Effective Date: March 15th, 2024

Welcome to the Novartis US Privacy Policy Center. Novartis Pharmaceuticals Corporation (“Novartis”, “we”, “our”, or “us”) is a United States-based affiliate of the Novartis global group, a world leader in healthcare. 

Our Privacy Policy Center includes our General Privacy Policy, which describes how we use and disclose the personal information we collect from you through our websites, surveys, mobile applications, social media forums, and other services, both offline and online, that link to, incorporate, or for which you are provided a copy of our Privacy Policy (collectively, the “Services”).

Our Privacy Policy Center also addresses:

  • The rights or choices you have about your personal information, and how you can exercise those rights or choices
  • State-specific privacy rights and disclosures, for residents of California and other states
  • For Washington and Nevada consumers, please visit our separate Consumer Health Privacy Policy.
  • Privacy notices specific to our business customers, including Healthcare Professionals (“HCPs”)

Personal information” (or “personal data”) means information that can reasonably be linked to an identifiable individual, such as a patient, a healthcare provider, a job applicant, and others. It may also include information about a browser or device used by such an individual.

To learn about the Novartis AG Global Privacy Program, or to find privacy information for other jurisdictions, please visit the Novartis AG Privacy Hub.

I. General Privacy Policy  

1. What Personal Information Do We Collect?

  • Information You Provide: We collect personal information that you voluntarily provide when you use the Services, such as when you register for or use a Novartis program or service, participate in a survey, provide a testimonial, order a product, participate in an interactive feature or forum (such as chat features), or contact us with a question, comment, or request. The types of information that you provide are based on the specific function of the Services that you use or the Novartis program or service for which you register, and might include, for instance, your name, address, age, birth date, gender, email address, phone number, photo, social media account number, zip code, education, professional experience, demographic information, information about health and/or medical conditions and specialties. If you submit personal information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.
  • Information We Receive From Third Parties: We may combine the personal information we collect from you with personal information that we receive about you from other sources, such as joint marketing partners, public databases, providers of demographic data, publications, professional organizations, social media platforms, people with whom you are connected on social media platforms, caregivers, companies and other third parties that help us screen and onboard individuals for hiring purposes, and other third parties.

2. What Information Do We Collect Automatically from Your Device? And How Do We Use It?

We and our third-party service providers may collect information automatically from your device in a variety of ways, including:

  • Through your browser or device: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services you are using. We use this information to ensure that the Services function properly.
  • Through your use of an app: When you download and use one of our apps, we may track and collect app usage data, such as the date and time the app on your device accesses our servers and the information and files that have been downloaded to the app.
  • Using cookies: Cookies are small text files stored directly on your device. We use cookies to collect information such as time spent on the Services, pages visited, the pages you view immediately before and after you access the Services, the search terms you enter, and other anonymous traffic data. Cookies allow us to recognize you and personalize your experience, to facilitate navigation, and to display information more effectively. We also use cookies to gather statistical information about the use of the Services in order to understand how they are used, improve them, and resolve questions about them. Some cookies may also be collected or placed for Targeted Advertising purposes, depending on your privacy choices (see Section II: Targeted Advertising below). If you do not want information collected through the use of cookies, most browsers allow you to automatically decline cookies or to be given the choice of declining or accepting cookies from a particular site. You may wish to refer to https://www.allaboutcookies.org/manage-cookies/index.html. If you do not accept our cookies, you may experience some inconvenience in your use of the Services.
  • Using pixel tags and other similar technologies: We may use pixel tags (also known as web beacons and clear GIFs) to, among other things, track the actions of users of the Services and our email recipients, measure the success of our marketing campaigns and compile statistics about usage of the Services and response rates.
  • Using Google Analytics, which uses cookies and similar technologies to collect and analyze information about the use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by visiting www.google.com/policies/privacy/partners, and you can exercise the opt-out provided by Google by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout
  • Using Adobe Flash technology (including Flash Local Shared Objects (“Flash LSOs”)) and other similar technologies: We may use Flash LSOs and other technologies to, among other things, collect and store information about your use of the Services. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also control Flash LSOs by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash LSOs (referred to “information” on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications.
  • IP Address: Your IP Address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider. An IP Address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) visited. Collecting IP Addresses is standard practice and is done automatically by many websites, applications and other services. We use IP Addresses for purposes such as calculating usage levels of the Services, helping diagnose server problems, and administering the Services.
  • Precise Real-Time Location Information: For certain Services, consistent with your privacy choices,  we may collect precise, real-time information about the location of your mobile device. We may use your device's location to provide you with personalized location-based services and content, including marketing communications. You may be permitted to allow or deny the use of your device's precise location, including via the pop-up served by your browser or mobile device, or by managing your location services preferences through your device settings.

3. How Do We Use Your Personal Information?

In addition to using your personal information to deliver the programs, services, products, or information you request, and for the purposes described above, we may also use it:

  • to provide customer support;
  • to provide you with information about the Services, our other products, programs, or services, your accounts, and notices;
  • to administer Speaker Programs, such as verifying speaker credentials, training and scheduling speakers, coordinating events and travel, advertising speaker events, and processing honoraria and expense reimbursement;
  • to deliver marketing communications that may be of interest to you;
  • to permit you to participate in polls, surveys, promotions, or other interactive features, such as chat features;
  • to personalize your experience and better tailor content to you;
  • to facilitate social sharing functionality;
  • to allow you to send messages to another person through the Services;
  • to deliver Targeted Advertising (see Section II below);
  • to help us, our subsidiaries, affiliates, and business partners better understand our audiences, evaluate user interest in the Services, improve the Services, and perform other market research activities;
  • for our business purposes, such as data analysis; audits; monitoring and prevention of fraud, infringement, and other potential misuse of the Services; modifying the Services; determining the effectiveness of our promotional campaigns; hiring; and operating and expanding our business activities; and
  • as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

We may use information that does not personally identify you (including personal information that we have anonymized, de-identified, and/or aggregated) for any purpose, except where we are required to do otherwise under applicable law.

4. To Whom Do We Disclose Your Personal Information?

The personal information we collect from and about you may be disclosed:

  • to our subsidiaries and affiliates within the Novartis global group, for the purposes described in this Privacy Policy;
  • to third parties that provide services to us, such as fulfilling requests for information, answering calls, administering programs or projects, assisting in research and development, or delivering advertisements or other communications;
  • to business partners who offer products or services jointly with us or with our subsidiaries or affiliates;
  • to permit a third-party business partner to deliver marketing communications or products that may be of interest to you, subject to any choices you have expressed;
  • to identify you to any person to whom you send messages;
  • to any person you direct us to contact, such as your designated caregiver(s);
  • by you, on message boards, chat, profile pages, blogs, and other services to which you post information and materials. Because any information you post may become public, we urge you to be very careful when deciding to disclose any information on or through the Services;
  • to your friends associated with your social media account, to other Services users, and to your social media account provider, in connection with your social sharing activity, such as if you connect your social media account to your Services account or log into your Services account from your social media account. By connecting your accounts, you authorize us to share personal information with your social media account provider, and you understand that the use of the information we share will be governed by the social media site's own privacy policy;
  • as required by law, such as to law enforcement, to health authorities to report possible adverse events, during government inspections or audits, as ordered or directed by courts or other governmental agencies, or in order to comply with a subpoena or other legal process;
  • when we believe in good faith that disclosure is necessary to protect legal rights or the security or integrity of the Services; protect your safety or the safety of others; investigate fraud, a breach of contract, or a violation of law; or respond to a government request; and
  • to third parties, advisors, and other entities for development of or to proceed with the negotiation or completion of a corporate or commercial transaction, including a reorganization, merger, acquisition, joint venture, sale or other disposition of all or a portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

We may disclose information that does not personally identify you (including personal information that we have anonymized, de-identified, and/or aggregated) for any purpose, except where we are required to do otherwise under applicable law.

5. Information Security

We use appropriate technical, administrative, and physical safeguards to protect the personal information collected through the Services. Unfortunately, no organization can guarantee the absolute security of information, especially information transmitted over the Internet.

6. Children's Personal Information

We do not knowingly collect personal information online from a child under the age of 13 without obtaining prior parental consent, other than to inform the child that we must have parental consent before collecting personal information.

7. Links to Third-Party Websites

The Services may contain links to third-party services that are not under our control. We are not responsible for the collection and use of your information by such services, and we encourage you to review their privacy policies. In addition, we are not responsible for the information collection, use, disclosure, or security practices of other organizations, such as Facebook, Apple, Google, Microsoft, Blackberry, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including in connection with any information you disclose to such other organizations through or in connection with the Services.

8. Changes to This Privacy Policy

This Privacy Policy became effective on March 11, 2023. We may update it from time to time by posting a new Privacy Policy on our website. You are advised to consult our website regularly for any changes.

9. Your Choices and Contacting Us

 To make a request or submit questions about our Privacy Policy, please contact us by either:

  • Visiting our Contact Us page,
  • Writing to us at Novartis Pharmaceuticals Corporation, 1 Health Plaza, East Hanover, New Jersey, 07936 attention Privacy Office, or
  • Calling us, at 1-888-NOW-NOVA (1-888-669-6682).

Channel-specific preferences: Where you have elected either to participate in one of our programs or services, including to receive communications from us, you may also discontinue your participation or opt-out of receiving certain communications by opting-out in the communication itself (such as in certain email or SMS-based programs or services).

To opt-out from receiving Targeted Advertising from Novartis, see Section II, below.

For all other privacy requests, including accessing and updating your personal information, please Contact Us as indicated above. Section IV: Supplemental State Privacy Notice, below, may include important information about exercising your privacy rights. We will respond to requests consistent with applicable law. For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request.


II. Targeted Advertising

Novartis and third-party advertising companies may collect, use, and share information (including through the use of cookies and similar technologies) to serve you advertisements for our products and services that may be of interest to you. These ads may appear on third-party websites or platforms, and across any of your internet-connected devices or services. Targeted Advertising is also sometimes referred to as “interest-based advertising” and “cross-context behavioral advertising.”

NOTE that only the following categories of Novartis U.S. websites or services currently engage in Targeted Advertising:

  • Websites for patients/consumers when the site includes an opt-in banner requesting affirmative consent for Targeted Advertising;
  • Websites for HCPs when there is a footer link to this Section mentioning Interest-Based Ads or Targeted Ads;
  • Certain of our patient or consumer programs or campaigns which included a link to this section when you signed-up, in which case we may share the personal information provided (including name and/or email) for Targeted Advertising;  and
  • Our services for HCPs, in connection with which we may share your name, email, and/or prescriber number for Targeted Advertising.   

To opt-out from Novartis Targeted Advertising:

 If you opt out from Novartis Targeted Advertising, you may still be exposed to other types of ads for our products and services.


III. Additional Notice for Healthcare Professionals

This Section of our Privacy Policy describes our additional information collection and sharing practices involving our Services intended for U.S. Healthcare Professionals (“HCPs”), including our HCP-oriented websites, mobile applications, social media forums, and other services, both offline and online (“HCP Services”).

1. What Personal Information Do We Collect?

  • Information You Provide through HCP Services: We collect personal information that you voluntarily provide when you use the HCP Services. In addition to the general personal information collection described above in our General Privacy Policy we may collect additional personal information through HCP Services such as your name, address, age, birth date, gender, email address, phone number, photo, social media account number, medical license number, zip code, education, professional experience, demographic information, information about health and/or medical specialties, information required to process payments for speaking events or expense reimbursement (including your social security number and/or tax identification number), and information required to process your purchases or transactions with us (such as payment card information, and bank account details). If you submit personal information relating to other people to us or to our service providers in connection with the HCP Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.
  • Information We Receive From Third Parties about HCPs: We may combine the personal information we collect from you with information that we receive about you from other sources, such as public databases, providers of demographic information, joint marketing partners, publications, professional organizations, social media platforms, people with whom you are connected on social media platforms, and other third parties.

2. When and to Whom Do We Disclose HCP Personal Information?

  • In addition to the general personal information disclosure practices described above, the HCP personal information we collect may also be disclosed to third parties that provide services to us, such as fulfilling requests for information, answering calls, administering programs or projects, processing speaker honoraria and expense reimbursement, processing payment card transactions or bank account transfers, arranging travel, assisting in research and development, or delivering advertisements or other communications.

IV. Supplemental State Privacy Notice

Depending on your state of residency (including California, Virginia, and others), you may be entitled to further information about our practices and have additional privacy rights, which are described below.

For Washington and Nevada residents, please visit our separate Consumer Health Privacy Policy.


For the section below, “You” refers to the general public, patients, customers, healthcare professionals (HCPs), employees of our business-to-business partners or service providers, job applicants, or former employees, or external contractors.  

1. Collection, Disclosure, Sale, and Sharing of Personal Information

The following chart details which categories of Personal Information we collect and process, as well as which categories of Personal Information we disclose to third parties for our operational business purposes, including within the 12 months preceding the date this Privacy Policy was last updated. The chart also details the categories of Personal Information that we “share” for purposes of cross-context behavioral or targeted advertising, including within the 12 months preceding the date this Privacy Policy was last updated.  We do not “sell” your personal information under California law, including for payment or similar consideration, and we have not sold your personal information within the 12 months preceding the date of this Privacy Policy. 

Categories of Personal Information

Disclosed to Which Categories of Third Parties for Operational Business Purposes

Sold to Which Categories of Third Parties

Shared with Which Categories of Third Parties for Cross-Context Behavioral or Targeted Advertising

Identifiers, such as name, email address, IP address, government-issued identifier (e.g., Social Security number), and online and device identifiers

 

Affiliates; service providers; social networks; business partners; legal authorities

None 

Ad networks and other third parties in the online advertising ecosystem

Personal information as defined in the California customer records law, such as contact and financial information

Affiliates; service providers; social networks; business partners; legal authorities

None

None 

Protected class information, such as characteristics of protected classifications under California or federal law, such as age, gender, medical conditions, and marital status

Affiliates; service providers; social networks; business partners; legal authorities

None

none

Commercial information, such as transaction information and purchase history

Affiliates; service providers; social networks; business partners; legal authorities

None

None

Biometric information, such as fingerprints and voiceprints 

Affiliates; service providers; social networks; business partners; legal authorities 

None

None

Internet or network activity information, such as browsing history and interactions with our online properties

Affiliates; service providers; social networks; business partners; legal authorities

None

Ad networks and other third parties in the online advertising ecosystem

Geolocation data, such as device location

Affiliates; service providers; social networks; business partners; legal authorities

None

None

Audio, electronic, visual, and similar information, such as call and video recordings

Affiliates; service providers; social networks; business partners; legal authorities

None

None

Employment or professional information,  such as personnel file, work history, prior employer, and professional license number

Affiliates; service providers; social networks; business partners; legal authorities

None

HCP personal data only: ad networks and other third parties in the online advertising ecosystem

Inferences drawn from any of the Personal Information listed above to create a profile about, for example, an individual’s preferences and characteristics 

Affiliates; service providers; social networks; business partners; legal authorities

None 

None 

Sensitive Personal Information, including:

  • Government-issued identifier (e.g., Social Security number); precise geolocation information; 
  • Information concerning an individual’s health, including mental or physical health conditions, medical history, and medical treatment or diagnosis by a health care professional; and 
  • Biometric information used to uniquely identify an individual.  
  • Genetic data
  • Racial or ethnic origin; religious or philosophical beliefs; citizenship; immigration status; labor union membership.
  • Account log-in credentials
  • Financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account

Affiliates; service providers; social networks; business partners; legal authorities

None

None

We do not knowingly sell or share the Personal Information of minors under 16 years of age. 

We may disclose your Personal Information to one or more third parties in connection with any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

2. Sources of Personal Information

We collect Personal Information directly from you, as well as from joint marketing partners, public databases, providers of demographic data, publications, professional organizations, social media platforms, people with whom you are connected on social media platforms, caregivers, companies and other third parties that help us screen and onboard individuals for hiring purposes, and other third parties. 

3. Purposes for the Collection, Use,  Sharing, or Other Disclosure of Personal Information

We may collect, use, share, or otherwise disclose Personal Information to operate, manage, and maintain our business, to provide our products and services, for our employment purposes, and to otherwise accomplish our business purposes and objectives.

Our business purposes and objectives include, for example, developing, improving, repairing, and maintaining our products and services; personalizing, advertising, and marketing our products and services; facilitating social sharing; conducting research, analytics, and data analysis; maintaining our facilities and infrastructure; hiring; undertaking quality and safety assurance measures; conducting risk and security controls and monitoring; detecting and preventing fraud; performing identity verification; performing accounting, audit, and other internal functions, such as internal investigations; entering into, tracking, and performing agreements with customers and suppliers; processing payments; providing customer support and responding to requests for information; managing customer and supplier relationships; complying with law, legal process, and internal policies; maintaining records; exercising and defending legal claims; and protecting the safety of our customers, business contacts, job applicants, and others, and other purposes and objectives mentioned in our General Privacy Policy above. 

4. Use of Sensitive Personal Information

Novartis uses and discloses sensitive personal information solely for the purposes of: (i) performing the services or provide the goods you request and which an average consumer would reasonably expect to receive; (ii) preventing, detecting and investigating security incidents involving personal data, (iii) ensuring the physical safety of natural persons (including reporting adverse events), or (iv) other permitted purposes, as specified under applicable state privacy laws or regulations.

5. Retention Period

We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was collected. The criteria used to determine our retention periods include:   

  • The length of time we have an ongoing relationship with you (for example, for as long as you have an account with us or keep using our services) and the length of time thereafter during which we may have a legitimate need to reference your Personal Information to address issues that may arise; 
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or 
  • Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

6. Individual Requests

You may, subject to applicable law, make the following requests. We will respond to your request consistent with our obligations under applicable law.

  1. You may request to know whether we process your Personal Information.
    1. If you are a California consumer, you may request that we disclose to you the following information covering the 12 months preceding your request: 
      1. The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
      2. The business or commercial purpose for collecting or sharing Personal Information about you; 
      3. The categories of Personal Information about you that we sold or shared (as defined by the CCPA) and the categories of third parties to whom we sold or shared such Personal Information; and 
      4. The categories of Personal Information about you that we otherwise disclosed, and the categories of third parties to whom we disclosed such Personal Information.
  2. You may request to correct inaccuracies in your Personal Information.
  3. You may request to have your Personal Information deleted. 
  4. You may request to receive a copy of your Personal Information, including, where applicable, a copy in a portable, readily usable format. 
  5. You may request to opt out of Targeted Advertising or the sharing of your Personal Information for cross-context behavioral advertising (see Section II above).
  6. You may request to opt out of the processing of your Personal Information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. 

We will not unlawfully discriminate or retaliate against you for exercising your rights under applicable law. To make a privacy request, please Contact Us as specified above. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Information subject to the request. In some instances, we may decline to honor your request where the law or right you are invoking does not apply or where an exception applies. We may need to request additional Personal Information from you in order to verify your identity and protect against fraudulent requests. If you maintain a password-protected account with us, we may verify your identity through our existing authentication practices for your account and require you to re-authenticate yourself before disclosing or deleting your Personal Information. You may make a request on behalf of a child who is under 13 years old if you are the child’s parent or legal guardian. If you make a request to delete, we may ask you to confirm your request before we delete your Personal Information. 

Appeal Process 

If we refuse to take action on your request, you may have the right under applicable law to appeal the refusal within a reasonable period after you have received notice of the refusal. You may file an appeal by contacting us online or calling 1-888-NOW-NOVA (1-888-669-6682)”.  

Authorized Agents

If an agent would like to make a request on your behalf as permitted under applicable law, the agent may use the submission methods noted in the section entitled “Individual Requests.” Not all kinds of requests can be made by authorized agents in all states. As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described in the section entitled “Individual Requests” or confirm that you provided the agent permission to submit the request.

7. De-Identified Information

Where we maintain or use de-identified information, we will continue to maintain and use the de-identified information only in a de-identified fashion and will not attempt to re-identify it.

8. Other State-Specific Privacy Disclosures

For Washington and Nevada residents, please visit our separate Consumer Health Privacy Policy.

California Residents Under Age 18: If you are a resident of California under age 18 and a registered user of the Services, you may ask us to remove content or data that you have posted to the Services by writing to [email protected]. Please note that your request does not ensure complete or comprehensive removal of the content or data, as, for example, some of your content or data may have been reposted by another user

Nevada Residents as Covered by Nevada Privacy Law: We do not sell Covered Information as defined under Nevada law. If you would like to make a further inquiry regarding the selling of your Covered Information, as defined under Nevada law, please contact [email protected]

Texas Residents: Pursuant to the Texas Health and Safety Code, Sec. 181.154, please be advised that if we receive any data that identifies you and relates to your past, present or future physical or mental health, healthcare or payment for your healthcare, such data may be subject to electronic disclosure by such means as file transfers or email.