Privacy Policy

We provide you this Privacy Statement or you are accessing it by yourself because you are visiting a website or using a mobile application (“application”) which is property of one of the Novartis group companies. Therefore, this company is processing your information that is considered as “personal data”. Novartis believes that the protection of your personal data and your privacy is a matter of the utmost importance.

Novartis Farmacéutica, S.A. (“Novartis”) with registered address at Gran Via de les Corts Catalanes, nº 764, CP 08013, Barcelona, is in charge of your personal data processing, since it decides why and how your data is processed and therefore it acts as the “Controller”. In this Privacy Statement “we” stands for Novartis.

This Privacy Statement is divided into two parts. Part I contains practical information about the specific personal data that we process when you visit our website or use our application, why we process this data and how we do it. Part II contains more general information about the standard technical or transactional personal data that we are processing when you visit our websites and use our apps, the legal basis for using your personal data, and your rights in relation to all personal data collected about you.

We encourage you to read carefully this Privacy Statement and, if you have any further questions regarding the processing of your personal data, we invite you to contact the Data  protection officer (DPO) at dpospain.novartis@novartis.com

Part I – Important Information

Novatis is processing your personal data when you visit or use our application.

Specific personal data that will be collected

For this purpose, we will collect the following specific personal data about you: the data that you provide us in case of data collection forms, the data that you send us when using the contact sections that may exist, the data related to the application to be downloaded and used.

This information may be provided directly by you (e.g. by filling out a web form or interacting with a website or application), provided by third parties or obtained through trusted public sources, after obtaining your consent to provide us with this personal data when necessary in accordance with applicable law.

Specific purposes for which we need your personal data

We will use the collected information for the following specific purposes:

  • to manage our users;
  • to manage and improve our websites and applications;
  • to measure the use of our websites and applications;
  • improve and personalize your experience and adapt the contents to you;
  • send you personalized services and content based on your location;
  • improve the quality of our products and services and expand our business activities;
  • control and prevent fraud, infringements and other possible misuse of our websites and applications;
  • career or job seeker: if this functionality is activated, your data will be used for the main purpose of personnel management and selection;
  • in case you request it, and it is permitted by current legal regulations, we will send you electronic commercial communications of our own or third parties’ products and / or services;
  • social networks: we will process your data for the purpose of correctly managing your presence in the corresponding social network, informing you of our activities, products and / or services, or of third parties that may be related to our activity, as well as for any other purpose that Social Network regulations may allow;
  • respond to an official request of a public or judicial authority that has the necessary authorization;
  • manage our information technology (IT) resources, including infrastructure management and business continuity;
  • preserve the economic interests of the company and ensure compliance and reporting;
  • archiving and record keeping; and
  • any other purpose imposed by law and authorities

Please note that we may also use the data collected for some other common purposes, and that the above purposes are explained with more details in Part II below.

Specific third parties with whom we will share your personal data

We will share your personal data with third parties who can provide services to us always with the legal guarantees that apply in each case.

Please note that we may also have to share your data with several other recipients (e.g. another entity of the Novartis Group if the entity that collects data is not the same as the one that uses them) but always under strict conditions, as explained in more detail in the Part II.

Storage Period

We will only store the above-mentioned personal data and the personal data indicated in Part II for a period that includes up to the duration of the use of the specific web or application and with a maximum of three years since your last connection.

Cookies and other similar technologies

We use specific types of cookies and other tracking technologies explained in Part II. If the website has another specific cookie policy, the provisions of said policy will prevail.

Please note that we also use cookies and other common technologies for the standard purposes indicated in Part II below (e.g. to ensure the proper functioning of our website or application).

Specific point of contact

Should you have any questions regarding the processing of your personal data in the previous context, please contact the DPO by sending an email to dpospain.novartis@novartis.com

 

 

Part II – General Information

The second part of this Privacy Statement shows in greater detail in what context we are processing your personal data and explains your rights and our obligations during the process.

  1. In what cases will we use your personal data?

We will not process your personal data if we do not have an appropriate justification provided in the legislation for this purpose. Therefore, we will only process your personal data in the following cases:

  • if we have previously obtained your consent;
  • if the processing is necessary to comply with the contractual obligations that we have acquired with you or to adopt pre-contractual measures if requested;
  • if the processing is necessary to comply with our legal or regulatory obligations; or
  • if the processing is necessary for our legitimate interests and does not unduly affect your interests or fundamental rights and freedoms.

Please note that, when processing your personal data based on the latter assumption, we always try to maintain a balance between our legitimate interests and your privacy. Examples of these “legitimate interests” are the data processing activities carried out in cases listed below:

  • to get benefit from cost-effective services (e.g. we can choose to use certain platforms offered by providers to process data);
  • to offer our products and services to our clients;
  • to prevent fraud or criminal activities, misuse of our products and services, as well as the security of our networks, architecture and IT systems;
  • to sell any part of our business or its assets or to allow the acquisition of all or part of our business or assets by a third party; and
  • to meet our corporate and social responsibility objectives.
  1. Who has access to your personal data and to whom are they transferred?

We undertake not to sell, disseminate or otherwise transmit your personal data to third parties, except in the cases explained in this Privacy Statement.

During the course of our activities and for the same purposes as those described in this Privacy Statement, your personal data may be consulted by the specific third parties identified in Part I of this Privacy Policy, or transferred to them and to the following categories of recipients, in case they have to know them, to fulfil these purposes:

  • our staff (including personnel, departments or other companies of the Novartis group);
  • our other providers and service providers;
  • our computer system providers, cloud service providers, database providers and consultants;
  • our business partners that offer products or services together with us;
  • any third party to which we assign or renew any of our rights and obligations;
  • our external advisors and lawyers in the context of the sale or transfer of any part of our business or its assets.

The aforementioned third parties have contractual obligation of protecting the confidentiality and security of your personal data, in compliance with the applicable legislation.

Your personal data can also be consulted by regulatory bodies, police, public or national and international courts, or transferred to them, either when we have the obligation to do so in compliance with the applicable legislation or regulations or when a request is made by them.

The personal data we collect from you may also be subject to processing, access or storage in a country other than the one in which Novartis is located, which may not offer the same level of personal data protection.

If we transfer your personal data to external companies in other jurisdictions, we will guarantee your personal data protection: (i) by applying the protection level required in accordance with local data protection / privacy legislation applicable to Novartis, (ii) acting in compliance with our rules and policies, and (iii) for Novartis located in the European Economic Area (i.e. the EU member states plus Iceland, Liechtenstein and Norway, the “EEA”), unless otherwise provided, by transferring your personal data exclusively in accordance with standard contractual clauses approved by the European Commission. You can request additional information regarding international transfers of personal data and obtain a copy of the relevant protection measures implemented by exercising your rights as detailed below in section 6.

For transfers of personal data within a group, the Novartis Group has adopted Binding Corporate Standards, a system of principles, standards and tools provided by European legislation, in order to guarantee effective levels of data protection in relation to transfers of personal data outside the EEA and Switzerland. Click here or follow the link for more information on Novartis Binding Corporate Standards at www.novartis.es in the section: “Data protection: your rights”.

  1. How do we protect your personal data?

We have implemented appropriate technical and organizational measures to provide a level of security and confidentiality to your personal data.

These measures consider:

  • the most recent advances in technology, the costs of its implementation;

 

  • the nature of the personal data; and

 

  • the processing risks.

The purpose of these measures is to protect your data against accidental or improper destruction or alteration, accidental loss, unauthorized disclosure or access and any other improper form of processing.

In addition, when processing your personal data, we will comply with the following obligations:

  • we only collect and process personal data that is adequate, relevant and not excessive, as required to fulfil the above purposes;
  • we guarantee that your personal data is up to date and accurate (for this last purpose, we may ask you to confirm the personal data we have about you and we also encourage you to inform us spontaneously if there is a change in your personal circumstances so that we can guarantee that your data are updated); and we may process the confidential data about you that you voluntarily provide in compliance with the applicable data protection rules and as strictly necessary for the relevant purposes indicated above, and only the relevant personnel access the data and process it, under the responsibility of one of our representatives who has the obligation to maintain professional secrecy or confidentiality.
  1. How long will we keep your personal data?

We will only keep your personal data for the time necessary to fulfil the purpose for which they were collected or to comply with regulatory or legal requirements.

Unless otherwise indicated in Part I of this Privacy Statement, the retention period is 36 months since your last use / access to the relevant website or application. When this period ends, your personal data will be deleted from our active systems.

  1. How do we use cookies and other similar technologies on our websites and applications?

5.1. Cookies

Cookies are small text files that are sent to your computer when you visit a website. We use cookies for the purposes explained above and in accordance with this Privacy Statement.

We do not use cookies to control individual visitors nor to identify you, but to obtain practical knowledge about the way in which our websites and applications are used. That knowledge allows us to improve them for users. The personal data generated through cookies are collected in a pseudo-anonymized format and are subject to your right to object to this data processing, as detailed below.

In particular, we can use the following types of common cookies:

  • user interface customization cookies (cookies that remember your preferences);
  • authentication cookies (cookies that allow you to leave our pages and return without having to authenticate again);
  • video player cookies (cookies that store data necessary to play audio or video content and save your preferences);
  • first-party analytical cookies (cookies that memorize the pages you have visited and provide information about your interaction with these pages); and
  • third-party analytical cookies (third-party cookies that control the statistics of our website and vice versa).

Please note that you can modify your browser to notify you about the sending of cookies. If you do not wish to receive cookies, you can also disable them by defining the appropriate settings in your browser. Finally, you can also delete the cookies that have already been sent to you.

For more information on how to manage cookies on your device, see the Help function of your browser or visit www.aboutcookies.org, which contains comprehensive information on how to do it in a wide variety of browsers (the link is external).

 

 

5.2. Other technologies

We may also use other technologies on our websites and applications to collect and process your personal data for the same purposes as those indicated above, including:

  • Internet tags (such as action tags, single-pixel GIFs, obvious GIFs, invisible GIFs and 1-by-1 GIFs, which are technologies that allow us to track user results); and Adobe Flash technology (including local Flash shared objects, unless you change the setting).
  1. What are your rights and how can you exercise them?

You can exercise the following rights under the conditions and limits stipulated by law:

  • the right to access your personal data as we process them and, if you believe that any information related to you is incorrect, outdated or incomplete, to request its correction or update;
  • the right to request the deletion of your personal data or the restriction to specific processing categories;
  • the right to withdraw your consent at any moment, without affecting validity of the processing before withdrawal;
  • the right to object, in whole or in part, to the processing of your personal data;
  • the right to object to direct marketing communications; and
  • the right to request portability, that is, that the personal data you have provided us with will be returned to you or transmitted to the person you choose, in a structured format, commonly used and machine readable, without any impediment from our side and in accordance with confidentiality obligations.

However, keep in mind that, in certain circumstances, the fact of not accepting cookies or the configuration of your browser may affect your browsing experience and prevent you from using certain functions on our websites or applications.

If you have a question or wish to exercise the above rights, you can send an email to DPO dpospain.novartis@novartis.com along with a scanned image of your national identity document for identification purposes.

If you are not satisfied with the way we process your personal data, please contact our data protection officer at global.privacy_office@novartis.com, who will analyse your claim.

In any case, you also have the right to submit a claim to the competent data protection authorities, in addition to your previous rights.

  1. What technical and transactional data can we collect about you?

7.1. Categories of technical and transactional data

  • information about your browser and device (e.g. Internet service provider domain, browser type and version, operating system and platform, screen resolution, device manufacturer and model);
  • statistics relating to your use of our websites and applications (e.g. information on the visited websites, sought information, duration of the visit to our website);
  • usage data (i.e., date and time of access to our website and application, downloaded files);
  • the location of your device when using our application (unless you disabled this function in the configuration of your device); and
  • more generally, any information you provide us when using our websites and applications.

Please note that we will not collect, use or knowingly disclose personal data of persons under 18 without obtaining the prior consent of a parent or legal guardian.

7.2. Why do we collect technical and transactional data?

We always process your personal data with a specific objective and only process personal data that is relevant to fulfil that objective. In addition to the purposes that have already been communicated to you in Part I of this Privacy Statement, we also process your personal data collected while using one of our websites or applications for the following common purposes:

  • manage our users (e.g. registration, account management, answer questions and offer technical assistance);
  • manage and improve our websites and applications (e.g. diagnose server problems, optimize traffic, integrate and optimize websites where appropriate);
  • measure the use of our websites and applications (e.g., generating traffic statistics, collecting information on user behaviour and the websites they visit);
  • improve and personalize your experience and better adjust the content to you (e.g. remembering your selections and preferences, by using cookies);
  • send you personalized services and content based on your location;
  • improve the quality of our products and services and expand our business activities;
  • control and prevent fraud, infringements and other possible misuse of our websites and applications;
  • you are visiting the Novartis website, so you will obey the legal and privacy conditions established therein. In any case, you agree that the data provided by you on said website will be communicated to us for the purposes explained above.
  • in case you request it, and if permitted by current legal regulations, we will send you electronic commercial communications of our own or third parties’ products and / or services related to the manufacturing and marketing sectors of pharmaceutical products and / or services and / or of pharmaceutical specialties, for the vision care, quality generic and biosimilar medicines, as well as manufacturing and marketing of surgical equipment and devices
  • social networks: we inform you that we are present in Social Networks. Processing of the data of the people who become followers (and / or perform any link or connection action through the Social Networks) at the Controller’s official pages in the social networks will be governed by this section, the rest of this Privacy Policy and the Conditions of Use of the Web, as well as those Conditions of use, privacy policies and other regulations of access, use and similar that belong to the corresponding social network. We will process your data for the purpose of correctly managing your presence in the corresponding social network, informing you of our activities, products and / or services, or those of third parties that may be related to our activity (related to the manufacturing and marketing sectors of pharmaceutical products and / or services and / or pharmaceutical specialties, for vision care, quality generic and biosimilar medicines, as well as manufacturing and marketing of surgical equipment and devices), as well as for any other purpose that the regulations of the Social Networks may allow.
  • respond to an official request of a public or judicial authority that has the necessary authorization;
  • manage our IT resources, including infrastructure management and business continuity;
  • preserve the company’s economic interests and ensure compliance and the generation of reports (such as compliance with our policies and local legal requirements, taxation and deductions, management of alleged cases of misconduct or fraud, conducting audits and defence in litigation);
  • any other purpose imposed by law and authorities.
  1. How will you be informed of the changes in our Privacy Statement?

Any future change or addition to the processing of your personal data as described in this Privacy Statement will be communicated to you in advance with an individual notification through our common communication channels (e.g. by email), as well as through our websites or applications (through banners, pop-up messages or other notification mechanisms).

Start typing and press Enter to search