Privacy Notice related to Novartis Privacy Policy for Webinars

Privacy Notice related to South Africa for Suppliers

Privacy Notice related to South Africa for Business Partners

Privacy Notice related to Sub-Saharan Africa for Business Partners (English)

Privacy Notice related to Sub-Saharan Africa for Business Partners (French)

Privacy Notice related to Sub-Saharan Africa for Business Partners (Portuguese)

Website Privacy Policy related to Sub-Saharan Africa

Privacy Notice related to South Africa for Medical Enquiries and/or Pharmacovigilance communication

Effective: November 11, 2023

Novartis International AG (Switzerland), as data controller, is responsible for the processing of your personal information on this website. In this Privacy Policy, “Novartis”, “we” or “us” refers to Novartis International AG. 

Please carefully read this Privacy Policy, which describes the ways in which we collect information about individuals who visit this website (“Personal Data”), how we hold and use Personal Data and how we respect your privacy rights.

We may change or update this Privacy Policy from time to time by posting a new privacy policy on this website.

Most of our services do not require any form of registration, allowing you to visit our site without telling us who you are. However, some services may require you to voluntarily provide us with Personal Data, which may include information such as your name, birth date, email address or telephone number. We may collect and use this Personal Data to provide you with products, services, and customer support, to bill you for products and services you request, to market products and services which we think may be of interest to you, or to communicate with you for other purposes which are evident from the circumstances or about which we inform you when we collect your Personal Data.

Personal Data used for website usage analytics:

We may also collect and process information about your visit to this website, such as the pages you visit, the website you came from and the searches you perform. We may use such information to help improve the contents of the site and to compile aggregate statistics about people using our site for our internal usage statistics and market research purposes. In doing this, we may install "cookies" that collect the domain name of the user, your internet service provider, your operating system, and the date and time of access. A "cookie" is a small piece of information, which is sent to your browser and stored on your computer’s hard drive. Cookies do not damage your computer. You can set your browser to notify you when you receive a "cookie”, this will enable you to decide if you want to accept it or not. You can also refuse cookies altogether. However, if you do not accept our cookies, you may not be able to use all functionalities of our website.

We do not currently respond to web browser “do not track” signals or other mechanisms that provide a method to opt out of the collection of information across websites or other online services.

Occasionally, we and our third-party advertising and service providers may use internet tags (also known as action tags, single-pixel GIFs, clear GIFs, invisible GIFs and 1-by-1 GIFs) and cookies at this site and may deploy these tags/cookies through a third-party advertising partner or a web analytical service partner which may be located and store the respective information (including your IP address) in a foreign country. These tags/cookies are placed on both online advertisements that bring users to this site and on different pages of this site. We use this technology to measure the visitors' responses to our sites and the effectiveness of our advertising campaigns (including how many times a page is opened and which information is consulted) as well as to evaluate your use of this website. The third-party partner or the web analytical service partner may be able to collect data about visitors to our and other sites because of these internet tags/cookies, may compose reports regarding the website’s activity for us and may provide further services which are related to the use of the website and the internet. They may provide such information to other parties if there is a legal requirement that they do so, or if they hire other parties to process information on their behalf. If you would like more information about web tags and cookies, please visit the Network Advertising Initiative website https://www.networkadvertising.org.

We may use a number of technologies offered by different providers to support website analytics and user tracking, including technologies offered by the providers below. If you wish to prevent or control the use of these technologies, please follow the links mentioned with that particular third party:

Crazy Egg (Crazy Egg, Inc., 16220 E. Ridgeview Lane, La Mirada, CA, 90638, USA) Privacy PolicyOpt-out

DoubleClick (Google Inc.,1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) Privacy PolicyOpt-out

Facebook (Facebook, Inc., 1601 S. California Avenue, Palo Alto, CA, 94304, USA) Privacy PolicyPlug-inOpt-out

Google Analytics (Google Inc.,1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) Privacy PolicyOpt-out

LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland) Privacy PolicyOpt-out

Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA, 94103, USA) Privacy PolicyPlug-inOpt-out

Glassdoor (Glassdoor Inc., 100 Shoreline Highway, Mill Valley, CA 94941, USA) Privacy PolicyOpt-out

We may combine, aggregate, or anonymize Personal Data with data we may collect from or about you from other sources, such as public databases, providers of demographic information, joint marketing partners, social media platforms, and other third parties.

We may use your data for our business purposes, including audits, monitoring and prevention of fraud, infringement, and other potential misuse of our products and services, and for modifying our services.

Also, we may use your Personal Data:

  • if we are required to do so because of an applicable law, requests from public and government authorities (including court order, subpoena, or governmental regulation), even outside your country of residence;
  • if we need to enforce our terms and conditions;
  • when we believe in good faith that the use of Personal Data is necessary to protect legal rights, the security or integrity of this website; 
  • to protect your safety or the safety of others; 
  • as part of any criminal or other legal investigation or proceeding in your country or in other countries; or, 
  • to the extent reasonably necessary for development of or to proceed with the negotiation or completion of a corporate or commercial transaction.

This Privacy Policy describes the circumstances in which we may share your Personal Data. We may share your Personal Data with other Novartis subsidiaries and affiliates worldwide. We also may transfer Personal Data to third parties who act on our behalf, for further processing in accordance with the purpose(s) for which the data were originally collected or may otherwise be lawfully processed, such as services delivery, evaluating the usefulness of this website, marketing, advertising, data management, or technical support. 

These third parties have contracted with us to only use Personal Data for the agreed upon purpose, and not to sell Personal Data to third parties, and not to disclose it to third parties except as may be permitted by us, as required by law, or as stated in this Privacy Policy.

We may disclose your Personal Data to a third party in the event that the business or a part of it and the customer data connected with it is sold, assigned or transferred, in which case we would require the buyer, assignee or transferee to treat Personal Data in accordance with this Privacy Policy.

Also, we may disclose your Personal Data to a third party if we are required to do so because of an applicable law, requests from public and government authorities (including court order, subpoena, or governmental regulation), even outside your country of residence; if we need to enforce our terms and conditions; when we believe in good faith that the disclosure is necessary to protect legal rights, the security or integrity of this website; to protect your safety or the safety of others; as part of any criminal or other legal investigation or proceeding in your country or in other countries; or to third parties, advisors, and other entities to the extent reasonably necessary for development of or to proceed with the negotiation or completion of a corporate or commercial transaction.

Your Personal Data may also be processed, accessed, or stored in countries outside Switzerland. Such countries may offer a different level of protection of personal data. If we transfer your Personal Data to external companies in other jurisdictions, we will make sure to protect your Personal Data by applying the level of protection required under applicable data privacy laws.

For transfers of personal data among Novartis subsidiaries and affiliates, Novartis has adopted Binding Corporate Rules, a system of principles, rules, and tools, authorized by European law, to regulate the transfer of personal data outside the EEA and Switzerland. Read more about the Novartis Binding Corporate Rules by clicking here.

We use appropriate technical, administrative, and physical safeguards to protect the information collected through this website. Unfortunately, no organization can guarantee the absolute security of information, especially information transmitted over the internet.

Our website is not directed at children. We do not knowingly collect Personal Data from children under the age of 13.

We will only retain your Personal Data for as long as necessary to fulfil the purpose for which they were collected or to comply with legal or regulatory requirements.

Whenever we process Personal Data, we take reasonable steps to keep your Personal Data accurate and up-to-date for the purposes for which they were collected. We will provide you with the ability to exercise the following rights under the conditions and within the limits set forth in the law.

If you wish to contact us regarding the use of your Personal Data or you want to object in whole or in part to the processing of your Personal Data, please contact us. If you have provided consent, you may withdraw consent. You may also request, subject to confidentiality obligations, to:

  • access your Personal Data as processed by us;
  • ask for correction or erasure of your Personal Data; and
  • request portability, where applicable, of your Personal data, i.e. that the Personal Data you have provided to us, are returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable format.

Cookies are small text files that are sent to your computer when you visit a website. Cookies on Novartis Group company (Novartis) web sites do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences and generally improving your experience of a website.

The EU Directive 2009/136/EC states that we can store cookies on your machine if they are essential to the operation of this site, but that for all others we need your permission to do so.

Novartis sites may use some non-essential cookies. We do not do this to track individual users or to identify them, but to gain useful knowledge about how the sites are used so that we can keep improving them for our users. Without the knowledge we gain from the systems that use these cookies we would not be able to provide the service we do.

Privacy at Novartis

The responsible use of personal data is a core value at Novartis.

Novartis Group fully respects privacy laws and is subject to an internal framework of privacy rules and policies.

The internal transfer of data is governed by Binding Corporate Rules, so called “BCR”. BCR are a system of privacy principles, rules and tools intended to ensure the protection of personal data. This collection of rules represents today’s best practice to meet the European Economic Area’s (“EEA”) data protection requirements for the transfer of personal data within a Group of companies. To be legally effective, the BCR have been approved by EEA Data Protection Agencies. BCR regulate the mechanism of transfer of data inside the Novartis Group of companies.

Privacy Notice for Business Partners – Novartis Entities in SSA

This Privacy Notice is addressed to:

  • the healthcare professionals with whom we create or maintain a relationship;
  • our customers or prospects, including those who are natural persons (such as self-employed pharmacists);
  • the representatives or contact persons of our customers or prospects who are legal entities (such as wholesale pharmacists);

You are receiving this Privacy Notice because Novartis in your domiciled area, is processing information about you which constitutes “personal data” and Novartis considers the protection of your personal data and privacy a very important matter.

Novartis is responsible for the processing of your personal data as it decides why and how it is processed, thereby acting as the "responsible party" or the “controller”. In this Privacy Notice, “we” or “us” refers to Novartis.

We invite you to carefully read this Privacy Notice, which sets out in which context we are processing your personal data and explains your rights and our obligations when doing so.

By agreeing to this Privacy Notice, you provide us with your consent to collect, receive, record, organise, collate, store, update, change, retrieve, read, process, use, distribute and share your personal data in the ways set out in this Privacy Notice, to the extent that such consent may be required to permit us to do so.

Should you have any further question in relation to the processing of your personal data, we invite you to contact Crystal Hart at [email protected].

This information may either be directly provided by you, by our business partners (i.e. the legal entity for whom you work), by third parties (e.g. medical agencies) or be obtained through trusted publicly available sources (such as Medpages, PubMed, Clinical Trials.gov, congress websites or university websites). To the extent necessary, you provide us with your consent to collect your personal data from such other persons. We collect various types of personal data about you, including:

  • your general and identification information (e.g. name, first name, last name, gender, email and/or postal address, fixed and/or mobile phone number);
  • your function (e.g. title, position, name of company, as well as, for healthcare professionals, first specialty, second specialty, year of graduation from medical school, publications, congress activities, awards, biography, education, links to universities, expertise and participation in/contribution to clinical trials, guidelines, editorial boards and organisations);
  • payment information (e.g. bank account details, VAT or other tax identification number);
  • Novartis unique business partner ID and profile;
  • your electronic identification data where required for the purpose of delivering products or services to our company (e.g. login, access right, passwords, badge number, IP address, online identifiers/cookies, logs, access and connection times, image recording or sound such as badge pictures, CCTV or voice recordings);
  • information regarding your preferences including in terms of channels of communication and frequency;
  • data you provide to us for example when you fill in forms or during events you attend, or when you answer questions in a survey;
  • data which relate to our products and services; and
  • information about the scientific and medical activities/interactions you have with us, including potential future interactions.

If you intend to provide us with personal data about other persons (e.g. your colleagues), you must provide a copy of this Privacy Notice to the relevant person(s), directly or through their employer, and ensure that they provide consent to your sharing their personal data with us in terms of this Privacy Notice.

Legal basis for the processing

We will only process your personal data if permitted by law, including if:

  • we have obtained your prior consent;
  • the processing is necessary to carry out actions for the conclusion or performance of a contract to which you are a party ;
  • the processing is necessary to comply with our legal or regulatory obligations;
  • the processing protects your legitimate interest; and / or
  • the processing is necessary for our legitimate interests or the legitimate interests of a third party to whom the personal data is supplied, and does not unduly affect your interests or fundamental rights and freedoms.

Please note that, when processing your personal data on this last basis, we always seek to maintain a balance between our legitimate interests and your privacy. Examples of such ‘legitimate interests’ may include data processing activities performed:

  • to benefit from cost-effective services (e.g. we may opt to use certain platforms offered by suppliers to process data);
  • to offer our products and services to our customers;
  • to prevent fraud or criminal activity, misuses of our products or services as well as the security of our IT systems, architecture and networks;
  • to sell any part of our business or its assets or to enable the acquisition of all or part of our business or assets by a third party; and
  • to meet our corporate and social responsibility objectives.

Purposes of the processing

We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. In particular, we process your personal data for the following purposes:

  • manage our relationship with you (e.g. through our databases);
  • implement tasks in preparation of or to perform existing contracts;
  • evidence transactions;
  • provide you with adequate and updated information about disease, drugs as well as our products and services;
  • improve the quality of our services by adapting our offering to your specific needs;
  • answer your requests and provide you with efficient support;
  • send you surveys (e.g. to help us improve your future interactions with us); 
  • send you communications regarding products or services that we promote;
  • manage communications and interactions with you (e.g. through the operation of a database keeping records of interactions with healthcare professionals or managing call planning as well as call reporting and other electronic and digital interactions);
  • track our activities (e.g. measuring interactions or sales, number of appointments/calls);
  • invite you to events or promotional meetings sponsored by us (e.g. medical events, speaker events, conferences, webinars, meetings on various digital platforms);
  • grant you access to our training modules allowing you to provide us with certain services;
  • manage our IT resources, including infrastructure management and business continuity;
  • preserve the company’s economic interests and ensure compliance and reporting (such as complying with our policies and local legal requirements, tax and deductions, managing alleged cases of misconduct or fraud; conducting audits and defending litigation);
  • manage mergers and acquisitions involving our company;
  • archiving and record keeping;
  • billing and invoicing; and
  • any other purposes imposed by law and authorities.

We will not sell, share, or otherwise transfer your personal data to third parties other than those indicated in this Privacy Notice.

In the course of our activities and for the same purposes as those listed in this Privacy Notice, your personal data can be accessed by or transferred to the following categories or recipients:

  • our personnel (including personnel, departments or other companies of the Novartis group) on a strictly need-to-know basis;
  • our independent agents or brokers (if any);
  • our suppliers and services providers that provide services and products to us;
  • our IT systems providers, cloud service providers, database providers and consultants;
  • our business partners who offer products or services jointly with us or with our subsidiaries or affiliates;
  • any third party to whom we assign, cede or novate any of our rights or obligations;
  • our advisors and external lawyers; and
  • any national and/or international regulatory, enforcement, public body or court where we are required to do so by applicable law or regulation or at their request.

The above third parties are contractually obliged to protect the confidentiality and security of your personal data, in compliance with applicable law.

We work with affiliates and other trusted partners and service providers located outside of your country of domicile. The personal data we collect from you may therefore also be processed, accessed, stored in or transferred to a country outside South Africa, which may not offer a level of protection of personal data which is substantially similar to the protections as may be enjoyed in your country of domicile.

If we transfer your personal data to any third party we will do so in accordance with data protection laws applicable.

For intra-group transfers of personal data, the Novartis Group has adopted Binding Corporate Rules, a system of principles, rules and tools, which accord with the data protection principles provided by applicable law, in an effort to ensure effective levels of data protection relating to transfers of personal data to other countries. Read more about the Novartis Binding Corporate Rules by clicking here: https://www.novartis.com/sites/www.novartis.com/files/bcr-individual-rights-2012.pdf

We have implemented appropriate, reasonable technical and organisational measures to provide a level of security and confidentiality to your personal data.

These measures take into account:

  1. the state of the art of the technology;
  2. the costs of its implementation;
  3. the nature of the data; and
  4. and the risk of the processing.

The purpose thereof is to protect it against accidental or unlawful destruction or alteration, loss, damage, unauthorized disclosure or access and against other unlawful forms of processing.

Moreover, when handling your personal data, we:

  • only collect and process personal data which is adequate, relevant and not excessive, as required to meet the above purposes; and
  • ensure that your personal data remains up to date and accurate.

For the latter, we may request you to confirm the personal data we hold about you. You are also invited to spontaneously inform us whenever there is a change in your personal circumstances so we can ensure your personal data is kept up-to-date.

We will only retain your personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal or regulatory requirements. When this period expires, your personal data is removed from our systems.

You may exercise the following rights under the conditions and within the limits set forth in the law:

  • the right to access your personal data as processed by us and, if you believe that any information relating to you is incorrect, obsolete or incomplete, to request its correction or updating;
  • the right to request the erasure of your personal data or the restriction thereof to specific categories of processing;
  • the right to withdraw your consent at any time, without affecting the lawfulness of the processing before such withdrawal;
  • the right to object, in whole or in part, to the processing of your personal data;
  • the right to object to a channel of communication used for direct marketing purposes; and
  • the right to request its portability where applicable.

If you have a question or want to exercise the above rights, you may send an email to [email protected] or a letter at P.O Box 12257 Vorna Valley 1686 addressed to the Data Privacy Office.

If you are not satisfied with how we process your personal data, please address your request to our data protection officer [email protected], who will investigate your concern.

In any case, you also have the right to file a complaint with the competent data protection authorities, in addition to your rights above.

Any future changes or additions to the processing of your personal data as described in this Privacy Notice will be notified to you in advance through an individual notice through our usual communication channels (e.g. by email or via our internet websites).

Contact us

If you wish to contact us regarding how we use your personal data or you wish to exercise your data privacy rights, please email us at [email protected] or write us to the following address:

Novartis International AG
Global Privacy Office
Fabrikstrasse 18
4056 Basel
Switzerland
 

In order to facilitate the most efficient answer, please provide the following information:

  • Name of the website you are referring to 
  • Your relationship and interaction with us
  • The description of the information you would like to receive from us

Cookies

Cookies are small text files that are sent to your computer when you visit a website. Cookies on Novartis Group company (Novartis) web sites do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences and generally improving your experience of a website.

The EU Directive 2009/136/EC states that we can store cookies on your machine if they are essential to the operation of this site, but that for all others we need your permission to do so.

Novartis sites may use some non-essential cookies. We do not do this to track individual users or to identify them, but to gain useful knowledge about how the sites are used so that we can keep improving them for our users. Without the knowledge we gain from the systems that use these cookies we would not be able to provide the service we do.

If you decide to set the language, font-size or specific version of the site (e.g. high-contrast), we use “user interface customization cookies”. Once set, you do not need to specify your preferences again on another visit to the site.

If you use parts of the site that require registration to access content, we will place an “authentication cookie” on your computer. This allows you to leave and return to these parts of the site without re-authenticating yourself.

If you have Adobe Flash installed on your computer (most computers do) and you use video players, we store a “flash cookie” on your computer. These cookies are used to store data needed to play back video or audio content and store the user’s preferences.

Novartis likes to understand how visitors use our websites by using web analytics services. They count the number of visitors and tell us things about the visitors’ behavior overall – such as identifying the search engine keywords that lead the user to the site, the typical length of stay on the site or the average number of pages a user views. For this purpose we place a “first party analytics cookie” on your computer.

We may also use services such as Google Analytics to track web statistics. In this case, Google will place a “3rd party cookie” on your computer. This is also the case when we use Google Maps.

Any data collected by using these cookies will be stored and managed by Novartis or one of its trusted affiliates in countries Novartis operates in.

For more information or how to contact Novartis, please refer to the Novartis Data Privacy Policy.

If you don’t want to receive cookies, you can modify your browser so that it notifies you when cookies are sent to it or you can refuse cookies altogether. You can also delete cookies that have already been set.

If you wish to restrict or block web browser cookies which are set on your device then you can do this through your browser settings; the Help function within your browser should tell you how. Alternatively, you may wish to visit www.aboutcookies.org, which contains comprehensive information on how to do this on a wide variety of desktop browsers. However, if you do not accept our cookies, you may not be able to use all functionalities of your browser software or our website.