1. Collection of personal information
Sanofi is in the business of researching, developing, manufacturing and marketing pharmaceutical, consumer health care, rare disease and vaccine products. As a matter of conducting its routine business, Sanofi may collect the following types of personal (including health) information:
a. Consumers and Patients
Sanofi obtains personal information from patients and members of the public in various ways including in writing, the internet, social media and through telephone enquiries. The type of information Sanofi collects includes a person’s name, address and contact details, and information relating to the enquiry. Sanofi may also collect information about a patient or consumer’s current and past medical status, such as medications being taken, the names of a patient’s healthcare providers, medical procedures undergone and other information that is reasonably required to properly respond to an enquiry.
Collecting this personal information is necessary to enable Sanofi to deal with the enquiry and may be necessary to allow us to meet any legal obligations.
On occasions, health professionals disclose personal and health information about themselves and their patients to Sanofi when it is considered necessary in relation to the treatment of a patient.
b. Patient Support and Information Programs
c. Healthcare Professionals and their Employees
Sanofi collects personal information about healthcare professionals and their employees or assistants, such as doctors and pharmacists, who prescribe and dispense Sanofi products, to enable it to deal with those health professionals.
When you look at a Sanofi operated website, the Internet Service Provider of our parent company located in France makes a record of your visit and logs the following information for statistical purposes:
- your server address;
- your top level domain name (for example .com, .gov, .au, .uk etc);
- the pages you accessed and documents downloaded;
- the previous site you have visited; and
- the type of browser you are using.
Sanofi will not make an attempt to identify users or their browsing activities. However, in the unlikely event of an investigation, a law enforcement agency or other government agency may exercise its legal authority to inspect our parent company’s Internet Service Provider’s logs.
Sanofi will only record your e-mail address if you send us a message. Your e-mail address will only be used or disclosed for the purpose for which you have provided it and it will not be added to a mailing list or used or disclosed for any other purpose without your consent.
Google Analytics Demographics and Interest Reporting have been enabled on some Sanofi operated website and as a result personal information about users such as age, gender and interests may be collected. Such information will only be used or disclosed for the purpose of better understanding users and identify how experience and interaction can be improved and will not be used or disclosed for any other purpose without your consent.
e. Information Collected from Clinical Trials
At times patients may participate in clinical trials of pharmaceutical or consumer products in order to further research and development of certain drugs or health services. In doing so, patients may provide personal information to the doctor or investigator conducting the clinical trial.
However, personal and health information collected by doctors and investigators conducting clinical trials is not generally provided to Sanofi. Sanofi receives the information relating to a clinical trial patient’s health and pharmaceutical needs in a de-identified form. Personal information such as the patient’s name and address is not provided to Sanofi.
On occasions people employed by Sanofi, or contractors working on behalf of Sanofi, may access this personal information at the source of collection for the purpose of verifying data.
Sanofi collects personal information about the doctors and investigators conducting clinical trials and people who assist them. In general, the type of information Sanofi collects includes the name, address, telephone details, field of expertise, position, role in study and qualifications and includes information provided on Curricula Vitae and Financial Disclosure Forms. Sanofi may use such information worldwide to pursue its business. In particular, Sanofi is required to obtain comprehensive information about potential or actual investigators in order to maintain quality clinical trials and consistently meet global regulatory and compliance guidelines. Some of the information collected may be stored and used overseas.
f. Adverse Event Reporting
Sanofi may collect personal information for the purpose of maintaining a record of medical queries, complaints and adverse event reports relating to our products and reporting these to relevant regulatory bodies, related companies or other companies which market the same product as may be required or prudent.
2. Sanofi’s use of personal information
The Principles generally require Sanofi to use personal information only for the primary purpose for which it is collected, or for secondary purposes that are related to the primary purpose. In general, Sanofi uses personal information for the following purposes:
- to promote and market Sanofi’s products and services;
- to provide health products or services (including advice) that have been requested;
- to involve doctors and investigators (and the people who assist them) in clinical trials; and
- to comply with legal obligations.
Sanofi may disclose personal information to third parties, including its associated companies, within or outside of Australia or New Zealand, including but not limited to: France, USA, Singapore and Japan to help Sanofi improve its pharmaceutical, consumer healthcare, rare diseases and vaccine products and health services. Sanofi may also disclose personal information to a related company in Malaysia for the purposes of processing invoices and accounts.
The circumstances in which we may disclose your personal information includes but is not limited to:
- where we notified you at the time of supply of the personal information to us or it is expressly permitted under any agreement;
- where it is necessary to provide you with a service or goods which you have requested;
- where required for the ordinary operation of our business (for example, to send you information about our goods and services);
- where it is necessary for support services to be provided in relation to our business activities (please note that such disclosures will only be to people and entities required to meet the same standards of data protection and are prevented from using the information for their own marketing purposes);
- where we consider the law requires it, or in response to any demand by law enforcement authorities;
- Regulatory authorities (such as the Therapeutic Goods Administration, Medsafe New Zealand and State and Territory drug and health authorities) where we are required to provide your personal information to the particular authority;
- Another company for the purpose of ensuring continuity of product supply and/or service if the supply of the product or service has been transferred to that company; and
- Such third parties otherwise permitted or required by law.
Generally, we require that organisations outside of Sanofi who handle or obtain personal information as service providers to Sanofi acknowledge the confidentiality of this information, undertake to respect an individual’s right to privacy and comply with the Principles and this Policy.
In most cases, if you do not provide information about yourself which Sanofi has requested, Sanofi may not be able to provide you with the relevant service or information required.
4. Sensitive information is subject to greater restrictions
Some personal information collected by Sanofi is considered “sensitive”. Sensitive information which Sanofi may collect includes a person’s state of health and medical history.
The Principles require that sensitive information is used and disclosed only for the purposes for which it was provided, or a directly related secondary purpose, unless you agree otherwise or for other specific reasons such as if the use or disclosure of this information is required by law or to prevent a serious and imminent threat to life or health of an individual.
5. Data breach
Where a suspected data breach has occurred, Sanofi will act in accordance with its data breach response plan. In the event that Sanofi has determined that an “eligible data breach” has occurred, Sanofi will report it to the Office of the Australian Information Commissioner and the affected individual(s).
6. Management and security of personal information
Sanofi has appointed a Privacy Officer to oversee Sanofi’s management of personal information in accordance with this Policy and the Principles.
All personal information that is collected is held electronically on password protected systems. Personal information is only accessible by persons that require access to that information to carry out their work. Sanofi has directed its staff that personal information must be dealt with in accordance with this Policy and kept secure from unauthorised access or disclosure.
Your request should detail your name, contact details, your former name or alias, if any, and the information you believe we may hold on you. You do not have to provide a reason for requesting access. Where we hold information that you are entitled to access, we will endeavour to provide you with a suitable range of choices as to how you may access it (e.g. emailing or mailing it to you). In any event we will acknowledge receipt of request within 10 working days and endeavour to respond to your request within 30 days.
If you believe that the personal information we hold about you is incorrect, incomplete or inaccurate, then you may request we amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment, then we will add a note to the personal information we hold stating that you disagree with it.
8. How to complain about a privacy breach and how will Sanofi deal with such a complaint
If you believe that Sanofi has breached the Principles you may complain in writing to our Privacy Officer (see contact details below). Sanofi will respond within thirty (30) days and will use its best endeavour to resolve the issue.
If you are unsatisfied with Sanofi’s answer, you may take your complaint to the Office of the Australian Information Commissioner as detailed on http://www.oaic.gov.au/privacy/privacy-complaints or to the Office of the Privacy Commissioner for New Zealand as detailed on http://www.privacy.org.nz/your-privacy/how-to-complain/.
Contact the Privacy Officer
Sanofi-aventis Australia Pty Ltd
Talavera Corporate Centre
Building D, 12-24 Talavera Road
Macquarie Park NSW 2113