At Novartis, we strive to be transparent in all our interactions. From time to time, Novartis Corporation (Malaysia) Sdn Bhd(referred as "Novartis" or "we" or "us") solicits Personal Data from Healthcare Professional (“HCP”) with whom we intend to create and maintain a relationship.

We invite you to carefully read this Privacy Notice, which sets out in which context we are processing your Personal Data and explains your rights and our obligations when doing so.

What Personal Data will Novartis collect from me

Novartis and / or its duly authorized third party may collect the following Personal Data from you:

  • your general and identification information (e.g. name, first name, last name, gender, email and/or postal address, fixed and/or mobile phone number);
  • your function (e.g. title, position, name of company, as well as, for healthcare professionals, first specialty, second specialty, year of graduation from medical school, publications, congress activities, awards, biography, education, links to universities, expertise and participation in/contribution to clinical trials, guidelines, editorial boards and organizations);
  • payment information (e.g. credit card details, bank account details, VAT or other tax identification number);
  • Novartis unique business partner ID and profile;
  • your electronic identification data where required for the purpose of delivering products or services to our company (e.g. login, access right, passwords, badge number, IP address, online identifiers/cookies, logs, access and connexion times, image recording or sound such as badge pictures, CCTV or voice recordings);
  • information regarding your utilization, responses and/or preferences including in terms of types of messages discussed, channels of communication and frequency;
  • data you provide to us for example when you fill in forms or during events you attend, or when you answer questions during a conversation or in a survey;
  • data which relate to our products and services; and
  • information about the promotional, scientific and medical activities/interactions you have with us, including potential future interactions.

How will Novartis use my Personal Data

Novartis and its affiliate entities or duly authorized third party may use my Personal Data for the following purpose:

  • Manage our relationship with you (e.g., through our databases);
  • implement tasks in preparation of or to perform existing contracts;
  • provide you with appropriate, adequate and updated information about disease, drugs as well as our products and services;
  • improve the quality of our interactions and services by adapting our offering to your specific needs;
  • answer your requests and provide you with efficient support;
  • send you surveys (e.g. to help us improve your future interactions with us);
  • send you communications regarding products, therapeutic areas or services that we promote;
  • planning as well as call reporting;
  • manage, plan and execute communications and interactions with you (e.g. through the operation of a database keeping records of interactions with healthcare professionals or managing call planning as well as call reporting);
  • invite you to events or promotional meetings sponsored by us (e.g. medical events, speaker events, conferences);
  • grant you access to our training modules allowing you to provide us with certain services;
  • manage our IT resources, including infrastructure management and business continuity;
  • preserve the company’s economic interests and ensure compliance and reporting (such as complying with our policies and local legal requirements, tax and deductions, managing alleged cases of misconduct or fraud; conducting audits and defending litigation);
  • manage mergers and acquisitions involving our company;
  • archiving and record keeping; and
  • any other purposes imposed by law and authorities

Who has access to my Personal Data and to whom are they transferred

Novartis will not sell, share, or otherwise transfer your Personal Data to third parties other than those indicated in this Notices.

In the course of our activities and for the same purposes as those listed above, your Personal Data can be accessed by, or transferred to Novartis affiliate companies located worldwide and/or its authorized agents or service providers, on need to know basis to achieve such purposes.

The above third parties are contractually obliged to protect the confidentiality and security of your Personal Data, in compliance with applicable local law. Your Personal Data can also be accessed by or transferred to any national and/or international regulatory, enforcement, public body or court, where we are required to do so by applicable local law or regulation or at their request.

The Personal Data we collect from you may also be processed, accessed or stored in a country outside the country where Novartis Corporation (Malaysia) Sdn Bhd located, which may not offer the same level of protection of Personal Data.

If we transfer your Personal Data to external companies in other jurisdictions, we will make sure to protect your Personal Data by:

  1. applying the level of protection required under the local data protection/privacy laws applicable to Novartis Corporation (Malaysia) Sdn Bhd; and
  2. acting in accordance with our policies and standards

For intra-group transfers of Personal Data to our group companies the Novartis Group has adopted Binding Corporate Rules, a system of principles, rules and tools, provided by European law, in an effort to ensure effective levels of data protection relating to transfers of Personal Data outside the EEA and Switzerland.

How do we protect your Personal Data

We have implemented appropriate technical and organizational measures to provide an adequate level of security and confidentiality to protect your Personal Data against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and against other unlawful forms of processing.

How long do we store your Personal Data

Novartis will only retain your Personal Data for as long as necessary to fulfil the purpose for which it was collected and to comply with any local legal or regulatory requirements.

Personal Data collected and processed in the context of a dispute are deleted or archived (i) as soon as an amicable settlement has been reached, (ii) once a decision in last resort has been rendered or (iii) when the claim becomes time barred.

What are your rights and how can you exercise them

You may exercise the following rights under the conditions and within the limits set forth in the law: -

  • Right to access and correction of your Personal Data if you believe that any information relating to you is incorrect, obsolete or incomplete; and
  • Right to withdraw your consent at any time, without affecting the lawfulness of the processing before such withdrawal and subsequent data retention.

If you have further data privacy related questions, please contact our Novartis Country Data Privacy Officer at [email protected]

If you would like to know more about Privacy in Novartis please visit the following link:

https://www.novartis.com/sites/www.novartis.com/files/novartis-data-privacy-principles.pdf