other jurisdictions, we will make sure to protect your Personal Information by applying the level of protection required under applicable data privacy laws by implementing adequate technical and organizational measures. In the event that your Personal Information is transferred to a service provider based in a third country (countries outside the European Union that do not have a level of data protection comparable to the data protection law of the European Union, as determined by a competent data protection authority) and processed there, Sandoz ensures the protection of your Personal Information by means of Standard Contractual Clauses or EU Model Clauses or another method in accordance with applicable law. Should these Standard Contractual Clauses in the future be declared null and void and/or be revised by the European Commission, we will adopt other applicable and/or approved instruments to provide for appropriate safeguards required for the third country transfers and enter into such agreed instruments in a written and legally binding form.
For transfers of Personal Information between our group companies, Sandoz group has concluded the Sandoz Intra-Group Data Transfer and Processing Agreement (all Sandoz entities are parties to) in which Sandoz rely on Standard Contractual Clauses approved by the European Commission as the relevant transfer mechanism for transfers of Personal Information outside the EEA, United Kingdom, and Switzerland to ensure that this global exchange of Personal Information complies with data protection laws.
4. Data retention
We will only retain your Personal Information for as long as necessary to fulfil the purpose for which it was collected or to comply with legal or regulatory requirements.
When this period expires, your Personal Information is removed from our systems and repositories.
Personal Information collected and processed in the context of a dispute are deleted or archived (i) as soon as a settlement has been reached, (ii) once a decision in last resort has been rendered or (iii) when the claim becomes time barred.
5. Your rights and how to exercise them
Whenever we process Personal Information, we take reasonable steps to keep your Personal Information accurate and up to date for the purposes for which it was collected. We will provide you with the ability to exercise the following rights under the conditions and within the limits set forth in the law.
- the right to be informed about what personal information we have about you and how we process your Personal Information;
- the right to access your Personal Information as processed by us and, if you believe that any information relating to you is incorrect, obsolete, or incomplete, to request its correction or updating;
- the right to request the erasure of your Personal Information or the restriction thereof to specific categories of processing;
- the right to withdraw your consent at any time, without affecting the lawfulness of the processing before such withdrawal;
- the right to object, in whole or in part, to the processing of your Personal Information. With certain exceptions, this includes the right to object to direct marketing and the right to object to your Personal Information being used for research;
- the right to request a data portability, i.e. that the Personal Information you have provided to us be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable format without hindrance from us and subject to your confidentiality obligations; and
- the right to object to automated decision making including profiling resulting in a significant or legal effect, i.e. you can request an human intervention in any automated decision making process related to processing of your data resulting in a significant or legal effect, and where such processing is not based on your consent, authorized by law or necessary for the performance of a contract. However, we do not currently make decisions using automated processes only that result in significant or legal effects on individuals.
If you wish to exercise your data privacy rights, under the conditions and within the limits set forth in the law, please click here.
If you have a question or you are not satisfied with how we process your personal information, you may address your request to our data protection officer at [email protected], who will investigate your concern.
In any case, in addition to the above rights, you also have the right to file a complaint with the competent data protection authority.
6. Security and Confidentiality
We have implemented appropriate technical and organizational measures designed to provide an adequate level of security and confidentiality for your Personal Information.
To ensure the security and confidentiality of personal data that we collect on-line, we use data networks protected, inter alia, by industry standard firewall and password protection. In the course of handling your personal data, we take measures reasonably designed to protect that information against accidental or unlawful loss, misuse, unauthorized access, disclosure, alteration or destruction. These measures take into account the state of the art of technology, the costs of its implementation, the nature of the data and the risk of processing.
7. Personal Information and Children
Most of the services available on this site are intended for persons 18 years of age and older. Any individual who requests information about a medicine indicated for use for children must be 18 or over. We will not knowingly collect, use or disclose personal data from a minor under the age of 18, without obtaining prior consent from a person with parental responsibility (e.g., a parent or guardian) through direct off-line contact. We will provide the parent with (i) notice of the specific types of personal data being collected from the minor, and (ii) the opportunity to object to any further collection, use, or storage of such information. We abide by laws designed to protect children.
8. Contact Us
If you have any queries or complaints about your Personal Information and our compliance with this Privacy Policy, or if you would like to make any recommendations or comments to improve the quality of our Privacy Policy, please e-mail us at [email protected].
Further information about how we process personal data is available at https://www.sandoz.com/sandoz-privacy-hub.