Data Privacy Notice for the creation and management of the Novartis User Account (My Novartis)
Sep 27, 2019
Personal information collected
The information collected from you may include your first and last names, country, telephone number and your unique social media identifier (example: Facebook ID) if you sign up using your social media as your identity provider.
Data controller of personal information collected. Purpose and justification for collecting personal information
Based on your consent, this information will be used by Novartis Pharma AG and other Novartis group companies worldwide (collectively “Novartis”) for the purpose of creating a Novartis User Account that will allow you to be identified upon log-in every time you access Novartis owned or supported websites, applications and devices. This Notice is not intended to replace or supersede the dedicated Data Privacy Notice applicable to each website, application or device but is meant to inform you about how your information will be used to create a Novartis User Account.
Novartis Pharma AG is responsible for the processing of your personal data as it decides why and how it is processed, thereby acting as the “controller”.
Personal information disclosure to third parties
Your personal information will be processed by third parties who act for or on Novartis’ behalf in accordance with the purposes described in this notice. These third parties may be located in countries or territories that may not offer the same level of data protection as the country in which you reside. Where the processing of your Personal Data is delegated to such a third party, Novartis will ensure that such third party provides sufficient guarantees with respect to the technical and organizational security measures governing the processing of your Personal Data. Novartis will not share your information with anyone who is not directly connected with the creation of your Novartis User Account.
Novartis has adopted Binding Corporate Rules, a system of principles, rules and tools, provided by European law, in an effort to ensure effective levels of data protection for sharing personal information within Novartis, in particular relating to transfers of personal information outside the European Economic Area and Switzerland.
Deletion of your Novartis User Account
You can choose to delete your Novartis User Account at any time by navigating to the ‘Edit Profile’ page after logging into your Novartis User Account and confirming your deletion request. The link to the ‘Edit Profile’ page can be found in the email you receive when you first create your Novartis User Account.
Retention of personal information
Your Novartis User Account and related personal information will be closed and deleted automatically by Novartis if you are not active within Novartis environments for more than 18 months. This will not impact personal information already collected and processed in each website, application and device, but you will no longer be able to use that account to connect to any of the websites, applications and devices unless you create a new Novartis User Account. There may be cases when all or some of your personal information may be stored for a longer time period if Novartis is required to do so because of an applicable law, court order or governmental regulation or if such retention is otherwise necessary in support of any criminal or other legal investigation or proceeding here or abroad.
Protection of your personal data
Novartis has implemented appropriate technical and organizational measures to provide an adequate level of security and confidentiality to your personal data, taking into account the nature of the data and the risk of processing such data. This is done to protect your data against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and against other unlawful forms of processing. Moreover, when handling your personal data, Novartis complies with the following obligations: Novartis only collects and processes required personal data that is adequate, relevant and not excessive to meet the above purposes; Novartis ensures that your personal data remains up to date and accurate. You may spontaneously inform us at any time whenever there is a change in your personal circumstances so we can ensure your personal data is kept up-to-date.
Exercise of access rights and contact details
You may exercise the following rights under the conditions and within the limits set forth in the law:
the right to access your personal data as processed by us and, if you believe that any information relating to you is incorrect, obsolete or incomplete, to request its correction or update;
the right to request the erasure of your personal data or the restriction thereof to specific categories of processing;
the right to withdraw your consent at any time, without affecting the lawfulness of the processing before such withdrawal;
the right to object, in whole or in part, to the processing of your personal data;
the right to object to a channel of communication used for direct marketing purposes; and
to the extent applicable, the right to request that the personal data you have provided to us be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable format without hindrance from us and subject to your confidentiality obligations (i.e. data portability).
If you have a question, are not satisfied with how Novartis processes your personal data, or if you want to exercise the above rights, you may send an email to [email protected]. When contacting Novartis, please add a description of your relationship and/or your interactions with us. If you wish to receive information related to your personal data, please also add a scan of your identity card, which will only be used to verify your identity. Prior to sending such scan, please make sure to redact your picture and national registry number or equivalent from the scanned image. Note, you also have the right to lodge a complaint directly with a supervisory authority regarding the processing of your personal data.
What is a cookie?
Cookies are small text files that are sent to your computer when you visit a website. Cookies on Novartis Group company (Novartis) websites do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences and generally improving your experience of a website.
The type of cookies we use
Session cookies are temporary and only remain on your computer or device from the point at which you visit the Novartis User Account web pages until you close your browser. Session cookies are deleted when you close your browser. Any data collected by using these cookies will be stored and managed by Novartis or one of its trusted affiliates in countries Novartis operates in.
The EU Directive 2009/136/EC states that we can store cookies on your machine if they are essential to the operation of this site, but that for all others we need your permission to do so. We only set strictly necessary cookies that are essential to enable the core functionality of this website service.
How to control cookies
If you wish to restrict or block web browser cookies which are set on your device then you can do this through your browser settings; the Help function within your browser should tell you how. Alternatively, you may wish to visit www.aboutcookies.org,which contains comprehensive information on how to do this on a wide variety of desktop browsers. However, if you do not accept our cookies, you may not be able to use all functionalities of your browser software or our website.