The Novartis group companies in Australia (comprised of Novartis Australia Pty Limited and its related bodies corporate) and the Novartis group companies in New Zealand (comprised of Novartis New Zealand Ltd and its related bodies corporate) (Novartis) are bound by and comply with, in Australia, the Privacy Act 1988 (Cth) and, in New Zealand, the Privacy Act 1993 respectively.
2. Collection of Information
In general, the personal information we collect about you will include your name and contact details. For specific activities, such as clinical trials or patient support programs, we may also collect health-related information about you. We will always seek your express consent to collect health-related information.
Generally, we like to collect information directly from you. However, there are circumstances where we collect personal information from other sources, such as third party data providers, recruitment agencies, contractors or business partners.
We may collect your personal information if you:
acquire a product or service from us, or provide a product or service to us;
if you are contacted by one of our sales representatives;
contact us with a product-related or a medical enquiry or complaint (including if you report an adverse event or contact our customer service teams);
complete a survey or participate in a promotion that we conduct;
attend one of our conferences or meetings;
participate in a patient support program; or
otherwise interact with our staff.
The primary purpose for which we typically collect personal information will be for the provision of a product, service or information to you, or to enable your participation in an activity that we organise. We may state a more specific purpose at the point we collect your information. We also collect personal information for the purposes outlined in section 3 below.
You do not have to provide us with any information that we request. However, if you do not provide us with certain information we may not be able to provide you with products, services or information that you have requested, or you may not be able to participate in an activity organised by us.
3. Use and Disclosure of Information
We typically use personal information, and you consent to us using your personal information to:
supply you with our products and services (and for purposes necessary or incidental to the provision of products and services to you, such as providing support services with respect to Novartis products);
provide you with information about our products, services or activities that we believe you may be interested in;
conduct surveys or market research relating to our products and services;
enable your participation in activities conducted by us, including patient support programs or conferences;
communicate with you, including by email, mail or telephone;
conduct competitions or promotions;
verify your identity;
investigate any complaints made by you.
We may disclose personal information, and you consent to us disclosing your personal information, to other members of the Novartis group. We may also disclose personal information, and you consent to us disclosing your personal information, to third parties:
engaged by us to perform functions or provide products and services on our behalf, such as:
distributors of our products;
event organisers and travel agents;
hosting, data storage or archiving service providers,
payment processing and debt collection services;
marketing, research and advertising agencies;
that are our agents, business partners or joint venture entities or partners;
authorised by you to receive information held by us;
as part of a sale (or proposed sale) of all or part of our business.
You will generally be given the opportunity to “opt out” of receiving marketing or promotional communications from us. Instructions for opting out will typically be included somewhere on the communication. You can also opt out of receiving marketing or promotional materials at any time by contacting our Privacy Officer (see details below).
We will not share with third parties any identifiable health information about you without your consent.
We are committed to patient safety. In accordance with regulatory obligations, Novartis has a systematic process in place to collect, store and process reports of adverse events experienced by patients taking a Novartis product, when identified by a Novartis representative (or by a third party acting on behalf of Novartis). All information forwarded to the Novartis drug safety department is treated in accordance with local privacy laws and may be captured and processed in countries outside of the national territory, and shared with health authorities or other Pharmaceutical companies with whom Novartis has a license agreement, for the purpose of meeting the regulatory requirements for reporting safety information on Novartis products. We may also use that information to contact you in relation to your report or send you product, health or other information which we consider to be of importance.
4. Storage and Security
We keep your data only for as long as is reasonably necessary, having regard to the purpose of collection, and in accordance with applicable legal requirements. We take data security very seriously and take all reasonable steps to ensure the security and confidentiality of the information that we collect. We observe strict data handling and information security protocols. Staff compliance with our policies and procedures is regularly audited and reviewed. While we cannot guarantee against any loss, misuse or alteration to data, we use best endeavours to prevent such unfortunate occurrences.
5. Data Transfer Abroad
Novartis is part of a global enterprise with databases in different jurisdictions. You acknowledge and agree that we may transfer your personal information to related companies or third parties outside Australia and New Zealand, including to data storage facilities and processors in Switzerland, the United Kingdom, Sweden, Japan, China, Ireland, the Netherlands, Egypt, Singapore, the USA or India. In relation to any cross-border data transfers or storage, we will take all reasonable steps to ensure that its service providers are obliged to protect the privacy of your personal information and observe strict security standards.
In addition to this Policy, we have adopted Binding Corporate Rules (BCR), a set of principles governing the international transfer of personal information of Novartis associates, customers, business partners and other individuals whose data is collected or processed in the European Union (EU) and in Switzerland. The approval of the BCR by EU and Swiss Data Protection Authorities allows Novartis to transfer your personal information from the EU and Switzerland to Novartis affiliates in other countries in compliance with EU and Swiss data protection laws.
6. Anonymous Data and "Cookies"
Most of the information that we collect when you visit our website is anonymous information and not personal information, such as the pages you visit and searches you perform, which is processed by us to help improve the contents of the website and to compile aggregate statistics about use of the website for internal, market research purposes. To collect this anonymous information, "cookies" may be sent via your browser and installed on your hard drive that collect the first level domain name of the user (e.g., "bigmail.com" from an e-mail address of "[email protected]") and the date and time of access. "Cookies" by themselves cannot be used to discover the identity of the user. A "cookie" is a small piece of information which is sent to your browser and stored on your computer's hard drive. You can set your browser to notify you when you receive a "cookie", this will enable you to decide if you want to accept it or not.
7. Right of Access, Correction and Complaints
Subject to some exceptions, you have the right to access and update the personal information that we hold about you. We take reasonable steps to ensure that any information we hold about you is up-to-date, accurate, and complete. If you wish to access or correct your personal information, please contact our Privacy Officer (see details below). Your request will be dealt with in a prompt and proper manner.
If you have any complaints about our privacy compliance, or if you would like to make any recommendations to improve the quality of our privacy compliance, please contact our Privacy Officer in the first instance (see details below). We may require you to put your complaint in writing. Our Privacy Officer will be responsible for investigating your complaint and reporting the outcome of his/her investigation to you. If you are not satisfied with the outcome of that investigation, we can refer you to the Office of the Australian Information Commissioner or the Office of the Privacy Commissioner in New Zealand (as applicable) for further investigation.
The Privacy Officer
Novartis Australia Pty Ltd PO Box 101 (54 Waterloo Road) Macquarie Park NSW 1670
The Privacy Officer
Novartis New Zealand Limited 109 Carlton Gore Road, Newmarket, Auckland 1023
This policy was last updated on 27 March 2014.
9. Novartis Australia and New Zealand Credit Information Policy
Click here to view the Novartis Australia and New Zealand Credit Information Policy.