Effective: September 1, 2024
This Privacy Policy describes the ways in which Novartis Pharmaceuticals Canada Inc. (“Novartis”, “we” or “us”) collects and processes information about you that identifies you directly or indirectly, either alone or in combination with other information made available to us, through your interactions with us via our websites (including www.novartis.com), or through any mobile page, application, or other service (both offline and online) of Novartis Pharmaceuticals Canada Inc. that links to, incorporates, or provides you with a copy of this Privacy Policy (collectively, the “Services”).
Novartis is responsible for the processing of your personal information as it decides why and how it is processed. The Privacy Policy covers how we respect your privacy rights with respect to the processing of your personal information in relation to the Services, and/or for the purposes described in this Privacy Policy.
Though this Privacy Policy is intended for individuals interacting with the Services, you may be asked to refer to additional privacy policies or separate data privacy notices on our country specific websites if you reside in a certain location or where you use certain applications or websites not covered under the Services Wherever required, we will also present you with specific privacy notices for the purposes of activities not covered under this Policy including but not limited to recruitment, employment, third party management, or patient support.
By continuing using the Services, you agree to this Privacy Policy. We consider the protection of your Personal information and privacy to be a very important matter. As such, we invite you to carefully read this Privacy Policy.
What’s in this Privacy Policy?
- When does this Policy not apply?
- Meaning of personal information
- Your consent to Collection, Use and Disclosure
- What personal information do we collect and for which purposes?
- When and to whom do we disclose your personal information?
- International and interprovincial Transfer and Storage Information
- How do we protect your personal information?
- Retention of personal information
- Opting Out of Communications
- What are your rights and how can you exercise them?
- Children’s Information
- How frequently we update this Policy?
- Contact us
When does this Policy not apply?
Do take note that if you access any third-party link or website from our Services, you may need to refer to the privacy policies of such third parties. Novartis does not endorse and is not responsible for the information or privacy practices of websites or services owned by third parties.
Meaning of personal information
"Personal information" means any information which relates to a person and allows that person to be identified either directly or indirectly. This information may include, but is not limited to, your name, mailing address, e-mail address and telephone number.
Personal information does not include information that has been anonymized or aggregated in such a way that there is no serious possibility it can be used to identify an individual, whether on its own or in combination with other information.
Your Consent to Collection, Use and Disclosure
We collect, use and disclose your personal information with your consent or as permitted or required by law. How we obtain your consent (i.e. the means we use) and the form of it (i.e. either express or implied) will depend on the circumstances, as well as the sensitivity of the information collected. If you choose to provide personal information to us, we will assume that you consent to the collection, use and disclosure of such personal information as outlined in this Privacy Policy.
We will seek your consent at the time your personal information is collected. The consent you give is valid only to achieve the purposes for which it was requested. In the situation where we would want to use your personal information for a purpose other than the one identified at the time of collection, we will seek your consent prior to such new use.
You may withdraw your consent to our collection, use or disclosure of your Personal information at any time by contacting us using the contact information in the “Contact Us” section below. However, before we implement the withdrawal of consent, we may require proof of your identity. In some cases, withdrawal of your consent may mean that we will no longer be able to provide certain products or services.
If you provide personal information about another individual to us, it is your responsibility to obtain the consent of that individual to enable us to collect, use and disclose his or her information as described in this Privacy Policy.
What personal information do we collect and for which purposes?
Most of our Services do not require any form of registration or sign-up to access the Services.
However, depending on how you interact with us, we may collect and process personal information that directly identifies you such as your name, contact details and email address. We may also collect certain personal information that does not directly identify you, but which makes identification possible through the combination of other information or identifiers such as your company name and position or ID number. Personal information may also include information such as computer or device serial numbers, IP addresses or information relating to a company (“legal person”). If you submit personal information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.
- Information that you provide to us voluntarily
- Registration of user accounts
In order to use some Services (or individual parts of them) it may be necessary to create a user account by registering beforehand. This is the case, for example, when you visit websites whose content is only accessible to licensed medical specialists or accredited press representatives. When registering, you have to provide your name, email address, loginID, security questions & answers, encrypted passwords, postal address, telephone number and, if applicable, your license to practice medicine or accreditation.
We process and save the personal information provided during registration exclusively to enable you to access the content specifically relevant to you.
- Contact requests, customer support or feedback
For inquiries via our contact form, you must provide your name, postal address, e-mail address, telephone number, the reason for contacting you and your message. You may provide your social media profile information including name, email address, contact details, comments and reactions when you interact with us on social media platforms or using your social media login credentials to authenticate on our website.
We process and save the personal information provided in the contact request only to process and answer your request regarding our products and services and to get in touch with you.
- Newsletters
When subscribing for our newsletter service, you will need to provide your name, email address and/or postal address.
Insofar as you have given us your consent to data processing when registering for the newsletter service, we process and save the personal information provided when subscribing for the newsletter only to provide the newsletter service and you in accordance with the newsletter service you have subscribed to inform about Novartis events, products, services and / or promotions.
If you have consented to this when subscribing for the newsletter, we can also analyze your user behavior when opening the relevant newsletter and process the data collected for the personalization of future newsletters and other promotional communication.
- Orders and services
When ordering products and services via the website (such as information materials, brochures, etc.), you will need to provide your name, email address and postal address and, if applicable, your payment details.
We process and save the personal information provided when placing an order in order to provide you with the products and services you have ordered and for our business purposes including improving our products and services and tailoring your experiences when interacting with the Services.
- Tracking and monitoring adverse events
Novartis is legally obliged to inform itself about undesirable side effects and interactions, the lack of drug effectiveness, quality complaints and / or other aspects related to the safety or quality of Novartis products. If you provide us with information about Novartis products (e.g. via our website), we will evaluate and review your information (which may include information about your state of health, side effects and, if applicable, your name). For this purpose, we may also contact you if you have any questions.
Novartis is also legally obliged to report significant side effects to the responsible health authorities, whereby we only pass on your information in pseudonymous form so that no information that directly identifies you is passed on. We can also share this information with other Novartis Group companies, provided that they are themselves obliged to report to the health authorities responsible for them.
- Registration of user accounts
- Information that is collected automatically
- Social Media Listening
We may also collect personal information that you made publicly available on public social media platforms (including blogs, forums etc.), related to Novartis, Novartis products, and more in general about drugs and diseases, which is called “social media listening”. It enables Novartis for example to (i) have a better understanding of how certain key audiences like healthcare professionals or patients experience certain diseases or react to the use of Novartis products, (ii) have a better understanding of Novartis’ reputation as well as other market trends, (iii) identify key-stakeholders, in particular bloggers and social media influencers, and to initiate contact with them. This may include your personal information in form of comments, messages, blogs, photos and videos, although we will take steps to limit this personal information to the minimum necessary and keep it for no longer than necessary for the social media listening activity. If you want to limit further who can see your information, we recommend that you use the privacy settings available to you on such platforms.
When you share your personal information on a public social media platform, we suggest you also familiarize yourself with the Privacy Policy of that specific platform as these platforms are not owned and managed by Novartis.
- Website usage analytics
We may also collect and Process Information about your visit to this website, such as the pages you visit, the website you came from and the searches you perform. We may use such information to help improve the contents of the site and to compile aggregate statistics about people using our site for our internal usage statistics and market research purposes.
In doing this, we may install "cookies" or similar technologies that collect the domain name of the user, your internet service provider, your operating system, and the date and time of access. Cookies are created and stored on the user's computer, phone or other devices when the user's browser loads a particular website. Every time the user goes back to the same website, the browser retrieves and sends this "cookie" file to the website. Cookies are useful because they serve key purposes like helping a website remember your preferences and settings, performing analytics to improve services, serving you relevant content or advertisements and authenticating you on the websites. Cookies do not damage your computer. You can set your browser to notify you when you receive a cookie, this will enable you to decide if you want to accept it or not. You can also refuse cookies altogether. However, if you do not accept our cookies, you may not be able to use all functionalities of our website. When you visit our websites, you may be presented with a cookie-setting banner that allows you to manage the settings and accept or deny the cookies. It is legally permitted to store cookies on your machine if they are essential to the operation of the website, but for all other types of cookies we need your permission to do so. On Novartis websites, you have the option to consent to the use of cookies while visiting the website for the first time when a cookie banner will be shown or manage these settings anytime later by clicking the Cookie Settings link in the footer of the website. These cookie settings give you the option of accepting or denying your consent to every category of cookies (with the exception of the necessary cookies which are always active). Please refer to our Cookie Settings to learn more about what types of cookies we use (the purpose they serve, their lifespan, and their provenance) and how you can manage your preferences.
Certain of our Services, including websites, may use the web analysis service “Google Analytics” from Google LLC, of 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) to optimize them. Google uses this information obtained by the cookie to save a profile of which pages you have visited within a session. The information generated by the cookie about the use of the Services is transmitted to Google servers and stored there. In order to increase the security of your personal information, we use the "anonymize IP" function or other features provided by Google to keep you anonymous. For more information on how IP anonymization works, click https://support.google.com/analytics/answer/2763052.
Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity for us and to provide us with other services relating to website activity and internet usage. Novartis uses the data received from Google Analytics for business planning, for its own business activities and for marketing measures in order to better understand how the content of our web services and the associated experience can be improved.
Certain of our websites also use OneTrust cookies to enable you to manage the cookies easily and help us to obtain your consent for our placement and use of cookies on your device. We need these cookies to remember the choices that you have made regarding cookie settings.
- Other tracking technologies
We may use cookies or other tracking technologies (also known as action tags, single-pixel GIFs, clear GIFs, invisible GIFs and 1-by-1 GIFs) provided by third party advertisement companies to provide relevant advertisements (interactive or non-interactive) to you based on your interests or browsing history. Typically, we use the services of social media companies and other third-party advertisement companies to collect information like your browser details, unique client ID etc. so that we may serve you ads on our websites and on other websites you may use. Please refer to our Cookie Settings to learn more about our marketing or advertisement cookies and manage your preferences.
Our Services, including websites, may use Google Tag Manager (“GTM”) which is a tag management system operated by Google to manage JavaScript and HTML tags used for tracking and analytics on websites. Tags are small code elements that, among other things, are used to measure traffic and visitor behavior: to understand the effect of online advertising and social channels; to set up remarketing and orientation towards target groups; and to test and optimize websites. GTM makes it easier for us to integrate and manage our tags.
We may use other technologies including the tags that may collect some of your information like IP address to support website analytics offered by the providers, including but not limited to, mentioned below:
Megaphone (Megaphone LLC, 1255 23rd St. NW, Suite 650 Washington DC, 20037) Privacy Policy
GlobeNewswire (Intrado Corp. 11808 Miracle Hills Drive Omaha, NE 68154 United States) Privacy Policy
Fouanalytics (Marketing Science Consulting Group, Inc. 425 Fifth Ave #33A, New York, NY 10016, US) Privacy Policy
Kaltura (Kaltura Inc., 250 Park Avenue South, 10th Floor, New York, NY 10003, United States) Privacy Policy
- Website preferences and security
We may collect certain information about you like your IP address, unique device identifiers like Media Access Control (MAC) address, computer type (Windows or Mac), browser type and version, screen resolution, operating system name and version. We may also derive your location information from your IP address. We use this information to secure our websites and network systems and to improve our services by recording your preferences, maintaining service levels, diagnosing and troubleshooting technical issues.
- Social Media Listening
We may combine, aggregate, or anonymize personal information with data we may collect from or about you from other sources, such as public databases, providers of demographic information, joint marketing partners, public social media platforms (data made public by you), and other third parties.
We may use your data for our business purposes, including audits, monitoring and prevention of fraud, infringement, and other potential misuse of our products and services, and for modifying our services.
Also, we may use your personal information:
- if we are required to do so because of an applicable law, requests from public and government authorities (including court order, subpoena, or governmental regulation), even outside your country of residence;
- if we need to enforce our terms and conditions;
- when we believe in good faith that the use of personal information is necessary to protect legal rights, the security or integrity of this website;
- to protect your safety or the safety of others;
- as part of any criminal or other legal investigation or proceeding in your country or in other countries; or,
- to the extent reasonably necessary for development of or to proceed with the negotiation or completion of a corporate or commercial transaction.
We do not usually collect Sensitive personal information for the purposes other than monitoring and management of adverse events where we have a regulatory obligation. You are requested to not disclose your Sensitive personal information to us unless we specifically ask for it (e.g., national identification card numbers, information related to racial or ethnic origin, political opinions, religion or philosophical beliefs, health, sex life or sexual orientation, criminal background, or trade union membership, or biometric or genetic data for the purpose of uniquely identifying an individual).
When and to whom do we disclose your personal information?
This Privacy Policy describes the circumstances in which we may share your personal information. We may share your personal information with other Novartis subsidiaries and affiliates worldwide to exchange information and maintain databases in different countries. We also may transfer personal information to third parties who act on our behalf, for further processing in accordance with the purpose(s) for which the data were originally collected or may otherwise be lawfully processed, such as services delivery, evaluating the usefulness of our Services, marketing, advertising, data management, or technical support.
We will not sell, share, or otherwise transfer your personal information to third parties other than those indicated in this Privacy Policy.
In the course of our activities and for the same purposes as those listed in this Privacy Policy, your personal information can be accessed by, or transferred to the following categories of recipients on a need to know basis to achieve such purposes:
- our personnel (including personnel, departments or other companies of the Novartis group);
- our independent agents or brokers (if any);
- our other suppliers and services providers that provide services and products to us;
- our IT systems providers, cloud service providers, database providers and consultants;
- any third party to whom we assign or novate any of our rights or obligations; and
- our advisors and external lawyers in the context of the sale or transfer of any part of our business or its assets.
These third parties have contracted with us to only use personal information for the agreed upon purpose, and not to sell personal information to third parties, and not to disclose it to third parties except as may be permitted by us, as required by law, or as stated in this Privacy Policy.
We may disclose your Personal information to a third party in the event that the business or a part of it and the customer data connected with it is sold, assigned or transferred, in which case we would require the buyer, assignee or transferee to treat personal information in accordance with this Privacy Policy.
Also, we may disclose your personal information to a third party if we are required to do so because of an applicable law, requests from public and government authorities (including court order, subpoena, or governmental regulation), even outside your country of residence; if we need to enforce our terms and conditions; when we believe in good faith that the disclosure is necessary to protect legal rights, the security or integrity of this website; to protect your safety or the safety of others; as part of any criminal or other legal investigation or proceeding in your country or in other countries; or to third parties, advisors, and other entities to the extent reasonably necessary for development of or to proceed with the negotiation or completion of a corporate or commercial transaction.
International and interprovincial Transfer and Storage Information
Your personal information may also be processed, accessed, or stored in a country outside the country or the province where you are located . Such countries may offer a different level of protection of personal information. If we transfer your personal information to external companies in other jurisdictions, we will make sure to protect your personal information by applying the level of protection required under applicable data privacy laws by implementing adequate technical and organizational measures.
In the event that your personal information is transferred to a service provider based in a third country and processed there, Novartis ensures the protection of your personal information in accordance with Applicable Privacy Laws. In the event that your personal information is transferred outside Quebec, Novartis will ensure the protection of your personal information is made in compliance with the law.
How do we protect your personal information?
We have implemented physical, organizational, contractual and technological security measures with the goal of protecting your personal information from loss, theft, unauthorized access, disclosure, copying, use or modification. We have taken steps to ensure that the only personnel who are granted access to your personal information are those with a business ‘need-to-know’ or whose duties reasonably require such information.
The purpose of these measures is to protect personal information against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and against other unlawful forms of processing.
Despite the measure outlined above, no method of transmission or storage is completely secure or error-free, so we cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any information that you provided to us has been compromised), please contact us immediately using the contact information in the “Contact Us” section below.
How long do we store personal information?
We will only retain your personal information for as long as necessary to fulfil the purpose for which they were collected or to comply with legal or regulatory.
Opting Out of Communications
If you no longer want to receive marketing-related emails from us, you may opt-out of receiving marketing-related emails by clicking the “unsubscribe” link at the bottom of any email you receive from us, or, if you created an online account when you registered to receive our emails, you may log-in to your account and make changes to your communication preferences. You may also opt-out by contacting us directly using the contact information in the “Contact Us” section below.
We endeavor to respond to your opt-out request promptly, but we ask that you please allow us a reasonable time to process your request. Please note that if you opt-out from receiving marketing-related emails, we may still need to send you communications about your use of our products or services, or other matters.
What are your rights and how can you exercise them?
Whenever we process personal information, we take reasonable steps to keep your personal information accurate and up-to-date for the purposes for which they were collected. We will provide you with the ability to exercise the following rights under the conditions and within the limits set forth in the Applicable Privacy Laws.
- the right to be informed about what personal information we have about you and how we process your personal information;
- the right to access your personal information as processed by us and, if you believe that any information relating to you is incorrect, obsolete or incomplete, to request its correction or updating;
- the right to request the erasure or the de-indexation of, of your personal information or the restriction thereof to specific categories of processing;
- the right to withdraw your consent at any time, without affecting the lawfulness of the processing before such withdrawal;
- the right to request a data portability, i.e. that the personal information you have provided to us be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable format without hindrance from us and subject to your confidentiality obligations; and
If you have a question or want to exercise the above rights, please click here.
If you are not satisfied with how we process your personal information, you may address your request to our data protection officer at [email protected], who will investigate your concern.
Children’s Information
We do not knowingly collect any personal information about the children under the age of 14 on our website or for the purposes mentioned in this Privacy Policy. If personal information about children has been mistakenly provided to us and you would like to request that such personal information be removed, please refer to our Contact us section.
How frequently we update this policy?
We keep our Privacy Policy under regular review and update it as and when required. The last version of the Policy was last updated on September 1, 2024.
When changes are made to this Privacy Policy they will become immediately effective when published in a revised Privacy Policy posted on our website unless otherwise noted. We may also communicate the changes through our services or by other means. By submitting your personal information to us, by registering for or using any of the services we offer, by using our website, or by voluntarily interacting with us after we publish or communicate a notice about the changes to this Privacy Policy, you consent to our collecting, using and disclosing of your personal information as set out in the revised Privacy Policy.
If you wish to contact us regarding how we use your personal information or you wish to exercise your data privacy rights, please email our Privacy Officer at [email protected] or write us to the following address:
Data Privacy Office, Novartis Pharmaceuticals Canada, 700 St-Hubert, Montreal, Quebec, H2Y 0C1 In order to facilitate the most efficient answer, please provide the following information:
If you wish to contact us regarding how we use your personal information or you wish to exercise your data privacy rights, please email our Privacy Officer at [email protected] or write us to the following address:
Contact us
Data Privacy Office, Novartis Pharmaceuticals Canada, 700 St-Hubert, Montreal, Quebec, H2Y 0C1 In order to facilitate the most efficient answer, please provide the following information:
- Name of the website you are referring to
- Your relationship and interaction with us
- The description of the information you would like to receive from us
Your data privacy rights
If you wish to exercise your data privacy rights, under the conditions and within the limits set forth in the law, you may also click here.