PERSONAL DATA PROTECTION NOTICE ("NOTICE")
WHAT PROCESSING ACTIVITIES DOES THIS NOTICE COVER?
This Notice outlines SANOFI-AVENTIS (MALAYSIA) SDN BHD’s (“Sanofi”, “we”, “us”, or “our”) policy and responsibilities on the collection, use, disclosure, processing and transfer of your Personal Data (as defined hereunder) on the Site, in accordance with the Personal Data Protection Act 2010 of Malaysia (“Act”).
For the purposes of this Notice, Sanofi means Sanofi-Aventis (Malaysia) Sdn. Bhd. and/or all its affiliates.
VALIDITY AND EVOLUTION OF THIS NOTICE
By visiting this Site and/or interacting with Sanofi, you acknowledge that you have read and agree to the collection and processing by Sanofi of your Personal Data in the manner described in this Notice.
This Notice may be modified by Sanofi, from time to time, in particular to adapt its terms to evolutions or changes of applicable legislations and/or to Sanofi’s practices. Changes will be available on this page. We invite you to check this Notice periodically. By continuing to communicate with Sanofi or by continuing to use the Site and/or providing your Personal Data to Sanofi following the modifications to this Notice, this shall signify your acceptance of such modifications.
In the event of any conflict between the English and other language versions, the English version shall prevail.
WHAT PERSONAL DATA DOES THIS SITE COLLECT?
When operating, this Site may collect the following categories of Personal Data:
- For purposes of identification data and depending on the nature of your interaction with Sanofi, any information which allows your identification, whether directly or indirectly such as your name or contact details (address, email address, telephone number), your professional information (e.g. job type, your company, clinic, hospital).
- Messages: any information you may send us in your requests, enquiries and/or correspondences with Sanofi by using this Site. by email, phone, fax, post, or through you face to face interaction with Sanofi’s personnel or subcontractor or agent or by any other means.
- Connection data: any information regarding your connection and access to this Site (e.g. type of machine and browser used, timestamp of your connection, Internet protocol (IP) address, pages visited, browsing history, etc.). Generally we do not link your IP address to anything that will enable us to identity you.
- Information from surveys or polls: information that may be provided by you through your participation in surveys or polls via the Site, in connection with services made available on the Site, including but not limited to the Events.
- Location data: information that may be provided by your machine and browser about your location if you allow such information to be shared with Sanofi.
FOR WHAT PURPOSES DOES THIS SITE COLLECT PERSONAL DATA?
Any processing of Personal Data must be implemented for a defined purpose. In this respect, the collection and processing of Personal Data on this Site is conducted for the following purposes:
- to compile statistical data on the use of our Site to track the total number of visitors to this Site, the number of visitors to each page of this Site, how visitors navigate through this Site and the domain names of visitor’s internet service providers for the purposes of evaluating and improving the Site.
- to manage your online accounts (if any), to send you related communications, respond to your queries and information with your consent, and for the purposes of statistical analysis.
- to comply with legal or regulatory obligations that apply to Sanofi; monitor safety; manage adverse events; carry out prevention and investigatory activities; carry out administrative formalities, registration, declarations or audits. For example, we may disclose information in response to court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.
- to respond to legal requests from administrative or judicial authorities, in accordance with applicable laws; comply with a subpoena, required registration, or legal process.
- to protect our rights and interests; protect the health, safety, and security of Sanofi personnel and premises; carry out internal audits, asset management, system and other business controls; manage business administration (finance and accounting, fraud monitoring and prevention); maintain the security of our services and operations; protect our rights, privacy, safety or property, to allow us to pursue available remedies or limit the damages that we may incur as necessary; to protect ourselves against possible fraudulent actions.
- to improve and develop the Site; identify usage trends and develop content for the Site; understand how you and your device interacts with the Site; track and respond to safety concerns; determine the effectiveness of the Site.
- to carry out statistical analysis, research, marketing and other purposes using aggregate or de-identified information which does not include information that identify a particular individual.
Sanofi shall not collect, disclose, use or process any such Personal Data unless you voluntarily choose to provide us with it, or give your consent, or unless such disclosure is permitted or required by applicable laws and regulations.
By accessing the Site, you acknowledge that you have read and agree to the collection and processing by Sanofi of your Personal Data in the manner described in this Notice.
ON WHAT GROUNDS DOES THIS SITE PROCESS YOUR PERSONAL DATA?
Depending on the data processing at stake, Sanofi will generally process your Personal Data on either one of the following legal basis:
- legal obligations applicable to Sanofi’s activities; for instance, Sanofi is required to implement pharmacovigilance procedures to monitor adverse effects of marketed products, which generally involves the collection and retention of personal data.
- the “legitimate interest” of Sanofi in the sense of applicable data protection law. In such a case, Sanofi shall consider your fundamental rights and interests in determining whether the processing is legitimate and lawful.
Sanofi may, on a case-by-case basis, rely on other legal grounds, such as the protection of your vital interests, in accordance with the Act and/or any applicable data protection law.
About Children’s Personal Data
While in some instances we may collect Personal Data about children with the consent of his/her parent or guardian for the provision of our services such as clinical activities or for patient support programs, we do not otherwise knowingly solicit Personal Data from, or market to, children. If a parent or guardian becomes aware that his or her child has provided us with personal information, he or she should contact us as described in the “How to Contact Us” section below. We will take steps to delete such information from our database in accordance with applicable legal requirements.
Consent from third parties
In some circumstances you may have provided Personal Data relating to other individuals (such as your spouse, family members or friends) and in such circumstances you represent and warrant that you are authorised to provide their Personal Data to us and you have obtained their consent for their Personal Data to be processed and used in the manner as set forth in this Notice.
Links to Third-Party Websites
WHERE DOES THE PERSONAL DATA COME FROM? SANOFI WILL ALWAYS COLLECT PERSONAL DATA FROM TRUSTED SOURCES
Sanofi may collect your personal data from different sources:
- Data that you communicate to us through various media, through registrations, or direct and indirect interactions with Sanofi. For example, data you provide to to send us a request for information, etc.
- Data that we collect automatically, for instance when following your interactions with our websites, platforms, through certain technologies, such as cookies.
- Data that we collect in accordance with applicable law from public sources available.
- Data that we obtain legally from third parties, for example, when we may need to confirm contact information or to verify licensure of healthcare professionals. In such case, we generally receive such Personal Data from third-parties that are authorized to do so in the framework of their own privacy and data protection policies or in accordance with the law.
WHO HAS ACCESS TO PERSONAL DATA?
For the purposes described above, Sanofi may need to share your Personal Data with the following authorized third parties, whether they are located overseas or in Malaysia:
- Sanofi and its affiliates.
- Our partners (healthcare professionals and organizations, distributors, other members of the healthcare and pharmaceutical industry).
- Selected suppliers, service providers or vendors acting upon our instructions for website hosting, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing, etc.
- Any professional advisors and external auditors, including without limitation, legal advisors, financial advisors and consultants;
- Legal or administrative authorities, as required by applicable laws including laws outside your country of residence.
- Potential acquirers and other stakeholders in the event of a merger, legal restructuring operation such as, acquisition, joint venture, assignment, spin-off or divestitures.
In any case, Sanofi will require that such third-parties:
- undertake to comply with data protection laws and the principles of this Notice;
- will only process the Personal Data for the purposes described in this Notice; and
- implement appropriate technical and organizational security measures designed to protect the integrity and confidentiality of your Personal Data.
WHERE PERSONAL DATA MAY BE TRANSFERRED? SANOFI WILL ENSURE THAT TRANSFERS OF YOUR PERSONAL DATA ARE SAFEGUARDED
Sanofi is a multinational organization with affiliates, partners, subcontractors and other authorized third parties described above located in many countries around the world. For that reason, Sanofi may need to transfer (via access, visualization, storage, etc.) your Personal Data in other jurisdictions for the purposes described above.
Safeguards for international transfers of Personal Data: In cases where Sanofi needs to transfer Personal Data for the purposes described above, it shall ensure that adequate safeguards, as required under applicable data protection legislation, will be implemented.
In this respect and in particular, for intra-group transfers of Personal Data implemented for clinical studies and pharmacovigilance purposes, Sanofi has implemented and shall apply its "Binding Corporate Rules" validated by the EU Data Protection Authorities.
By accessing and using this Site, you understand and consent to the transfer of your Personal Data out of Malaysia as described herein.
HOW SECURE: SANOFI WILL IMPLEMENT SECURITY MEASURES TO PROTECT YOUR PERSONAL DATA
We have implemented a variety of technological and organizational procedures and measures to ensure the integrity and confidentiality of your Personal Data from unauthorized access, use and disclosure. These measures shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
For instance, we store your Personal Data on servers that have various types of technical and physical access controls, which may include, for instance, if appropriate, encryption. We may also aggregate, pseudonymize or anonymize Personal Data to ensure that no personally identifiable information is communicated to third parties.
However, please be aware that there is always some risk involved when submitting data over the Internet and that Sanofi cannot guarantee that its websites are 100% safe from illegal tampering or “hacking.” Any data transmitted over the Internet may be at risk.
HOW LONG: WE WILL RETAIN YOUR PERSONAL DATA FOR NO LONGER THAN NECESSARY
Sanofi will retain your Personal Data only for the period necessary to fulfil the purposes outlined in this Notice. As an exception, Sanofi may be required to retain your Personal Data for longer periods as required or permitted by law, as necessary to protect its rights and interests and/or as required by Sanofi’s relevant policies.
Your rights: Sanofi will ensure that you can exercise your rights pertaining to your Personal Data
You can exercise your rights as provided by applicable data protection laws. To that end, Sanofi informs you that you are entitled:
- to apply for a copy of your Personal Data that Sanofi holds;
- to correct your personal data should your Personal Data be inaccurate, incomplete, misleading or not up-to-date;
- to withdraw your consent to the processing of your Personal Data that Sanofi holds.
If you would like to exercise any of these rights, please contact us as described in the “How to Contact Us” section below and we will take necessary steps to respond as soon as possible. We may impose a fee for processing the aforesaid requests.
In respect of your right to access and/or correct your Personal Data, Sanofi has the right to refuse your requests to access and/or make any correction to your Personal Data for the reasons permitted under law, such as where the expense of providing access to you is disproportionate to the risks to your or another person’s privacy.
HOW TO CONTACT US
Sanofi welcomes any questions, complaints or comments you may have regarding this Notice or its implementation. Please send your questions, complaints or comments, including any request pertaining to Sanofi’s use of your Personal Data to Sanofi’s Data Protection Officer to:
Tel: +603 7651 0800
Fax: +603 7651 0801
Address: Unit TB-18-1, Level 18, Tower B, Plaza 33, No.1 Jalan Kemajuan, Seksyen 13, 46200 Petaling Jaya, Selangor
Operating Hours: 9am - 6pm from Mondays - Fridays (excluding Public Holidays)