For UK residents and residents of countries referring to the UK
only
For UK residents and residents of countries referring to the UK only
VALPROATE EDUCATIONAL MATERALS AND PRODUCT INFORMATION
PRIVACY POLICY
OUR COMMITMENT
SANOFI fully understands the importance of privacy and the protection of personal data in
the digital era and is committed to ensure an adequate level of data protection for all
persons with whom SANOFI has dealings. This includes, notably:
patients and their relatives and carers
participants in clinical trials
healthcare professionals
users of our products and services, including websites and app users
representatives of our service providers, suppliers, contractors and business
partners
representatives of the scientific community
job applicants
What you will find in this document
This privacy policy (“Policy”) describes how SANOFI collects and
processes personal data relating to the persons it deals with in its business activities
in the UK through our websites, products, services, online stores and applications that
reference this Policy. This Policy also describes SANOFI’s practices to ensure the
adequate protection of that personal data and your privacy rights.
In certain circumstances, we may, if necessary, provide you with specific privacy
information notices and/or consent forms (“Privacy Notice”), which will
describe in more detail how your personal data will be processed. It is important that
you read this Policy together with any Privacy Notice we may provide so that you are
fully aware of how and why we are using your personal data.
The objective of this Policy is to help you understand the following areas. Click on the
links to go straight to the specific section.
1. WHAT: What personal data SANOFI collects about
you
2. WHERE FROM: Where SANOFI collects your
personal data from
3. THE PURPOSES: For what reasons and
purposes SANOFI processes your personal data
4. ON WHAT GROUND: On what basis SANOFI
processes your personal data
6. WHERE: Where SANOFI may transfer your personal
data
7. HOW SECURE: What SANOFI does to protect
your personal data
8. HOW LONG: SANOFI’s approach to determining
how long to retain your personal data
9. YOUR RIGHTS: What your rights are and
how you can exercise them
10. HOW TO CONTACT US: Where and how you
can reach us if you wish to exercise your rights or if you have a question
Who is SANOFI and what is our role?
SANOFI is made up of different legal entities, and in the UK, SANOFI conducts its business through Aventis Pharma Limited and Opella Healthcare UK Limited. When we mention “SANOFI”, we are referring to the relevant company in the SANOFI group responsible for processing your data.
Each Privacy Notice will set out which SANOFI entity will be the controller and
determines for what reasons (i.e. the purposes) your personal data is processed as well
as the resources (i.e. the means) allocated to such processing. Unless specified otherwise, Aventis Pharma Limited is the controller and responsible
for https://qr.valproateandme.co.uk/.
We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your rights (as detailed in the “Your Rights” section below), please contact our Data Protection Officer as described in the “How to Contact Us” section below.
Changes to this Policy
This Policy may be modified by SANOFI from time to time, in particular in the event of
changes in the law or SANOFI’s practices. Changes to this Policy will be made available
on this page. We invite you to check this Policy periodically. The date on which this
Policy was last updated is shown at the end of this document.
Third-party links
Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our websites, we encourage you to read the privacy policy of every website you visit.
1. WHAT: What personal data SANOFI collects about you
Personal data, or personal information, means any information relating to an individual
from which that person can be identified.
We may collect, use, store and transfer different kinds of personal data about you which
we have grouped together as follows:
Identity data, which includes name, username or similar identifier,
social media usernames, profile photos, title, date of birth, age, gender, race and
ethnicity, photographs, and audio and visual recordings.
Contact data, which includes address, email, and telephone and
mobile phone numbers.
Professional data, which includes job title, place of work,
employment history, education, work address, areas of practice and specialisms.
Financial data, which includes bank account and payment card
details.
Transaction data, which includes details about payments to and from
you, and other details of products and services you have purchased from us,
including customer account numbers.
Technical data, which includes internet protocol (IP) address, your
login data, browser type and version, time zone setting and location, browser
plug-in types and versions, operating system and platform, and other technology on
the devices you use to access our websites.
Profile data, which includes your username and password, purchases or orders made by you, and your interests, preferences, feedback and survey responses.
Usage and engagement data, which includes information about how you use our websites, products and services. We may use tracking pixels and encoded URL strings to track when emails we send you have been opened and which links in an email have been clicked. Tracking pixels are small image files which are embedded in emails and downloaded to your device when you load the pictures in an email. You can turn off pixels by turning off the images in the email itself. Encoded URL strings are pieces of code that are added to links. These do not use any technology (e.g. local storage, cookies etc.) to store or access data on your device. Through the use of tracking pixels and encoded URL strings, we collect information about your opening of the email (including time and date, your IP address, the city where you opened the email, the type of device, browser and operating system used to open the email) and the links you click on in the email.
Health data, which includes information about your health, diseases
you may have, medicines you may be taking, adverse effects you may have experienced,
and genetic and biometric data.
Beliefs and interests data, which includes details about your
religious or philosophical beliefs, political opinions, hobbies and interests.
Marketing and communications data, which includes your preferences for receiving
marketing from us and our third parties and your communication preferences.
ANALYTICS DATA
Some of our websites use Google Analytics and Mouseflow to collect anonymous data to customise, measure and improve our websites.
Google Analytics is a web analytics service provided by Google, Inc. Google Analytics uses cookies to analyse use patterns and may collect information about your use of the website, including your IP address. More information on Google Analytics can be found at https://policies.google.com/technologies/partner-sites. If you would like to opt-out of having your data used by Google Analytics, you can opt out at https://tools.google.com/dlpage/gaoptout.
Mouseflow is a website analytics tool that provides session replay, heatmaps, funnels, form analytics, feedback campaigns, and similar features/functionality. Mouseflow may record your clicks, mouse movements, scrolling, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, anonymized IP address, location (city/country), language, and similar meta data. Mouseflow does not collect any information on pages where it is not installed, nor does it track or collect information outside your web browser. If you'd like to opt-out, you can do so at https://mouseflow.com/opt-out. For more information, see Mouseflow’s Privacy Policy at http://mouseflow.com/privacy.
Please see the Cookie Policy on the Sanofi website you arrived at this Privacy Policy from for more details about our use of cookies on that website.
2. WHERE FROM: Where SANOFI collects your personal data
from
SANOFI may collect your personal data from different sources:
Data that you communicate to us through various media,
registrations, applications, surveys, and direct and indirect interactions with
SANOFI. For example, data you provide to purchase our products or services, when you
meet or communicate with us, when you post a message on a SANOFI bulletin board or
comments thread, to register for scientific events sponsored by SANOFI, to
participate in a patient support programme, to report an adverse event, to submit an
online application, to create an account on our websites, or to contact us or send
us a request for information.
Data that we collect automatically, for instance recordings of telephone calls when you call SANOFI or we call you (you will always be notified in advance when we are intending to record a telephone call) and technical data we automatically collect about your equipment, browsing actions and patterns as you interact with our websites, platforms, applications emails and services, through certain technologies, such as tracking pixels, encoded URL strings and cookies. Please see the “What” and “The Purposes” sections for more details on our use of tracking pixels and encoded URL strings, including how to turn tracking pixels off. Please see the Cookie Policy on the Sanofi website you arrived at this Privacy Policy from for more details about our use of cookies on that website.
Data that we collect from publicly available sources, including
identity, contact and health data from SANOFI managed social media pages or accounts
such as Twitter or Facebook (for example, when you post a query or report an adverse
event).
Data that we obtain from third parties, for example, technical data
from analytics providers such as Google, contact, financial and transaction data
from providers of technical, payment and delivery services, identity, contact and
professional data from data brokers or aggregators such as IQVIA, and identity and
health data from healthcare professionals when they report an adverse event. We may
also need to confirm contact or financial information with third parties or verify
the registration of healthcare professionals.
In such cases, we generally receive such personal data from third parties that
are authorised to share it in the framework of their own privacy and data
protection policies or in accordance with the law. As applicable, we will inform
you in the Privacy Notice of the identity of those third parties and will invite
you to refer to their privacy and data protection policies so that you can
determine where they obtained that personal data from and how they have
processed it.
PERSONAL DATA RELATING TO CHILDREN
In some instances, we may collect personal data about children for the provision of our services, such as clinical activities or for patient support programs, with the consent of his/her parent or guardian. However, we do not otherwise knowingly solicit personal data from, or market to, children. If a parent or guardian becomes aware that his or her child has provided us with personal data, he or she should contact us as described in the "How to Contact Us" section below.
We will take steps to delete such information from our database in accordance with applicable legal requirements.
3. THE PURPOSES: For what reasons and purposes SANOFI processes
your personal data
SANOFI collects your personal data for the following purposes:
to carry out our business operations, including to carry out
marketing and sales; to register you as a customer; to provide you with access to
SANOFI’s products and services; to process and deliver your order, including to
manage payments, fees and charges, and collect and recover money owed to us; to
respond to your requests; and to keep track of our interactions and meetings, such
as when you contact us for information and support.
to comply with legal or regulatory obligations that apply to
SANOFI, including to monitor safety; to manage and report adverse events;
to carry out prevention and investigatory activities; to document and publicly
disclose certain transfers of value made to healthcare professionals, healthcare
organisations and patient organisations; and to carry out administrative
formalities, registrations, declarations and audits.
to provide patient support, healthcare support services, patient
engagement and prescription information, including to provide, manage and administer
patient support and homecare programmes; and to manage claims, including insurance
claims.
to conduct research and development, including to carry out
clinical studies, registries and trials; to manage and validate the recruitment and
participation of individuals in studies, trials and other operations; to analyse
demographic data; to offer special programs, activities, trials, events and
promotions via our services; and to carry out market and consumer studies.
to provide you access to online services, applications and
platforms, including to administer our websites and keep them safe and
secure; and to manage your online accounts.
to allow us to identify or authenticate you, including to provide
or verify your credentials including via passwords, password hints, security
information and questions, government-issued ID, healthcare professional number,
driver’s license data, and passport data.
to improve and develop our products and services, including to identify usage trends and develop new products and services; to understand how you and your device interacts with our services; to customise, measure and improve our websites, products and services, marketing, customer relationships and experiences; to track and respond to safety concerns; to determine the effectiveness of our promotional campaigns; and to conduct surveys. If we use tracking pixels or encoded URL strings in emails we send you as described in the “What” section above, we will use the data we collect to measure the performance and improve the content of our emails (for example, by ensuring that our emails are compatible with your type of browser or device). Please see the “What” section above for more details on our use of tracking pixels and encoded URL strings, including how to turn tracking pixels off.
to personalise our communications with you and your experience when using our services, including to personalise the way we communicate with you and the content of those communications (through all channels) to ensure they are in line with your preferences and relevant to your practice and interests; to ensure that our services are presented in the way that best suits you; and to present you products and offers tailored to you. This may include combining your data with other information we may already have about you from other sources (e.g. from our interactions through other channels). It may also include analysing and predicting your preferences, interests and prescribing behaviours. We may use segmentation techniques to do this, which involves dividing our customers into smaller groups or “segments” that are likely to have similar preferences and interests, so that we can personalise our communications with you.
to allow us to communicate with you, including to respond to your
requests and inquiries; to provide support for products and services; to provide you
with important information, administrative information, required notices, and
promotional materials; to send you news and information about our products,
services, or brands and operations; and to organise and manage professional events
and congresses, including your participation in such events.
to process payments we may need to issue in a specific situation,
including to verify your financial data and to facilitate further payments.
to process requests for donations and sponsorships, including from
organisations you may represent, such as hospitals or universities.
to respond to legal requests, including from administrative and
judicial authorities, in accordance with applicable laws; to comply with a subpoena,
required registration, or legal process.
to protect our rights and interests, including to protect the
health, safety and security of SANOFI personnel and premises; to carry out internal
audits, asset management, system and other business controls; to manage business
administration (finance and accounting, fraud monitoring and prevention); to
maintain the security of our services and operations; to protect our rights,
privacy, safety and property; to allow us to pursue available remedies and limit the
damages that we may incur as necessary; and to protect ourselves against possible
fraudulent actions.
MARKETING COMMUNICATIONS
If you sign-up to receive email updates from Sanofi, we will also use your personal data in the ways described in our separate Staying in Touch Privacy Notice. You may unsubscribe from receiving these emails at any time by following instructions which will be provided in each email.
4. ON WHAT GROUND: On what basis SANOFI processes your personal
data
Depending on the data processing in question, SANOFI will generally process your personal
data on one of the following legal grounds:
With your prior consent, where you have clearly expressed your
consent to SANOFI’s processing of your personal data. In practice, this will
generally mean that SANOFI will ask you to sign a document, to fill in an “opt-in”
form or to follow a procedure to allow you to be fully informed, and then either
clearly accept or refuse the data processing envisaged.
Where needed to perform a contract between you and SANOFI. In this
case, the processing of your personal data is generally necessary for the execution
or performance of that contract; this means that if you do not wish for SANOFI to
process your personal data in that context, SANOFI may refuse to enter into such
contract with you or may not be able to provide you with the products or services
covered by that contract.
Where we need to comply with legal obligations applicable to
SANOFI’s activities, for instance, SANOFI is required to implement pharmacovigilance
procedures to monitor adverse effects of marketed products, which generally involves
the collection and retention of personal data.
Where it is necessary for the “legitimate interests” of SANOFI,
meaning the interests of our business in conducting and managing our business to
enable us to give you the best service/product, and the best and most secure
experience. In this case, SANOFI will consider and balance your fundamental rights
and interests and any potential impact on you when determining whether the
processing is legitimate and lawful and before we process your personal data. We
will not use your personal data for activities where our interests are overridden by
the impact on you (unless we have your consent or are otherwise required or
permitted to by law). You can obtain further information about how we assess our
legitimate interests against any potential impact on you in respect of specific
activities by contacting as described in the “How to Contact Us" section
below.
As described in “The Purposes” section
above, we may collect and process your personal data when you visit our websites
(including through cookies) for a number of purposes, such as to administer and protect
our websites, to deliver relevant website content to you, and to use data analytics to
improve our websites. In these cases, we will process your personal data on the basis
that it is necessary for our legitimate interests (for provision of administration and
IT services and network security, to keep our website updated and relevant, to study how
customers use our products/services and to develop our business).
If we use tracking pixels or encoded URL strings in emails we send you as described in the “What” section above, we will process your personal data on the basis that it is necessary for our legitimate interests (to develop our products/services and grow our business).
When we process your personal data for other purposes, we will notify you of the specific
legal ground we are relying on to process your personal data in the Privacy Notice we
provide you.
SANOFI may, on a case-by-case basis, rely on other legal grounds for processing your
personal data, such as the protection of your vital interests. If this is the case, we
will notify you in a Privacy Notice.
Please note that we may also process your personal data on the basis of more than one
legal ground depending on the specific purpose for which we are using your data.
Please contact us as described in the “How
to Contact Us”
section below if you need details about the specific legal ground we are relying on to
process your personal data.
5. WHO: Who SANOFI shares your personal data with
For the purposes described above, SANOFI may need to share your personal data with the
following authorised third-parties:
Sanofi and its affiliates who undertake leadership reporting, and
provide IT and system administration services and other services.
our partners, such as healthcare professionals and organisations,
distributors and agents, and other members of the healthcare and pharmaceutical
industry.
selected suppliers, service providers and vendors acting upon our
instructions who provide website hosting, payment processing, order fulfilment,
information technology, system administration and related infrastructure provision,
customer service, healthcare professional validation, email delivery, data analysis,
auditing, market research, digital monitoring, marketing, advertising, brand,
communication and other services.
healthcare and patient service providers who administer patient
support and homecare programmes on behalf of SANOFI and provide other healthcare
services such as nurse services.
professional advisors including lawyers, bankers, auditors and insurers, who provide
consultancy, banking, legal, insurance, accounting and other services.
legal, regulatory, administrative and other authorities, as
required by applicable laws including laws outside your country of residence.
potential acquirers and other stakeholders in the event of a merger or legal
restructuring operation such as an acquisition, joint venture, assignment,
spin-off or divestiture.
sponsors of sweepstakes, contests and similar
promotions.
SANOFI may need to share your personal data with other third-parties, in which case we
will inform you in the applicable Privacy Notice.
In any case, SANOFI will require that all such third-parties:
undertake to comply with data protection laws and the principles of this Policy;
only process the personal data for the purposes described in this Policy and in
accordance with our instructions; and
implement appropriate technical and organisational security measures designed to protect the integrity and confidentiality of your personal data.
6. WHERE: Where SANOFI may transfer your personal data
SANOFI is a multinational organisation with affiliates, partners, suppliers, service providers and vendors
located in many countries around the world. For that reason, SANOFI may need to transfer
(via access, visualisation or storage) your personal data to other jurisdictions,
including countries outside the UK which may not be regarded as providing the same level of
protection as the UK.
Safeguards for international transfers of personal data: In cases where
SANOFI needs to transfer personal data outside the UK, we will ensure
a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us as described in the “How
to Contact Us” section below of you want further information on the specific
mechanism used by us when transferring your personal data out of the UK.
7. HOW SECURE: What SANOFI does to protect your personal data
We have implemented a variety of technological and organisational procedures and measures to ensure the integrity and confidentiality of your personal data from unauthorised access, use and disclosure. These measures will take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risks posed by the processing (in terms of likelihood and severity) to your rights and freedoms. For instance, we store your personal data on servers that have various types of technical and physical access controls, which may include, for instance, if appropriate, encryption. We may also aggregate, pseudonymise or anonymise personal data to ensure that no personally identifiable information is communicated to third parties.
In addition, we limit access to your personal data to those employees, agents,
contractors and other third parties who have a business need to know. They will only
process your personal data on our instructions and they are subject to a duty of
confidentiality.
8. HOW LONG: SANOFI’s approach to determining how long to retain
your personal data
SANOFI will only retain your personal data for as long as reasonably necessary to fulfil
the purposes we collected it for, as outlined in this Policy.
As an exception, SANOFI may be required to retain your personal data for longer periods
as required or permitted by law, or as necessary to protect its rights and interests. In
such a case, you will be informed of the intended retention period in the applicable
Privacy Notice.
To determine the appropriate retention period for personal data, we consider the amount,
nature and sensitivity of the personal data, the potential risk of harm from
unauthorised use or disclosure of your personal data, the purposes for which we process
your personal data and whether we can achieve those purposes through other means, and
the applicable legal, regulatory, tax, accounting and other requirements.
In some circumstances you can ask us to delete your data: see the “Your Rights” section below for further
information.
We may anonymise your personal data (so that it can no longer be associated with you) for
research or statistical purposes, in which case we may use this information indefinitely
without further notice to you.
9. YOUR RIGHTS: What your rights are and how you can exercise
them
Under certain circumstances, you have rights under data protection laws in relation to
your personal data.
to request access to your personal data.
This enables you to receive a copy of your personal data, unless such data is already made directly available to you, for instance within your personal account.
to request correction of your personal data should your personal
data be inaccurate, incomplete or obsolete.
to request the deletion of your personal data. This enables you to
ask us to delete or remove personal data where there is no good reason for us
continuing to process it. You also have the right to ask us to delete or remove your
personal data where you have successfully exercised your right to object to
processing (see below), where we may have processed your information unlawfully or
where we are required to erase your personal data to comply with local law. Note,
however, that we may not always be able to comply with your request of erasure for
specific legal reasons which will be notified to you, if applicable, at the time of
your request.
to withdraw your consent at any time to the data processing, where
your personal data has been collected and processed by SANOFI on the basis of your
consent. Note, this will not affect the lawfulness of processing up until the time
at which you withdraw your consent. If you withdraw your consent, we may not be able
to provide certain products or services to you. We will advise you if this is the
case at the time you withdraw your consent.
to object to the processing of your personal data, including
profiling, where your personal data has been collected and processed on the basis of
the legitimate interests of SANOFI or where SANOFI is processing your personal data
for direct marketing purposes. To exercise this right you will need to justify your
request by explaining to us your particular situation and why you feel it impacts on
your fundamental rights and freedoms. In some cases, we may demonstrate that we have
compelling legitimate grounds to process your information which override your rights
and freedoms.
to request restriction of the processing of your personal data.
This enables you to ask us to suspend the processing of your personal data in the
following scenarios:
If you want us to establish the data's accuracy.
Where our use of the data is unlawful but you do not want us to erase it.
Where you need us to hold the data even if we no longer require it as you
need it to establish, exercise or defend legal claims.
You have objected to our use of your data but we need to verify whether we
have overriding legitimate grounds to use it.
to request the transfer of your personal data from SANOFI to you or
a third-party, where technically feasible, in which case we will provide to you, or
a third-party of your choice, with your personal data in a structured, commonly used
and machine-readable format. Please note however that this right only applies to
automated information where the processing is based on your consent or in order to
perform a contract with you.
If you would like to exercise any of these rights, please contact us as described in the
“How to Contact Us” section below and
we will take necessary steps to respond as soon as possible.
You also have the right to make a complaint at any time to the Information
Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk), regarding the processing of your personal data. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
10. HOW TO CONTACT US
SANOFI welcomes any questions or comments you may have regarding this Policy or its
implementation.
You can send any questions about this Policy or SANOFI’s use of your personal data to our Data Protection Officer using the contact details below:
Post: 410 Thames Valley Park Drive, Reading, Berkshire, RG6 1PT
