1. Our Commitment on the Protection of Personal Information
Sandoz Canada Inc. (“Sandoz” or “we”) has the highest possible respect for privacy and is committed to protecting the privacy and safeguarding the Personal Data entrusted to us by visitors to our websites. We pledge to fully comply with recognized standards of privacy protection, applicable law (including PIPEDA), and internal privacy guidelines and policies.
The term “Personal Data” as used in this Policy refers to information such as your name, birth date, email address, mailing address, telephone number, or IP address that can be used to identify you. Information may cease to be Personal Data when it is stripped of all identifiers or aggregated with Personal Data collected from other individuals.
Generally, we will only collect or process your Personal Data in the way described in this Policy, or otherwise with your consent. However, we reserve the right, in exceptional circumstances, to conduct additional processing to the extent permitted or required by law or in support of any legal or criminal investigation.
The next sections explain how and when we collect Personal Data from you.
2. Intended Use of Personal Data
Most of our services do not require any form of registration, allowing you to visit our websites without telling us who you are. However, some services may require registration, the creation of an account or the transmission of Personal Data. When you register with us or create an account, you may need to complete certain fields (some are required and some are optional), as well as choose a user name and password or supply other Personal Data. In these situations, if you choose to withhold any Personal Data requested by us, it may not be possible for you to gain access to certain parts of the websites and for us to respond to your query.
Sandoz processes Personal Data for the purposes which we inform you about when we ask you for information. For example, we may collect and use Personal Data to provide you with products or services, to bill you for products and services you request, to market products and services which we think may be of interest to you, or to communicate with you for other purposes. The decision to supply Personal Data via the site rests with you. Generally, when you voluntarily provide us with your Personal Data, we will assume you consent to our collection, use and disclosure of that information for the purposes identified at the time of collection. Information you send to us is used only to help address your request and is otherwise kept confidential.
If, at any time, you decide you do not wish to receive communications or other services from us, you can let us know by contacting us using the contact information provided below in Section 12.
3. Non-Disclosure of Personal Data
We will not use nor share your Personal Data for purposes other than those provided for in this Policy or mentioned at the time when the Personal Data is collected. Sandoz will not sell, share, or otherwise distribute your Personal Data to third parties except as provided in this Policy. We may disclose your Personal Data to a third party if we are required to do so because of an applicable law, court order or government regulation, or if such disclosure is otherwise necessary in support of any legal or criminal investigation, whether in this country or abroad. We may disclose your Personal Data to other Sandoz or Novartis Group companies worldwide that agree to treat it in accordance with this Policy, but only in accordance with the terms of this Policy. Personal Data may occasionally be transferred to third parties who act for or on behalf of Sandoz, or in connection with the business of the Novartis Group, for further processing in accordance with the purpose(s) for which the data was originally collected, such as delivery services, evaluation or technical support. These third parties have contracted with Sandoz that they will only use Personal Data for the agreed-upon purpose, will not sell your Personal Data to third parties, and will not disclose it to third parties except with your consent, or as may be required by law or in support of any legal or criminal investigation.
Where such disclosure of Personal Data to a third party occurs, we will endeavor to ensure that the processing is performed in accordance with the purposes and within the limits under which the data was originally collected.
4. Right of Access, Correction or Objection
When we process your Personal Data, we take reasonable measures to ensure that your Personal Data is correct and up to date for the purposes for which it was collected. We may create and keep a file with your Personal Data for the purposes provided for in this Policy, which will be stored on our servers or on those of our Canadian or foreign service providers. You have the right to ensure that your Personal Data is always up to date. You have the legal right to require us to correct your Personal Data. If you wish to ask for access to or correct your Personal Data, object to our processing your Personal Data or contact us about the collection or use of your Personal Data, please email us at firstname.lastname@example.org. If you contact us, please note the name of the website where you provided the information, as well as the specific information you would like us to correct or update. We may take reasonable measures to confirm your identity before giving you access to or making changes to your Personal Data.
Your requests will be dealt with in a prompt and proper manner. Requests to delete Personal Data will be subject to any applicable legal and ethical reporting or document filing or retention obligations imposed on Sandoz.
We will give you the opportunity to object to the processing of your Personal Data, if this processing is not reasonably required for a legitimate commercial activity as provided for in the present Policy, or in our upholding of laws. In the case of direct electronic marketing, we make available to you a method of unsubscribing from electronic marketing material or a method of subscription if required by law.
5. Security and Confidentiality
We take reasonable measures to protect your Personal Data by using physical, electronic and organizational means appropriate for dealing with information of a sensitive nature. To ensure the security and confidentiality of Personal Data that Sandoz collects online, Sandoz uses data networks protected, inter alia, by industry standard firewalls and password protections that conform to sector-specific standards. Access to Personal Data is restricted to those employees who have a need to use the data and who have been trained to handle such data properly and observe strict standards of confidentiality. In the course of handling your Personal Data, we take measures reasonably designed to protect that information from loss, misuse, unauthorized access, disclosure, communication, alteration or destruction.
6. Data Transfer Abroad and Novartis Binding Corporate Rules (BCR)
We are part of the Novartis Group, a global group of companies, which has databases in different jurisdictions, some of which are operated by Novartis Group while others are operated by third parties for Novartis Group. We may transfer your Personal Data to one of the Group’s databases outside of your country of residence. Even if laws in the country to which the data is to be transferred does not require us to provide adequate protection for your Personal Data, we will nonetheless seek to ensure that data transfers to Novartis databases in that country are adequately protected. To complement this Policy and other internal policies regarding the protection of Personal Data, Sandoz, jointly with other Novartis Group companies worldwide, has adopted the Binding Corporate Rules (BCR), a set of principles governing the international transfer of Personal Data of Novartis associates, customers, business partners and other individuals whose data is collected or processed in the EU and in Switzerland, in the goal of achieving satisfactory levels of data protection. The approval of the Novartis BCR by EU and Swiss Data Protection Authorities allow Novartis to transfer Personal Data from the EU and Switzerland to Novartis Group companies in other countries in compliance with EU and Swiss data protection laws. For a summary of an individual’s rights under BCR, please click the following link:
7. Anonymous Data, Cookies and Internet Tags
We may collect and process anonymous information about your visit to this website, such as the pages you visit, the searches you perform, and the websites visited just before ours. Such information is used by us to help improve the contents of the website and to compile aggregate statistics about individuals using our website for internal, market research purposes. In doing this, we may install cookies that collect the domain name of the user, your internet service provider, your operating system, and the date and time of access. A cookie is a small piece of information which is sent to your browser and stored on your computer’s hard drive. Cookies as used by us cannot be used to discover the identity of an individual. Cookies do not damage your computer. You can set your browser to notify you when you receive a cookie: this will enable you to decide if you want to accept it or not. Note that if you do not accept the cookie, some of the functionalities of your browser may not be available. We may obtain the services of outside parties to assist us in collecting and processing the information described in this Section and all such third parties will be placed under the obligations described above in Section 3.
Occasionally, we may use internet tags (also known as action tags, single-pixel GIFs, clear GIFs, invisible GIFs and 1-by-1 GIFs) and cookies and may deploy these tags/cookies through a third-party advertising partner or a web analytical service partner which may be located and store the respective information (including your IP address) in a foreign country. These tags/cookies are placed on both online advertisements that bring users to this website and on different pages of this website. We use this technology to measure the visitors’ responses to our websites and the effectiveness of our advertising campaigns (including how many times a page is opened and which information is consulted) as well as to evaluate your use of this website. The third-party partner or the web analytical service partner may be able to collect data about visitors to our and other websites because of these internet tags/cookies, may compose reports regarding the website’s activity for us and may provide further services which are related to the use of the website and the internet. They may provide such information to other parties if there is a legal requirement that they do so, or if they hire the other parties to process information on their behalf. If you would like more information about web tags and cookies associated with online advertising or to opt out of third-party collection of this information, please visit the Network Advertising Initiative website: http://www.networkadvertising.org/
8. Google Analytics
The information generated by the cookies about your use of our website, including your IP address, will be transmitted to and stored by Google on servers in the United States. The IP address, however, will be shortened before being sent to Google and Google can then no longer use it to identify you or your computer. Only in exceptional cases will the full IP address be transmitted to and shortened by Google in the U.S.
On our behalf, Google will use the information generated by the cookies for the purpose of evaluating the use of our website, compiling reports on website activity providing us with these reports for analytical purposes. Google may transfer this information to third parties in case of a statutory obligation or if a third-party processes data on behalf of Google. Under no circumstances will Google combine or associate your IP address with other data stored at Google.
You may prevent or stop the installation and storage of cookies by your browser settings by downloading and installing the free Google Analytics Opt-out Browser Add-on available at: https://tools.google.com/dlpage/gaoptout?hl=en. We inform you that in such case you will not be able to wholly use all functions of our website.
By using our website, you consent to the processing of any Personal Data Google will collect on you in the way and for the purpose as described above.
9. Limitation on Retention of Personal Data
Sandoz keeps your Personal Data only for as long as is reasonably needed for the purposes for which such information was collected, and in accordance with any applicable legal or ethical reporting or documentation retention requirements.
10. Personal Data and Children
Most of the services available on this website are intended for persons 18 years of age and older. Any individual who requests information about a medicine indicated for use in children must be 18 or over. Sandoz will not knowingly collect, use or disclose Personal Data from a minor under the age of 18, without obtaining prior consent from a person with parental responsibility (e.g., a parent or guardian) through direct, offline contact. We will provide the parent with (i) notice of the specific types of Personal Data being collected from the minor, and (ii) the opportunity to object to any further collection, downstream use, or storage of such information. We abide by laws designed to protect children.
11. Links to Other Websites
This Policy applies only to this website to the exclusion of third-party websites. Sandoz may provide links to other websites which we believe may be of interest to our visitors. We aim to ensure that such websites are of the highest standard. However, due to the nature of the World Wide Web, Sandoz cannot guarantee the personal data protection standards of every website link it provides or be responsible for the contents of websites other than this one, and this Policy is not intended to be applicable to any linked, non-Sandoz website.
12. Contact Us