WHAT PROCESSING ACTIVITIES DOES THIS NOTICE COVER?
This Notice outlines SANOFI-AVENTIS (MALAYSIA) SDN BHD’s (“Sanofi”, “we”, “us”, or “our”) policy and responsibilities on the collection, use, disclosure, processing and transfer of your Personal Data (as defined hereunder) on the Site, in accordance with the Personal Data Protection Act 2010 of Malaysia (“Act”).
For the purposes of this Notice, Sanofi means Sanofi-Aventis (Malaysia) Sdn. Bhd. and/or all its affiliates.
VALIDITY AND EVOLUTION OF THIS NOTICE
By visiting this Site, providing your Personal Data to access the online CME modules contained within the Site and/or interacting with Sanofi, you acknowledge that you have read and agree to the collection and processing by Sanofi of your Personal Data in the manner described in this Notice.
WHAT PERSONAL DATA DOES THIS SITE COLLECT?
When operating, this Site may collect the following categories of Personal Data:
- For purposes of identification data, (1) to allow access to the online CME modules contained in the Site, and/or for CME points accreditation after completion of the CME modules: your email address, specialty and/or sub-specialty, national identification number and Medical Council Registration (MCR) number; and (2) depending on the nature of your other interaction with Sanofi, your name, contact details (e.g. address, email address, telephone number), your professional information (e.g. job type, your company, clinic, hospital).
- Messages: you may send us enquiries using this Site.
- Connection data: any information regarding your connection and access to this Site (e.g. type of machine and browser used, timestamp of your connection, Internet protocol (IP) address, pages visited, browsing history, etc.). Generally we do not link your IP address to anything that will enable us to identity you.
- Location data: information that may be provided by your machine and browser about your location if you allow such information to be shared with Sanofi.
FOR WHAT PURPOSES DOES THIS SITE COLLECT PERSONAL DATA?
Any processing of Personal Data must be implemented for a defined purpose. In this respect, the collection and processing of Personal Data on this Site is conducted for the following purposes:
- To compile statistical data on the use of our Site to track the total number of visitors to this Site, the number of visitors to each page of this Site, how visitors navigate through this Site and the domain names of visitor’s internet service providers for the purposes of evaluating and improving the Site.
- To verify that you are a registered healthcare professional and to provide you access to the online CME platform; to submit your details to the responsible or relevant authority/institution for CME points accreditation;
- To manage your online accounts (if any), to send you related communications, respond to your queries and information with your consent, and for the purposes of statistical analysis.
- To comply with legal or regulatory obligations that apply to Sanofi; monitor safety; manage adverse events; carry out prevention and investigatory activities; carry out administrative formalities, registration, declarations or audits.
- To respond to legal requests from administrative or judicial authorities, in accordance with applicable laws; comply with a subpoena, required registration, or legal process.
- To protect our rights and interests; protect the health, safety, and security of Sanofi personnel and premises; carry out internal audits, asset management, system and other business controls; manage business administration (finance and accounting, fraud monitoring and prevention); maintain the security of our services and operations; protect our rights, privacy, safety or property, to allow us to pursue available remedies or limit the damages that we may incur as necessary; to protect ourselves against possible fraudulent actions.
- To improve and develop the Site; identify usage trends and develop content for the Site; understand how you and your device interacts with the Site; track and respond to safety concerns; determine the effectiveness of the Site.
Sanofi shall not collect, disclose, use or process any such Personal Data unless you voluntarily choose to provide us with it, or give your consent, or unless such disclosure is permitted or required by applicable laws and regulations.
ON WHAT GROUNDS DOES THIS SITE PROCESS YOUR PERSONAL DATA?
Depending on the data processing at stake, Sanofi will generally process your personal data on either one of the following legal basis:
- Legal obligations applicable to Sanofi’s activities; for instance, Sanofi is required to implement pharmacovigilance procedures to monitor adverse effects of marketed products, which generally involves the collection and retention of personal data.
- The “legitimate interest” of Sanofi in the sense of applicable data protection law. In such a case, Sanofi shall consider your fundamental rights and interests in determining whether the processing is legitimate and lawful.
Sanofi may, on a case-by-case basis, rely on other legal grounds, such as the protection of your vital interests, in accordance with the Act and/or any applicable data protection law.
About Children’s Personal Data
While in some instances we may collect Personal Data about children with the consent of his/her parent or guardian for the provision of our services such as clinical activities or for patient support programs, we do not otherwise knowingly solicit Personal Data from, or market to, children. If a parent or guardian becomes aware that his or her child has provided us with personal information, he or she should contact us as described in the “How to Contact Us” section below. We will take steps to delete such information from our database in accordance with applicable legal requirements.
Consent from third parties
In some circumstances you may have provided personal data relating to other individuals (such as your spouse, family members or friends) and in such circumstances you represent and warrant that you are authorised to provide their personal data to us and you have obtained their consent for their personal data to be processed and used in the manner as set forth in this Notice.
Links to Third-Party Websites
WHERE DOES THE PERSONAL DATA COME FROM? SANOFI WILL ALWAYS COLLECT PERSONAL DATA FROM TRUSTED SOURCES
Sanofi may collect your personal data from different sources:
- Data that you communicate to us through various media, through registrations, or direct and indirect interactions with Sanofi. For example, data you provide to access the online CME Modules on the Site, to send us a request for information, etc.
- Data that we collect automatically, for instance when following your interactions with our websites, platforms, through certain technologies, such as cookies.
- Data that we collect in accordance with applicable law from public sources available.
- Data that we obtain legally from third parties, for example, when we may need to confirm contact information or to verify licensure of healthcare professionals. In such case, we generally receive such Personal Data from third-parties that are authorized to do so in the framework of their own privacy and data protection policies or in accordance with the law.
WHO HAS ACCESS TO PERSONAL DATA?
For the purposes described above, Sanofi may need to share your personal data with the following authorized third-parties:
- Sanofi and its affiliates.
- Our partners (healthcare professionals and organizations, distributors, other members of the healthcare and pharmaceutical industry).
- Selected suppliers, service providers or vendors acting upon our instructions for website hosting, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing, etc.
- Any professional advisors and external auditors, including without limitation, legal advisors, financial advisors and consultants;
- Legal or administrative authorities, as required by applicable laws including laws outside your country of residence.
- Potential acquirers and other stakeholders in the event of a merger, legal restructuring operation such as, acquisition, joint venture, assignment, spin-off or divestitures.
In any case, Sanofi will require that such third-parties:
- Undertake to comply with data protection laws and the principles of this Notice;
- Will only process the personal data for the purposes described in this Notice; and
- Implement appropriate technical and organizational security measures designed to protect the integrity and confidentiality of your personal data.
WHERE PERSONAL DATA MAY BE TRANSFERRED? SANOFI WILL ENSURE THAT TRANSFERS OF YOUR PERSONAL DATA ARE SAFEGUARDED
Sanofi is a multinational organization with affiliates, partners and subcontractors located in many countries around the world. For that reason, Sanofi may need to transfer (via access, visualization, storage, etc.) your Personal Data in other jurisdictions for the purposes described above.
HOW SECURE: SANOFI WILL IMPLEMENT SECURITY MEASURES TO PROTECT YOUR PERSONAL DATA
We have implemented a variety of technological and organizational procedures and measures to ensure the integrity and confidentiality of your personal data from unauthorized access, use and disclosure. These measures shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
HOW LONG: WE WILL RETAIN YOUR PERSONAL DATA FOR NO LONGER THAN NECESSARY
Sanofi will retain your personal data only for the period necessary to fulfil the purposes outlined in this Notice. As an exception, Sanofi may be required to retain your personal data for longer periods as required or permitted by law, as necessary to protect its rights and interests and/or as required by Sanofi’s relevant policies.
Your rights: Sanofi will ensure that you can exercise your rights pertaining to your personal data
You can exercise your rights as provided by applicable data protection laws. To that end, Sanofi informs you that you are entitled:
- To apply for a copy of your personal data that Sanofi holds;
- To correct your personal data should your personal data be inaccurate, incomplete, misleading or not up-to-date;
- To withdraw your consent to the processing of your Personal Data that Sanofi holds.
If you would like to exercise any of these rights, please contact us as described in the “How to Contact Us” section below and we will take necessary steps to respond as soon as possible. We may impose a fee for processing the aforesaid requests.
HOW TO CONTACT US
Sanofi welcomes any questions or comments you may have regarding this Notice or its implementation. Please send your questions or comments, including any request pertaining to Sanofi’s use of your personal data to Sanofi’s Data Protection Officer to:
Tel: +603 7651 0800
Fax: +603 7651 0801
Address: Unit TB-18-1, Level 18, Tower B, Plaza 33, No.1 Jalan Kemajuan, Seksyen 13, 46200 Petaling Jaya, Selangor
Operating Hours: 9am - 6pm from Mondays - Fridays (excluding Public Holidays)