Effective May 25, 2018
Sanofi & your privacy
We may also link to other websites operated by Sanofi’s affiliated companies which operate under separate privacy policies. If you access these websites via this Site, we invite you to read the privacy policies of those sites as they might be different from this one.
If you have any questions, please do not hesitate to get in touch with us as set out in the Contact Us section below.
What personal data of yours is collected and processed?
Your personal data
Sanofi may process the following personal data:
- Information we collect about you: Sanofi may collect automatically some technical information, including but not limited to the Internet Protocol (IP) address, your log-in information, browser information, plug-ins, time zone setting and operating system, with regard to each of your visit on Sanofi’s website. Sanofi may also collect information about your visit, including but not limited to the page you access before, during and after your visit to Sanofi’s website (including date and time), your activities on the website, page response time, length of visit to certain pages, and page interaction information with regard to each of your visit on Sanofi’s website.
- Information you give us: You may give Sanofi personal data by filling in form(s), survey(s), application(s) and registration(s) available on the Site or by simply corresponding with Sanofi by email, phone, fax, post or by any other means. This includes, for example, information you provide when you register to use any of the features of Sanofi’s websites to any of Sanofi’s services.
The personal data Sanofi may collect includes (but might not be limited to) your Name, and/or Address, and/or Email address, and/or Telephone number, and/or Place of employment, specialties/professional affiliations. This may also include the information related to adverse events, product complaints and patient safety.
- In certain cases, Sanofi may also receive or gather information about you from other sources, such as social media platforms, public databases or simply information we receive from third parties.
For what purpose(s) and for how long is your personal data processed
Purposes for which your personal data is collected
Sanofi may process your personal data:
- for statistical purposes;
- to be able to analyse the use of Sanofi’s websites;
- to ensure and improve the functionality of Sanofi’s webpages;
- to identify you so we can reply to requests or inquiries;
- to meet all legal (e.g. court order, government request, judicial proceeding…), medical, regulatory, pharmacovigilance and compliance requirements;
- to send information, presentations, greetings, newsletters, invitation, alerts or other notifications relating to products, brands, disease states and health topics;
- to tailor our marketing programs and campaigns;
- to complete, fulfil and process the requested transactions if any;
- to verify you meet certain criteria and are eligible for services, products and information we may offer to provide you;
- to provide you with the requested services, documentation and products.
We might also de-identify or aggregate data that you have given to us when filling out a form, application and registration, and use it for any purpose. In such case, Sanofi is free to disclose such data to third party without your permission.
Your personal data will be stored as long as it is permitted and necessary in order for us to fulfil the purposes for which your personal data is collected as stated above, or for which it is further processed.
We store and process your personal data for a period reasonably determined by business necessity and for all the obligations we may have to comply with, as it may be required by law or in connection with legal action or investigation involving Sanofi.
We may also retain your personal data for the duration of your relationship with us and as long as we provide the Site to you.
All Pharmacovigilance data, and all documents relating to authorized human medicinal products, will be retained by us as long as the product is marketed, and for at least 50 years after the product has ceased to exist. After that, the data will be anonymized. The anonymized data is stored in the global safety database without time limit.
On what legal basis do we use your personal data?
The legal basis for processing your personal data, such as technical data that we may collect during your visit to our website(s) or your name, e-mail address etc., is the legitimate purposes that we pursue in order to optimize and improve your visit to our websites or to receive and process your inquiries by your submission of a form, application, registration or when contacting us by email, phone or any other means.
In some cases, we may need to process your personal data to provide a product or a service you request for the purpose of performing a contract to which you are a party.
We may use your personal data to comply with our legal obligations and other demands for information. For instance, special rules apply to information concerning adverse events, product complaints and patient safety. If you submit personal data, such as your health data related to an adverse event, the legal basis for processing these personal data will be the legal obligation for us to collect, process and retain these data pursuant to the relevant and applicable local and European legislation.
We may process and retain your data where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out of court procedure.
We may also need to collect your consent to allow us to use your personal information for one or more of the purposes listed above. For instance:
- Provide you with the requested services, information or products,
- Respond to your queries or any other correspondences your may have submitted through the Site.
If you have submitted personal information, such as your health data when you use any user forum or application made available by Sanofi, such personal data will be processed based on the consent that you gave before using the forum or application.
Disclosure or transfer of personal data to third parties
International transfer of your personal data
As Sanofi is part of a global group of companies, we may share your personal data with other affiliates of the SANOFI Group. Such transfer to group companies will be done for the abovementioned purposes (cf. section “For what purposes and for how long is your personal data processed”) and based on the same legal ground as the processing as such.
We may also transfer your data to external third parties who assist us in the processing of your personal data, such as:
- Suppliers that provide us with technology services, e.g. IT resources providers, research organizations, marketing agencies, IT solutions service providers, etc.; and
- Regulatory agencies, governments and law enforcement authorities; and
- Purchasers or potential purchasers of all or part of Sanofi’s business; and
- External auditors and professional agents or advisors; and
- Any other third party that helps us improving and organizing our business and activity.
Some of these recipients may be located in countries outside the EU/EEA, which do not ensure the same level of personal data protection as the country where you are located. In such case, Sanofi has implemented appropriate mechanisms to protect your personal data, including notably (but not limited to) data transfer agreements based on the European Commission standard contractual clauses or Sanofi’s Binding Corporate Rules.
For more information on the countries where the data are transferred or on the data transfers mechanisms implemented, you can get in touch with us as set out in the Contact Us section below.
Which security measures are in place?
Any such sharing will be in compliance with the applicable law.
However, please be aware that there is always some risk involved when submitting data over the Internet and that we cannot guarantee that our websites are 100% safe from illegal tampering or “hacking”. Any data transmitted over the Internet may be at risk.
If you, as a user believe that your interaction with us is no longer secure and safe (e.g. loss of your password), we invite you to get in touch with us as set out in the Contact Us section below.
You have the following basic rights under the applicable data protection laws and regulation:
Right to access: You may at any time inquire whether your personal data is being processed by Sanofi, and, if so, you may for example enquire what data is processed about you, the purpose of such processing and to whom such data may be disclosed.
Right of data portability: when a Sanofi’s website includes a feature relevant for the right of data portability, you have the right to receive your personal data provided to Sanofi in a structured, commonly used and machine-readable format to transmit such data to another data controller.
Right to rectification and deletion: If the personal data collected about you is incorrect or inaccurate, you may request us to rectify the incorrect or inaccurate personal data of yours.
Right to object: You may at any time object against the processing of your personal data with request to stop or limit Sanofi's processing of your personal data.
Right to file a complaint: you are entitled to file a complaint about the processing of your personal data to the following data protection authority:
the Finnish Data Protection Authority, (Tietosuojavaltuutetun toimisto), P.O. Box 315 FIN-00181 Helsinki Finland - firstname.lastname@example.org
We warrants that we will work in good faith, cooperate with the relevant Data Protection Authority and comply with its decision.
Please note, that you are free to withdraw your consent to the processing of your personal data at any time.
Although we attempt to adhere to requests to remove personal data from our records, it may not be possible to remove all copies depending on the manner in which the information was submitted to us. In addition, we reserve the right not to remove or amend information provided to us regarding an adverse event effect and information required to be retained by law.
Other confidential information
Apart from the information (including personal data) that we request from you, our websites are not intended to receive other information from you, including confidential information. Consequently, and except for personal data mentioned above, any information not requested by us, whatever its form - document, data, graphic, question, suggestion, concept, comment or other - that you send to us through our websites, will be sent at your own risk and will not under any circumstances be deemed confidential, unless otherwise provided for in applicable laws.
Also, unless otherwise provided for in applicable laws, the act of sending such information to us, gives us the right to use it, reproduce it, publish it, alter it or send it with a view to dealing with your request as well as delete it, when your request has been dealt with.
Our websites are not intended or designed to attract children under the age of thirteen (13). We do not collect any personal information from any person we actually know is a child under the age of thirteen (13).
The website you are visiting (the “Site”) belongs to and is operated by Sanofi which determines the purposes and means of the processing of your personal data.
Please note that when you contact Sanofi via email, you may be asked to answer several questions related to your personal data in order to allow Sanofi verify your identity.