1. Why this document?
"We", "us" and "our" means Sanofi-aventis Australia Pty Ltd trading as Sanofi, Sanofi Genzyme and Sanofi Pasteur, Sanofi-aventis Healthcare Pty Ltd, and Sanofi-aventis New Zealand Limited.
You consent to us collecting, holding, using and disclosing (collectively “Processing”) your personal information in accordance with this policy. As part of our day to day operations, we provide access to a variety of tools and resources which are designed to provide information to all the individuals with whom we have business interactions with (patients and their relatives, participants to clinical trials, healthcare professionals, users of products and services, workers, etc.) regarding our activities. Such tools and resources may be provided in various formats, including, more specifically in electronic format and by means of online electronic communications, including the website available at www.sanofi.com.au and any other website made available by us and to which this policy applies (hereinafter together the “Website”). In order to be able to provide them, we may need to Process personal information (as defined below) of their users. We are fully committed to the protection of personal information and intend to provide you with all relevant information regarding the way in which we Process your personal information.
2. What is personal information?
Personal information is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.
3. What personal information do we collect and hold?
We collect information about you and your interactions with us, for example, when you purchase or use any of our products or services, call us, interact with our chatbot or otherwise visit our Website. The information we collect from you may include your identity and contact details, financial details, information about your health and lifestyle choices, details regarding your history of interaction with our products and services and details of enquiries or complaints you make. As a matter of conducting our routine business, we may Process the following types of personal (including health) information:
- Identification data: any information which allows your identification, whether directly or indirectly such as your name or contact details (address, email address, telephone number), your job type or your company details;
- Messages: you may send us enquiries using this Website;
- Professional information: notably in case you submit a job application;
- Connection data: any information regarding your connection and access to this Website (e.g. type of machine and browser used, timestamp of your connection, IP address, pages visited, etc.), browsing history;
- Location data: information that may be provided by your machine and browser about your location if you allow such information to be shared with us;
- Cookies: data relating to and data which may be collected by cookies: for more information about cookies, please see below; and
- Sensitive information: under certain specific situations, we may Process philosophical, political and religious opinions, trade-union membership, sexual orientation, information relating to health, racial or ethnic origin: we will only Process such categories of personal information, which qualify as “sensitive” personal information or “special categories” of personal information if duly permitted under applicable data protection laws. In particular, we will only Process such information it has obtained your prior explicit and specific consent to do so.
4. Why do we collect, hold and use your personal information?
- to allow you to navigate our Website;
- to provide you access to online services, application and platforms; manage your online accounts (including conducting billing activities); inform and provide you with our products, services or other benefits or otherwise fulfill our obligations to you;
- to provide patient support, healthcare support services, patient engagement and prescription information; claims management, including insurance claims;
- to conduct research and development; carry out clinical studies, registries and trials; manage and validate the recruitment and participation of individuals to studies, trials and other operations; analyse demographic data; offer special programs, activities, trials, events or promotions via our services; carry out market or consumer studies;
- to personalize your browsing experience: when using our services; ensure that our services are presented in the way that best suits you; understand your professional and personal interests in our content, products and services or other content and adapt our content to your needs and preferences; present you products and offers tailored to you;
- to improve our products and services; identify usage trends and develop new products and services; understand how you and your device interacts with our services; track and respond to safety concerns; determine the effectiveness of our promotional campaigns, conduct surveys; quality assurance;
- to process your job applications;
- to allow us to identify and communicate with you; respond to your requests, inquiries or complaints; provide support for products and services; provide you with important information, administrative information, required notices, and promotional materials (including any future offers of products, services or other benefits or initiatives we think may be of interest to you); send you news and information about our products, our services, our brands, our operations; our marketing initiatives; organize and manage professional events and congresses, including your participation to such events; and
- to comply with our legal obligations and assist government and law enforcement agencies or regulators. If you do not provide us with your personal information we may not be able to provide you with our services, communicate with you or respond to your enquiries.
5. How do we collect your personal information?
We will collect your personal information directly from you whenever you interact with us (including via our Website, email, phone, person or in writing) or through third parties who are engaged by us for that purpose.
6. How do we store and hold personal information?
We store most information about you in computer systems and databases operated by either us or our external service providers. Some information about you is recorded in paper files that we store securely. We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure.
We will also take reasonable steps to destroy or de-identify personal information once we no longer require it for the purposes for which it was collected or for any secondary purpose permitted under the APPs.
7. Who do we disclose your personal information to, and why?
We may transfer or disclose your personal information to our related companies.
We may disclose personal information to external service providers so that they may perform services for us or on our behalf.
We may also disclose your personal information to others outside our group of companies where:
- we are required or authorised by law to do so;
- you may have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances; or
- we are otherwise permitted to disclose the information under the Privacy Act.
If the ownership or control of all or part of our business changes, we may transfer your personal information to the new owner.
8. Do we disclose personal information to overseas recipients?
We may disclose your personal information to recipients which are located outside Australia.
Those recipients are likely to be located in the USA, Singapore, Japan and the United Kingdom as well as countries within the European Union to help us improve our pharmaceutical, consumer healthcare, rare diseases and vaccine products and health services. We may also disclose personal information to a related company in Malaysia for the purposes of processing invoices and accounts.
We will implement appropriate measures to ensure your personal information remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws. These measures may include data transfer or data processing agreements implementing standard data protection clauses or other contractually binding obligations relating to the protection of personal information.
9. Do we use your personal information for marketing?
We will use your personal information to offer you products and services we believe may interest you, but we will not do so if you tell us not to.
Where you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.
10. Access to and correction of your personal information
You may access or request correction of the personal information that we hold about you by contacting us. Our contact details are set out below. There are some circumstances in which we are not required to give you access to your personal information.
There is no charge for requesting access to your personal information but we may require you to meet our reasonable costs in providing you with access.
We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up to date and complete.
12. Your rights under the EU GDPR
Under the European Union (EU) General Data Protection Regulation (“GDPR”), as a data subject you have the right to:
- access your data
- have your data deleted or corrected where it is inaccurate;
- object to your data being processed and to restrict processing;
- withdraw consent to having your data processed;
- have your data provided in a standard format so that it can be transferred elsewhere; and
- not be subject to a decision based solely on automated processing.
(“Data Subject Rights”)
We have processes in place to deal with Data Subject Rights requests. Our actions and responsibilities will depend on whether we are the controller or processer of the personal data at issue. Depending on our role as either a controller or processor, the process for enabling Data Subject Rights may differ, and are always subject to applicable law. Please refer to the Contact Details section of this policy if you would like to make a Data Subject Rights request
If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us. Our contact details are set out below.
We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.
If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance on alternative courses of action which may be available.
14. Contact details
If you have any questions, comments, requests or concerns, please contact us at:
Sanofi-aventis Australia Pty Ltd
Talavera Corporate Centre
Building D, 12-24 Talavera Road
Macquarie Park NSW 2113
Email: firstname.lastname@example.org or contact the global Compliance hotline in Australia - 1800 121 889
15. Changes to this policy
From time to time, we may change our policy on how we handle personal information or the types of personal information which we hold. Any changes to our policy will be published on our Website. You may obtain a copy of our current policy from our Website or by contacting us at the contact details above.
Privacy Collection Notice
Your personal information is being collected by Sanofi-aventis Australia Pty Ltd (ABN 31 008 558 807) and its Australian affiliates (together, we or us). Under the Privacy Act 1988 (Cth) (Privacy Act), we are required to tell you that we collect personal information (as defined in the Privacy Act) about you to assist in providing certain services including communicating with you in relation to our products, services and events. If we cannot collect that information we may not be able to provide these services or process your enquiries.
We collect this information mainly through our communications with you but we may do so also from other sources in the course of providing our services to you. We generally do not disclose information about you to any person except as required in the course of providing the services to you or for the ordinary administration of our business. The personal information you provide will be disclosed to the relevant team(s), which could include customer service, HR, supply chain, marketing, communications, legal, medical information etc. As Sanofi is a global pharmaceutical company some personal information may be transferred overseas. In certain circumstances, we may disclose information about you where permitted or authorised under the Privacy Act or other applicable law.
To the extent that the GDPR applies, our legitimate interest(s) in processing your information are those purposes specified above. Our legal basis for processing your information is any one or more of the following (as the specific circumstances dictate): (a) consent; (b) performance of a contract (including our provision of products or services to you); and/or (c) for the legitimate purposes specified in this notice.
If you would like to inform us that you do not wish to receive promotional material from us, request access to or the correction of information we hold about you or to make a complaint about our treatment of your privacy, please make a written request to our Privacy Officer.