1. Why this document?
"We", "us" and "our" means Sanofi-aventis Australia Pty Ltd trading as Sanofi, Sanofi Genzyme and Sanofi Pasteur, Sanofi-aventis Healthcare Pty Ltd, and Sanofi-aventis New Zealand Limited.
As part of our day to day operations, we provide access to a variety of tools and resources which are designed to provide information to all the individuals with whom we have business interactions with (patients and their relatives, participants to clinical trials, healthcare professionals, users of products and services, workers, etc.) regarding our activities.
Such tools and resources may be provided in various formats, including, more specifically in electronic format and by means of online electronic communications, including the website available at www.sanofi.com.au and any other website made available by us and to which this policy applies (hereinafter together the “Website”). In order to be able to provide them, we may need to Process personal information (as defined below) of their users.
We are fully committed to the protection of personal information and intend to provide you with all relevant information regarding the way in which we Process your personal information.
2. What is personal information?
Personal information is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.
3. What personal information do we collect and hold?
We collect information about you and your interactions with us, for example, when you purchase or use any of our products or services, call us, interact with our chatbot or otherwise visit our Website. The information we collect from you may include your identity and contact details, financial details, information about your health and lifestyle choices, details regarding your history of interaction with our products and services and details of enquiries or complaints you make.
As a matter of conducting our routine business, we may Process the following types of personal (including health) information:
Identification data: any information which allows your identification, whether directly or indirectly such as your name or contact details (address, email address, telephone number), your job type or your company details;
Messages: you may send us enquiries using this Website;
Professional information: notably in case you submit a job application;
Connection data: any information regarding your connection and access to this Website (e.g. type of machine and browser used, timestamp of your connection, IP address, pages visited, etc.), browsing history;
Location data: information that may be provided by your machine and browser about your location if you allow such information to be shared with us;
Cookies: data relating to and data which may be collected by cookies: for more information about cookies, please see below; and
Sensitive information: under certain specific situations, we may Process philosophical, political and religious opinions, trade-union membership, sexual orientation, information relating to health, racial or ethnic origin: we will only Process such categories of personal information, which qualify as “sensitive” personal information or “special categories” of personal information if duly permitted under applicable data protection laws. In particular, we will only Process such information it has obtained your prior explicit and specific consent to do so.
4. Why do we collect, hold and use your personal information?
✓ to allow you to navigate our Website;
✓ to provide you access to online services, application and platforms; manage your online accounts (including conducting billing activities); inform and provide you with our products, services or other benefits or otherwise fulfill our obligations to you;
✓ to provide patient support, healthcare support services, patient engagement and prescription information; claims management, including insurance claims;
✓ to conduct research and development; carry out clinical studies, registries and trials; manage and validate the recruitment and participation of individuals to studies, trials and other operations; analyse demographic data; offer special programs, activities, trials, events or promotions via our services; carry out market or consumer studies;
✓ to personalize your browsing experience: when using our services; ensure that our services are presented in the way that best suits you; understand your professional and personal interests in our content, products and services or other content and adapt our content to your needs and preferences; present you products and offers tailored to you;
✓ to improve our products and services; identify usage trends and develop new products and services; understand how you and your device interacts with our services; track and respond to safety concerns; determine the effectiveness of our promotional campaigns, conduct surveys; quality assurance;
✓ to process your job applications;
✓ to allow us to identify and communicate with you; respond to your requests, inquiries or complaints; provide support for products and services; provide you with important information, administrative information, required notices, and promotional materials (including any future offers of products, services or other benefits or initiatives we think may be of interest to you); send you news and information about our products, our services, our brands, our operations; our marketing initiatives; organize and manage professional events and congresses, including your participation to such events; and
✓ to comply with our legal obligations and assist government and law enforcement agencies or regulators. If you do not provide us with your personal information we may not be able to provide you with our services, communicate with you or respond to your enquiries.
5. How do we collect your personal information?
We will collect your personal information directly from you whenever you interact with us (including via our Website, email, phone, person or in writing) or through third parties who are engaged by us for that purpose.
6. How do we store and hold personal information?We store most information about you in computer systems and databases operated by either us or our external service providers. Some information about you is recorded in paper files that we store securely. We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure.
We will also take reasonable steps to destroy or de-identify personal information once we no longer require it for the purposes for which it was collected or for any secondary purpose permitted under the APPs.
7. Who do we disclose your personal information to, and why?We may transfer or disclose your personal information to our related companies.
We may disclose personal information to external service providers so that they may perform services for us or on our behalf.
We may also disclose your personal information to others outside our group of companies where:
(a) we are required or authorised by law to do so;
(b) you may have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances; or
(c) we are otherwise permitted to disclose the information under the Privacy Act.
If the ownership or control of all or part of our business changes, we may transfer your personal information to the new owner.
8. Do we disclose personal information to overseas recipients?We may disclose your personal information to recipients which are located outside Australia.
Those recipients are likely to be located in the USA, Singapore, Japan and the United Kingdom as well as countries within the European Union to help us improve our pharmaceutical, consumer healthcare, rare diseases and vaccine products and health services. We may also disclose personal information to a related company in Malaysia for the purposes of processing invoices and accounts.
We will implement appropriate measures to ensure your personal information remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws. These measures may include data transfer or data processing agreements implementing standard data protection clauses or other contractually binding obligations relating to the protection of personal information.
9. Do we use your personal information for marketing?We will use your personal information to offer you products and services we believe may interest you, but we will not do so if you tell us not to.
Where you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.
10. Access to and correction of your personal informationYou may access or request correction of the personal information that we hold about you by contacting us. Our contact details are set out below. There are some circumstances in which we are not required to give you access to your personal information.
There is no charge for requesting access to your personal information but we may require you to meet our reasonable costs in providing you with access.
We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up to date and complete.
12. Your rights under the EU GDPRUnder the European Union (EU) General Data Protection Regulation (“GDPR”), as a data subject you have the right to:
(a) access your data;
(b) have your data deleted or corrected where it is inaccurate;
(c) object to your data being processed and to restrict processing;
(d) withdraw consent to having your data processed;
(e) have your data provided in a standard format so that it can be transferred elsewhere; and
(f) not be subject to a decision based solely on automated processing.
(“Data Subject Rights”)
We have processes in place to deal with Data Subject Rights requests. Our actions and responsibilities will depend on whether we are the controller or processer of the personal data at issue. Depending on our role as either a controller or processor, the process for enabling Data Subject Rights may differ, and are always subject to applicable law. Please refer to the Contact Details section of this policy if you would like to make a Data Subject Rights request.
13. ComplaintsIf you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us. Our contact details are set out below.
We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.
If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance on alternative courses of action which may be available.
14. Contact details
If you have any questions, comments, requests or concerns, please contact us at:
Sanofi-aventis Australia Pty Ltd
Talavera Corporate Centre
Building D, 12-24 Talavera Road
Macquarie Park NSW 2113