OUR COMMITMENT
SANOFI fully understands the importance of privacy and the protection of personal
data in the digital era and is committed to ensure an adequate level of data
protection for all persons with whom SANOFI has dealings. This includes, notably:
- patients and their relatives and carers
- participants in clinical trials
- healthcare professionals
- representatives of our service providers, suppliers, contractors and business
partners
- representatives of the scientific community
- job applicants
What you will find in this document
This privacy policy (“Policy”) describes how SANOFI collects and
processes personal data relating to the persons it deals with in its business
activities in Ireland through our websites, products, services, online stores and
applications that reference this Policy. This Policy also describes SANOFI’s
practices to ensure the adequate protection of that personal data and your privacy
rights.
In certain circumstances, we may, if necessary, provide you with specific privacy
information notices and/or consent forms (“Privacy Notice”), which
will describe in more detail how your personal data will be processed. It is
important that you read this Policy together with any Privacy Notice we may provide
so that you are fully aware of how and why we are using your personal data.
The objective of this Policy is to help you understand the following areas. Click on
the links to go straight to the specific section.
1. WHAT: What personal data SANOFI
collects about you
2. WHERE FROM: Where SANOFI
collects your personal data from
3. THE PURPOSES: For what
reasons and purposes SANOFI processes your personal data
4. ON WHAT GROUND: On
what basis SANOFI processes your personal data
5. WHO: Who SANOFI shares your
personal data with
6. WHERE: Where SANOFI may
transfer your personal data
7. HOW SECURE: What SANOFI
does to protect your personal data
8. HOW LONG: SANOFI’s approach
to determining how long to retain your personal data
9. YOUR RIGHTS: What your
rights are and how you can exercise them
10. HOW TO CONTACT US:
Where and how you can reach us if you wish to exercise your rights or if you have a
question
Who is SANOFI and what is our role?
SANOFI is made up of different legal entities and in Ireland SANOFI conducts its
business through Sanofi Aventis Ireland Limited, Aventis Pharma Limited and Genzyme
Ireland Limited. When we mention “SANOFI”, we are referring to the relevant company
in the SANOFI group responsible for processing your data.
Each Privacy Notice will set out which SANOFI entity will be the controller and
determines for what reasons (i.e. the purposes) your personal data is processed as
well as the resources (i.e. the means) allocated to such processing. Unless
specified otherwise, Sanofi Aventis Ireland Limited, Aventis Pharma Limited and
Genzyme Ireland Limited are the controllers and responsible for any SANOFI website
that links to this Policy.
We have appointed a Data Protection Officer who is responsible for overseeing
questions in relation to this Policy. If you have any questions about this Policy,
including any requests to exercise your rights (as detailed in the “Your Rights” section below), please
contact the data protection officer as described in the “How to Contact Us” section below.
Changes to this Policy
This Policy may be modified by SANOFI from time to time, in particular in the event
of changes in the law or SANOFI’s practices. Changes to this Policy will be made
available on this page. We invite you to check this Policy periodically. The date on
which this Policy was last updated is shown at the end of this document.
1 - WHAT: What personal data SANOFI collects about you
Personal data, or personal information, means any information relating to an
individual from which that person can be identified.
We may collect, use, store and transfer different kinds of personal data about you
which we have grouped together as follows:
- Identity data, which includes name, username or similar
identifier, social media usernames, profile photos, title, date of birth, age,
gender, race and ethnicity, photographs, and audio and visual recordings.
- Contact data, which includes address, email, and telephone and
mobile phone numbers.
- Professional data, which includes job title, place of work,
employment history, education, work address, areas of practice and specialisms.
- Financial data, which includes bank account and payment card
details.
- Transaction data, which includes details about payments to and
from you, and other details of products and services you have purchased from us,
including customer account numbers.
- Technical data, which includes internet protocol (IP) address,
your login data, browser type and version, time zone setting and location,
browser plug-in types and versions, operating system and platform, and other
technology on the devices you use to access our websites.
- Profile data, which includes your username and password,
purchases or orders made by you, and your interests, preferences, feedback and
survey responses.
- Usage data, which includes information about how you use our
websites, products and services.
- Health data, which includes information about your health,
diseases you may have, medicines you may be taking, adverse effects you may have
experienced, and genetic and biometric data.
- Beliefs and interests data, which includes details about your
religious or philosophical beliefs, political opinions, hobbies and interests.
- Marketing and communications data, which includes your
preferences for receiving marketing from us and our third parties and your
communication preferences.
2 - WHERE FROM: Where SANOFI collects your personal data
from
SANOFI may collect your personal data from different sources:
- Data that you communicate to us through various media,
registrations, applications, surveys, and direct and indirect interactions with
SANOFI. For example, data you provide to purchase our products or services, when
you meet or communicate with us, when you post a message on a SANOFI bulletin
board or comments thread, to register for scientific events sponsored by SANOFI,
to participate in a patient support programme, to report an adverse event, to
submit an online application, to create an account on our websites, or to
contact us or send us a request for information.
- Data that we collect automatically, for instance recordings of
telephone calls when you call SANOFI or we call you (you will always be notified
in advance when we are intending to record a telephone call) and technical data
we automatically collect about your equipment, browsing actions and patterns as
you interact with our websites, platforms, applications and services, through
certain technologies, such as cookies. Please see our Cookie Policy for more details.
- Data that we collect from publicly available sources, including
identity, contact and health data from SANOFI managed social media pages or
accounts such as Twitter or Facebook (for example, when you post a query or
report an adverse event).
- Data that we obtain from third parties, for example, technical
data from analytics providers such as Google, contact, financial and transaction
data from providers of technical, payment and delivery services, identity,
contact and professional data from data brokers or aggregators such as IQVIA,
and identity and health data from healthcare professionals when they report an
adverse event. We may also need to confirm contact or financial information with
third parties or verify the registration of healthcare professionals.
In such
cases, we generally receive such personal data from third parties that are
authorised to share it in the framework of their own privacy and data
protection policies or in accordance with the law. As applicable, we will
inform you in the Privacy Notice of the identity of those third parties and
will invite you to refer to their privacy and data protection policies so
that you can determine where they obtained that personal data from and how
they have processed it.
PERSONAL DATA RELATING TO CHILDREN
In some instances we may collect personal data about children for the provision of
our services, such as clinical activities or for patient support programs, with the
consent of his/her parent or guardian. However, we do not otherwise knowingly
solicit personal data from, or market to, children. If a parent or guardian becomes
aware that his or her child has provided us with personal data, he or she should
contact us as described in the “How to Contact
Us” section below. We will take steps to delete such information from our
database in accordance with applicable legal requirements.
3 - THE PURPOSES: For what reasons and purposes SANOFI processes
your personal data
SANOFI collects your personal data for the following purposes:
- to carry out our business operations, including to carry out
marketing and sales; to register you as a customer; to provide you with access
to SANOFI’s products and services; to process and deliver your order, including
to manage payments, fees and charges, and collect and recover money owed to us;
to respond to your requests; and to keep track of our interactions and meetings,
such as when you contact us for information and support.
- to comply with legal or regulatory obligations that apply to
SANOFI, including to monitor safety; to manage and report adverse
events; to carry out prevention and investigatory activities; to document and
publically disclose certain transfers of value made to healthcare professionals,
healthcare organisations and patient organisations; and to carry out
administrative formalities, registrations, declarations and audits.
- to provide patient support, healthcare support services, patient
engagement and prescription information, including to provide,
manage and administer patient support and homecare programmes; and to manage
claims, including insurance claims.
- to conduct research and development, including to carry out
clinical studies, registries and trials; to manage and validate the recruitment
and participation of individuals in studies, trials and other operations; to
analyse demographic data; to offer special programs, activities, trials, events
and promotions via our services; and to carry out market and consumer studies.
- to provide you access to online services, applications and
platforms, including to administer our websites and keep them safe and secure;
and to manage your online accounts.
- to allow us to identify or authenticate you, including to
provide or verify your credentials including via passwords, password hints,
security information and questions, government-issued ID, healthcare
professional number, driver’s license data, and passport data.
- to improve and develop our products and services, including to
identify usage trends and develop new products and services; to understand how
you and your device interacts with our services; to customise, measure and
improve our websites, products and services, marketing, customer relationships
and experiences; to track and respond to safety concerns; to determine the
effectiveness of our promotional campaigns; and to conduct surveys.
- to personalise your experience when using our services,
including to ensure that our services are presented in the way that best suits
you; to understand your professional and personal interests in our content and
products and services, and adapt our content to your needs and preferences; and
to present you products and offers tailored to you.
- to allow us to communicate with you, including to respond to
your requests and inquiries; to provide support for products and services; to
provide you with important information, administrative information, required
notices, and promotional materials; to send you news and information about our
products, services, or brands and operations; and to organise and manage
professional events and congresses, including your participation in such events.
- to process payments we may need to issue in a specific
situation, including to verify your financial data and to
facilitate further payments.
- to process requests for donations and sponsorships, including
from organisations you may represent, such as hospitals or universities.
- to respond to legal requests, including from administrative and
judicial authorities, in accordance with applicable laws; to comply with a
subpoena, required registration, or legal process.
- to protect our rights and interests, including to protect the
health, safety and security of SANOFI personnel and premises; to carry out
internal audits, asset management, system and other business controls; to manage
business administration (finance and accounting, fraud monitoring and
prevention); to maintain the security of our services and operations; to protect
our rights, privacy, safety and property; to allow us to pursue available
remedies and limit the damages that we may incur as necessary; and to protect
ourselves against possible fraudulent actions.
MARKETING COMMUNICATIONS
If you have provided your consent, we may use your personal data to send you
information by email about goods and services we feel may be of interest to you,
including promotional information about SANOFI products.
We may also use your personal data, together with other personal data that SANOFI may
already hold about you, to analyse and predict your interests, professional opinions
and communication preferences, and to better understand general trends on the basis
of aggregated data. The purpose of this is to personalise the way we communicate
with you and the content of those communications, to ensure they are in accordance
with your preferences and relevant to your practice and interests.
You can ask us to stop sending you these marketing messages at any time by following
the instructions provided in each email communication. However, unsubscribing will
apply to direct marketing communications only as we may still need to email you for
other reasons, for example about your order of a product or service.
4 - ON WHAT GROUND: On what basis SANOFI processes your personal
data
Depending on the data processing in question, SANOFI will generally process your
personal data on one of the following legal grounds:
- With your prior consent, where you have clearly expressed your
consent to SANOFI’s processing of your personal data. In practice, this will
generally mean that SANOFI will ask you to sign a document, to fill in an
“opt-in” form or to follow a procedure to allow you to be fully informed, and
then either clearly accept or refuse the data processing envisaged.
- Where needed to perform a contract between you and SANOFI. In
this case, the processing of your personal data is generally necessary for the
execution or performance of that contract; this means that if you do not wish
for SANOFI to process your personal data in that context, SANOFI may refuse to
enter into such contract with you or may not be able to provide you with the
products or services covered by that contract.
- Where we need to comply with legal obligations applicable to
SANOFI’s activities, for instance, SANOFI is required to implement
pharmacovigilance procedures to monitor adverse effects of marketed products,
which generally involves the collection and retention of personal data.
- Where it is necessary for the “legitimate interests” of SANOFI,
meaning the interests of our business in conducting and managing our business to
enable us to give you the best service/product, and the best and most secure
experience. In this case, SANOFI will consider and balance your fundamental
rights and interests and any potential impact on you when determining whether
the processing is legitimate and lawful and before we process your personal
data. We will not use your personal data for activities where our interests are
overridden by the impact on you (unless we have your consent or are otherwise
required or permitted to by law). You can obtain further information about how
we assess our legitimate interests against any potential impact on you in
respect of specific activities by contacting as described in the “How to Contact Us” section below.
As described in “The Purposes” section above, we
may collect and process your personal data when you visit our websites (including
through cookies) for a number of purposes, such as to administer and protect our
websites, to deliver relevant website content to you, and to use data analytics to
improve our websites. In these cases, we will process your personal data on the
basis that it is necessary for our legitimate interests (for provision of
administration and IT services and network security, to keep our website updated and
relevant, to study how customers use our products/services and to develop our
business).
When we process your personal data for other purposes, we will notify you of the
specific legal ground we are relying on to process your personal data in the Privacy
Notice we provide you.
SANOFI may, on a case-by-case basis, rely on other legal grounds for processing your
personal data, such as the protection of your vital interests. If this is the case,
we will notify you in a Privacy
Please note that we may also process your personal data on the basis of more than one
legal ground depending on the specific purpose for which we are using your data.
Please contact us as described in the “How to
Contact Us” section below if you need details about the specific legal
ground we are relying on to process your personal data.
5 - WHO: Who SANOFI shares your personal data with
For the purposes described above, SANOFI may need to share your personal data with
the following authorised third-parties:
- Sanofi and its affiliates who undertake leadership reporting,
and provide IT and system administration services and other services.
- our partners, such as healthcare professionals and
organisations, distributors and agents, and other members of the healthcare and
pharmaceutical industry.
- selected suppliers, service providers and vendors acting upon
our instructions who provide website hosting, payment processing, order
fulfilment, information technology, system administration and related
infrastructure provision, customer service, healthcare professional validation,
email delivery, data analysis, auditing, market research, digital monitoring,
marketing, advertising, brand, communication and other services.
- healthcare and patient service providers based in Ireland who
administer patient support and homecare programmes on behalf of SANOFI and
provide other healthcare services such as nurse services.
- professional advisors including lawyers, bankers, auditors and
insurers, who provide consultancy, banking, legal, insurance, accounting and
other services.
- legal, regulatory, administrative and other authorities, as
required by applicable laws including laws outside your country of residence.
- potential acquirers and other stakeholders in the event of a
merger or legal restructuring operation such as an acquisition, joint venture,
assignment, spin-off or divestiture.
- sponsors of sweepstakes, contests and similar promotions.
SANOFI may need to share your personal data with other third-parties, in which case
we will inform you in the applicable Privacy Notice.
In any case, SANOFI will require that all such third-parties:
- undertake to comply with data protection laws and the principles of this Policy;
- only process the personal data for the purposes described in this Policy and in
accordance with our instructions; and
- implement appropriate technical and organisational security measures designed to
protect the integrity and confidentiality of your personal data.
6 - WHERE: WHERE SANOFI MAY TRANSFER YOUR PERSONAL
DATA
SANOFI is a multinational organisation with affiliates, partners and subcontractors
located in many countries around the world. For that reason, SANOFI may need to
transfer (via access, visualisation or storage) your personal data to other
jurisdictions, including countries outside the European Economic Area (“EEA”)
which may not be regarded as providing the same level of protection as the
jurisdiction you are based in.
Safeguards for international transfers of personal data: In cases
where SANOFI needs to transfer personal data outside the EEA, we will ensure that
the following adequate safeguards, as required by applicable data protection laws,
are implemented to ensure a similar degree of protection is afforded to it:
- We will only transfer your personal data to countries that have been deemed to
provide an adequate level of protection for personal data by the European
Commission. For further details, please visit
https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
- Where we use certain suppliers, service providers or vendors, we may use
specific contracts approved by the European Commission which give personal data
the same protection it has in Europe, known as the European Commission’s
Standard Contractual Clauses. For further details, please visit
https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
- Where we use providers based in the US, we may transfer data to them if they are
part of the Privacy Shield, which requires them to provide similar protection to
personal data shared between Europe and the US. For further details, please
visit
https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en.
- For intra-group transfers of personal data implemented for clinical studies and
pharmacovigilance purposes, SANOFI has implemented and shall apply its “Binding
Corporate Rules” validated by the EU Data Protection Authorities. For further
details, please visit
https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/binding-corporate-rules_en.
- Please contact us as described in the “How to
Contact Us” section below of you want further information on the
specific mechanism used by us when transferring your personal data out of the
EEA.
7 - HOW SECURE: WHAT SANOFI DOES TO PROTECT YOUR PERSONAL
DATA
We have implemented a variety of technological and organisational procedures and
measures to ensure the integrity and confidentiality of your personal data from
unauthorised access, use and disclosure. These measures will take into account the
state of the art, the costs of implementation and the nature, scope, context and
purposes of processing as well as the risks posed by the processing (in terms of
likelihood and severity) to your rights and freedoms. For instance, we store your
personal data on servers that have various types of technical and physical access
controls, which may include, for instance, if appropriate, encryption. We may also
aggregate, pseudonymise or anonymise personal data to ensure that no personally
identifiable information is communicated to third parties.
In addition, we limit access to your personal data to those employees, agents,
contractors and other third parties who have a business need to know. They will only
process your personal data on our instructions and they are subject to a duty of
confidentiality.
8 - HOW LONG: SANOFI’S APPROACH TO DETERMINING HOW LONG TO
RETAIN YOUR PERSONAL DATA
SANOFI will only retain your personal data for as long as reasonably necessary to
fulfil the purposes we collected it for, as outlined in this Policy.
As an exception, SANOFI may be required to retain your personal data for longer
periods as required or permitted by law, or as necessary to protect its rights and
interests. In such a case, you will be informed of the intended retention period in
the applicable Privacy Notice.
To determine the appropriate retention period for personal data, we consider the
amount, nature and sensitivity of the personal data, the potential risk of harm from
unauthorised use or disclosure of your personal data, the purposes for which we
process your personal data and whether we can achieve those purposes through other
means, and the applicable legal, regulatory, tax, accounting and other requirements.
In some circumstances you can ask us to delete your data: see the “Your Rights” section below for further
information.
We may anonymise your personal data (so that it can no longer be associated with you)
for research or statistical purposes, in which case we may use this information
indefinitely without further notice to you.
9 - YOUR RIGHTS: WHAT YOUR RIGHTS ARE AND HOW YOU CAN
EXERCISE THEM
Under certain circumstances, you have rights under data protection laws in relation
to your personal data.
- to request access to your personal data. This enables you to
receive a copy of your personal data, unless such data is already made directly
available to you, for instance within your personal account.
- to request correction of your personal data should your
personal data be inaccurate, incomplete or obsolete.
- to request the deletion of your personal data. This enables you
to ask us to delete or remove personal data where there is no good reason for us
continuing to process it. You also have the right to ask us to delete or remove
your personal data where you have successfully exercised your right to object to
processing (see below), where we may have processed your information unlawfully
or where we are required to erase your personal data to comply with local law.
Note, however, that we may not always be able to comply with your request of
erasure for specific legal reasons which will be notified to you, if applicable,
at the time of your request.
- to withdraw your consent at any time to the data processing,
where your personal data has been collected and processed by SANOFI on the basis
of your consent. Note, this will not affect the lawfulness of processing up
until the time at which you withdraw your consent. If you withdraw your consent,
we may not be able to provide certain products or services to you. We will
advise you if this is the case at the time you withdraw your consent.
- to object to the processing of your personal data, including
profiling, where your personal data has been collected and processed on the
basis of the legitimate interests of SANOFI or where SANOFI is processing your
personal data for direct marketing purposes. To exercise this right, you will
need to justify your request by explaining to us your particular situation and
why you feel it impacts on your fundamental rights and freedoms. In some cases,
we may demonstrate that we have compelling legitimate grounds to process your
information which override your rights and freedoms.
- to request restriction of the processing of your personal data.
This enables you to ask us to suspend the processing of your personal data in
the following scenarios:
- If you want us to establish the data's accuracy.
- Where our use of the data is unlawful but you do not want us to erase
it.
- Where you need us to hold the data even if we no longer require it as
you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether
we have overriding legitimate grounds to use it.
- to request the transfer of your personal data from SANOFI to
you or a third-party, where technically feasible, in which case we will provide
you, or a third-party of your choice, with your personal data in a structured,
commonly used and machine-readable format. Please note however that this right
only applies to automated information where the processing is based on your
consent or in order to perform a contract with you.
If you would like to exercise any of these rights, please contact us as described in
the “How to Contact Us” section below and we
will take necessary steps to respond as soon as possible.
You also have the right to make a complaint at any time to the Data
Protection Commission (“DPC”), the Irish supervisory authority for data
protection issues, regarding the processing of your personal data. For further
details, please visit www.dataprotection.ie. We would, however, appreciate the
chance to deal with your concerns before you approach the DPC, so please contact us
in the first instance.
10 - HOW TO CONTACT US
SANOFI welcomes any questions or comments you may have regarding this Policy or its
implementation.
You can send any questions about this Policy or SANOFI’s use of your personal data to
our Data Protection Officer at the details below:
Post: Sanofi, 18 Riverwalk, National Digital Park, Citywest Business
Campus, Dublin 24, Ireland
Email: IEdataprotection@sanofi.com