Personal Data Protection Notice (“Notice”)



SANOFI commits to protect your personal data and implements all necessary means to ensure such protection, in accordance with its Global Privacy Policy. This Personal Data Protection Notice (“Notice”) will explain to you the purpose and the modalities by which SANOFI processes your personal data through this website ( (hereinafter the “Site”).


This Notice outlines SANOFI-AVENTIS (MALAYSIA) SDN BHD’s (“Sanofi”, “we”, “us”, or “our”) policy and responsibilities on the collection, use, disclosure, processing and transfer of your Personal Data (as defined hereunder) on the Site, in accordance with the Personal Data Protection Act 2010 of Malaysia (“Act”).


For the purposes of this Notice, Sanofi means Sanofi-Aventis (Malaysia) Sdn. Bhd. and/or all its affiliates.


By visiting this Site, providing your Personal Data to access the online CME modules contained within the Site and/or interacting with Sanofi, you acknowledge that you have read and agree to the collection and processing by Sanofi of your Personal Data in the manner described in this Notice.

This Notice may be modified by Sanofi, from time to time, in particular to adapt its terms to evolutions or changes of applicable legislations and/or to Sanofi’s practices. Changes will be available on this page. We invite you to check this Notice periodically. By continuing to communicate with Sanofi or by continuing to use the Site and/or providing your Personal Data to Sanofi following the modifications to this Notice, this shall signify your acceptance of such modifications.

In the event of any conflict between the English and other language versions, the English version shall prevail.


When operating, this Site may collect the following categories of Personal Data:

  • For purposes of identification data, (1) to allow access to the online CME modules contained in the Site, and/or for CME points accreditation after completion of the CME modules: your email address, specialty and/or sub-specialty, national identification number and Medical Council Registration (MCR) number; and (2) depending on the nature of your other interaction with Sanofi, your name, contact details (e.g. address, email address, telephone number), your professional information (e.g. job type, your company, clinic, hospital).
  • Messages: you may send us enquiries using this Site.
  • Connection data: any information regarding your connection and access to this Site (e.g. type of machine and browser used, timestamp of your connection, Internet protocol (IP) address, pages visited, browsing history, etc.). Generally we do not link your IP address to anything that will enable us to identity you.
  • Location data: information that may be provided by your machine and browser about your location if you allow such information to be shared with Sanofi.
  • Data relating to and data which may be collected by cookies: Sanofi may use cookies on this Site to store some information on your computer to improve the quality of your visit to our Site. In some cases, this information will help us to tailor the content to your interests, or help us to avoid asking for the same information on repeat visits to this Site. No personally identifiable information is available in this process.


Any processing of Personal Data must be implemented for a defined purpose. In this respect, the collection and processing of Personal Data on this Site is conducted for the following purposes:

  • To allow you to navigate this Site and personalize your browsing experience when using the Site. Sanofi may use cookies on this Site to store some information on your computer to improve the quality of your visit to our Site. In some cases, this information will help us to tailor the content to your preference, or help us to avoid asking for the same information on repeat visits to this Site. No personally identifiable information is available in this process.
  • To compile statistical data on the use of our Site to track the total number of visitors to this Site, the number of visitors to each page of this Site, how visitors navigate through this Site and the domain names of visitor’s internet service providers for the purposes of evaluating and improving the Site.
  • To verify that you are a registered healthcare professional and to provide you access to the online CME platform; to submit your details to the responsible or relevant authority/institution for CME points accreditation;
  • To manage your online accounts (if any), to send you related communications, respond to your queries and information with your consent, and for the purposes of statistical analysis.
  • To comply with legal or regulatory obligations that apply to Sanofi; monitor safety; manage adverse events; carry out prevention and investigatory activities; carry out administrative formalities, registration, declarations or audits.
  • To respond to legal requests from administrative or judicial authorities, in accordance with applicable laws; comply with a subpoena, required registration, or legal process.
  • To protect our rights and interests; protect the health, safety, and security of Sanofi personnel and premises; carry out internal audits, asset management, system and other business controls; manage business administration (finance and accounting, fraud monitoring and prevention); maintain the security of our services and operations; protect our rights, privacy, safety or property, to allow us to pursue available remedies or limit the damages that we may incur as necessary; to protect ourselves against possible fraudulent actions.
  • To improve and develop the Site; identify usage trends and develop content for the Site; understand how you and your device interacts with the Site; track and respond to safety concerns; determine the effectiveness of the Site.

Sanofi shall not collect, disclose, use or process any such Personal Data unless you voluntarily choose to provide us with it, or give your consent, or unless such disclosure is permitted or required by applicable laws and regulations.

It is voluntary for you to supply your Personal Data to us for the Purposes, however, should you refuse, we may not be able to (1) communicate with you; or (2) provide you with access to the online CME Modules contained in the Site; and/or (3) faciliate submission of your details to the responsible or relevant authority/institution for CME points accreditation. If you delete or choose not to allow the use of cookies, some areas of our Site may not function properly or be accessible.


Depending on the data processing at stake, Sanofi will generally process your personal data on either one of the following legal basis:

  • Your prior consent: where you have clearly expressed your approval of Sanofi’s processing of your Personal Data. In practice, this will generally mean that SANOFI will ask you to sign a document, or to fill-in an online “opt-in” form or to follow any relevant procedure to allow you to be fully informed and then either clearly accept or refuse the envisaged Personal Data processing. By navigating this Site and, if relevant, consenting to the processing of your Personal Data using cookies (as per our Cookie Policy below).
  • Legal obligations applicable to Sanofi’s activities; for instance, Sanofi is required to implement pharmacovigilance procedures to monitor adverse effects of marketed products, which generally involves the collection and retention of personal data.
  • The “legitimate interest” of Sanofi in the sense of applicable data protection law. In such a case, Sanofi shall consider your fundamental rights and interests in determining whether the processing is legitimate and lawful.

Sanofi may, on a case-by-case basis, rely on other legal grounds, such as the protection of your vital interests, in accordance with the Act and/or any applicable data protection law.

About Children’s Personal Data

While in some instances we may collect Personal Data about children with the consent of his/her parent or guardian for the provision of our services such as clinical activities or for patient support programs, we do not otherwise knowingly solicit Personal Data from, or market to, children. If a parent or guardian becomes aware that his or her child has provided us with personal information, he or she should contact us as described in the “How to Contact Us” section below. We will take steps to delete such information from our database in accordance with applicable legal requirements.

Consent from third parties

In some circumstances you may have provided personal data relating to other individuals (such as your spouse, family members or friends) and in such circumstances you represent and warrant that you are authorised to provide their personal data to us and you have obtained their consent for their personal data to be processed and used in the manner as set forth in this Notice.

Links to Third-Party Websites

The Site may contain links to third parties' websites. Please note that we are not responsible for the collection, use, maintenance, sharing, or disclosure of data and information by such third parties. If you provide information directly to such sites, the privacy policy and terms of service on those sites are applicable and we are not responsible for the information processing practices or privacy policies of such sites.


Sanofi may collect your personal data from different sources:

  • Data that you communicate to us through various media, through registrations, or direct and indirect interactions with Sanofi. For example, data you provide to access the online CME Modules on the Site, to send us a request for information, etc.
  • Data that we collect automatically, for instance when following your interactions with our websites, platforms, through certain technologies, such as cookies.
  • Data that we collect in accordance with applicable law from public sources available.
  • Data that we obtain legally from third parties, for example, when we may need to confirm contact information or to verify licensure of healthcare professionals. In such case, we generally receive such Personal Data from third-parties that are authorized to do so in the framework of their own privacy and data protection policies or in accordance with the law.


For the purposes described above, Sanofi may need to share your personal data with the following authorized third-parties:

  • Sanofi and its affiliates.
  • Our partners (healthcare professionals and organizations, distributors, other members of the healthcare and pharmaceutical industry).
  • Selected suppliers, service providers or vendors acting upon our instructions for website hosting, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing, etc.
  • Any professional advisors and external auditors, including without limitation, legal advisors, financial advisors and consultants;
  • Legal or administrative authorities, as required by applicable laws including laws outside your country of residence.
  • Potential acquirers and other stakeholders in the event of a merger, legal restructuring operation such as, acquisition, joint venture, assignment, spin-off or divestitures.

In any case, Sanofi will require that such third-parties:

  • Undertake to comply with data protection laws and the principles of this Notice;
  • Will only process the personal data for the purposes described in this Notice; and
  • Implement appropriate technical and organizational security measures designed to protect the integrity and confidentiality of your personal data.


Sanofi is a multinational organization with affiliates, partners and subcontractors located in many countries around the world. For that reason, Sanofi may need to transfer (via access, visualization, storage, etc.) your Personal Data in other jurisdictions for the purposes described above.

Safeguards for international transfers of personal data: In cases where Sanofi needs to transfer personal data for the purposes described above, it shall ensure that adequate safeguards, as required under applicable data protection legislation, will be implemented.

In this respect and in particular, for intra-group transfers of personal data implemented for clinical studies and pharmacovigilance purposes, Sanofi has implemented and shall apply its “Binding Corporate Rules” validated by the EU Data Protection Authorities.

By accessing and using this Site, you understand and consent to the transfer of your Personal Data out of Malaysia as described herein.


We have implemented a variety of technological and organizational procedures and measures to ensure the integrity and confidentiality of your personal data from unauthorized access, use and disclosure. These measures shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

For instance, we store your personal data on servers that have various types of technical and physical access controls, which may include, for instance, if appropriate, encryption. We may also aggregate, pseudonymize or anonymize personal data to ensure that no personally identifiable information is communicated to third parties.


Sanofi will retain your personal data only for the period necessary to fulfil the purposes outlined in this Notice. As an exception, Sanofi may be required to retain your personal data for longer periods as required or permitted by law, as necessary to protect its rights and interests and/or as required by Sanofi’s relevant policies.

Your rights: Sanofi will ensure that you can exercise your rights pertaining to your personal data

You can exercise your rights as provided by applicable data protection laws. To that end, Sanofi informs you that you are entitled:

  • To apply for a copy of your personal data that Sanofi holds;
  • To correct your personal data should your personal data be inaccurate, incomplete, misleading or not up-to-date;
  • To withdraw your consent to the processing of your Personal Data that Sanofi holds.

If you would like to exercise any of these rights, please contact us as described in the “How to Contact Us” section below and we will take necessary steps to respond as soon as possible. We may impose a fee for processing the aforesaid requests.

In respect of your right to access and/or correct your Personal Data, Sanofi has the right to refuse your requests to access and/or make any correction to your Personal Data for the reasons permitted under law, such as where the expense of providing access to you is disproportionate to the risks to your or another person’s privacy.

If you do not wish for your Personal Data to be collected via cookies on the Site, you can erase cookies from your computer's hard drive or refuse to accept cookies by adjusting the settings on your Internet browser. Please refer to the Cookie Policy.


Sanofi welcomes any questions or comments you may have regarding this Notice or its implementation. Please send your questions or comments, including any request pertaining to Sanofi’s use of your personal data to Sanofi’s Data Protection Officer to:

Tel: +603 7651 0800
Fax: +603 7651 0801
Address: Unit TB-18-1, Level 18, Tower B, Plaza 33, No.1 Jalan Kemajuan, Seksyen 13, 46200 Petaling Jaya, Selangor
Operating Hours: 9am - 6pm from Mondays - Fridays (excluding Public Holidays)