Privacy Notice

We consider privacy as a very important matter. We are committed to ensuring that any personal information we receive is processed and protected in accordance with applicable privacy laws.

In this Privacy Notice, “we” or “us” refers to Novartis Pharmaceuticals Canada Inc and its group companies.

This Privacy Notice (“Notice”) contains practical information about the specific personal information we process when you visit our website www.cosentyx.ca, why we process this information and how.

We invite you to carefully read this Notice, which explains your rights with respect to the processing of your personal information.

Do take note that if you access any third-party link or website from our website or mobile application (“app”), you may need to refer to the privacy policies of such third parties. We do not endorse and are not responsible for the information or privacy practices of websites or services owned by third parties.

For any further question in relation to the processing of your personal information, we invite you contact our Privacy Officer via email here.

1. When and how do we collect your personal information?

We will not use your personal information without a good reason to do so according to the law. We will only use it if you have given us permission or if it’s necessary to follow the law.

When you visit our website or app, we collect personal information about you automatically and when you interact with us for any other purpose, as described in this Privacy Notice.

When you provide us with personal information via our website, apps, or any other service that involves the transmission of personal information, you agree that such information will be handled as described in this Notice. In some cases, we will ask you to express your consent in an affirmative way, for example, to sign you up to a newsletter.

2. What personal information do we have about you?

The personal information may either be directly provided by you (e.g. when filling a web form or interacting with a website or app), provided by the third parties owning or managing the apps or obtained through trusted publicly available sources, having obtained your consent to provide us with such personal information where necessary under applicable law. We may collect various types of personal information about you, including:

  • your general contact and identification information (e.g. first name, last name, age, email address, fixed and/or mobile phone number);
  • your occupation (e.g. title, position and name of company);
  • your health information (e.g. adverse event description, adverse event patient or reporter, description of symptoms);
  • if you’re a health care practitioner, we may collect your identification number, specialty and areas of interests;
  • your electronic identification data where required for the purpose of the delivery of products or services (e.g. login, access right, passwords, IP address, online identifiers/cookies, system activity logs, access and connexion times);
  • information regarding your browser and device (e.g. internet service provider’s domain, browser’s type and version, operating system and platform, screen resolution, device manufacturer and model);
  • statistics in relation to your use of our website or our app (e.g. information regarding the pages visited, information researched, time spent on our website);
  • usage data (i.e. date and time of access of our website or app, files downloaded);
  • with your permission, your device’s location (unless you disabled this function by changing your device’s settings); and
  • more generally, any information you provide to us when using our website or app.

Please note that we will not knowingly collect, use or disclose personal information from a minor under the age of 14 without obtaining prior consent from a parent or legal guardian.

3. Why do we use your personal information and on what basis?

3.1 Legal basis for the processing

We will not process your personal information if we do not have a proper justification foreseen in the law for that purpose. Therefore, we will only process your personal information if we have obtained your prior consent or, as permitted if the processing is necessary to comply with our legal or regulatory obligations.

To withdraw your consent or to get more information on our specific interests and your rights, contact our Privacy Officer via email here.

3.2 Purposes of the processing

We always process your personal information for a specific purpose and only process the personal information, which is relevant to achieve that purpose. In particular, we process your personal information for any or all of the following purposes:

  • provide relevant information about certain diseases;
  • manage our users (e.g. registration, account management, answer questions and provide technical support);
  • manage and improve our website and apps (e.g. diagnose server problems, optimize traffic, integrate and optimize web pages where appropriate);
  • measure the usage of our website or apps (e.g. by drawing up statistics about the traffic, by gathering information regarding the users’ behaviour and the pages they visit);
  • improve and personalize your experience and better tailor content to you (e.g. by remembering your selections and preferences, by using cookies);
  • with your permission, send you personalized location-based services and content;
  • improve the quality of our products and services and expand our business activities;
  • monitor and prevent fraud, infringement and other potential misuse of our website or app;
  • reply to an official request from a public or judicial authority with the necessary authorisation;
  • manage our IT resources, including infrastructure management and business continuity;
  • preserve the company’s economic interests and ensure compliance and reporting (such as complying with our policies and local legal requirements, tax and deductions, managing alleged cases of misconduct fraud, conducting audits, defending litigation);
  • archiving and record keeping; and
  • any other purposes imposed by law and authorities.

4. Who has access to your personal information and to whom your personal information is transferred?

We will not sell, share, or otherwise transfer your personal information to third parties other than those indicated in this Notice.

We will share your personal information with the following third parties:

  • our personnel (including personnel, departments or other companies of our group);
  • our independent agents or brokers (if any);
  • our other suppliers and services providers that provide services on our behalf:
    • - marketing agencies;
    • - IT systems providers, cloud service providers,
      database providers and consultants;
  • members of the medical, nursing, pharmaceutical and related healthcare professions
  • any third party to whom we assign or transfer any of our rights or obligations; and
  • our advisors and external lawyers in the context of the sale or transfer of any part of our business or its assets.

The above parties are contractually obliged to protect the confidentiality and security of your personal information, in compliance with applicable law.

5. Will we share your personal information outside your province or country of residence?

The personal information we collect from you may also be processed, accessed or stored in a province, state or country outside the province or country where we are located, which may not offer the same level of protection of personal information.

If we transfer your personal information to external companies in other jurisdictions, we will make sure to protect your personal information by:

  • applying the level of protection required under the local privacy laws that apply to us;
  • acting in accordance with our policies and standards.

For intra-group transfers of personal information we’ve adopted Binding Corporate Rules, a system of principles, rules and tools in an effort to ensure effective levels of data protection relating to transfers of personal information.

6. How do we use cookies and other similar technologies on our websites and apps?

We may also collect and process information about your visit to this website or app, such as the pages you visit, the website you came from and the searches you perform. We may use such information to help improve the contents of the site or app and to compile aggregate statistics about people using our site for our internal usage statistics and market research purposes.

In doing this, we may install "cookies" or similar technologies that collect the domain name of the user, your internet service provider, your operating system, and the date and time of access.

Cookies are created and stored on the user’s computer, phone or other devices when the user's browser loads a particular website. Every time the user goes back to the same website, the browser retrieves and sends this "cookie" file to the website. Cookies are useful because they serve key purposes like helping a website remember your preferences and settings, performing analytics to improve services, serving you relevant content or advertisements and authenticating you on the websites. Cookies do not damage your computer.

To manage cookies, please visit our Cookie Preference Centre.

If you do not accept our cookies, you may not be able to use all functionalities of our website or app. When you visit our websites, you may be presented with a cookie-setting banner that allows you to manage the settings and accept or deny the cookies. It is legally permitted to store cookies on your machine if they are essential to the operation of the website, but for all other types of cookies we need your permission to do so.

7. How do we protect your personal information?

We have implemented appropriate technical and organisational measures to provide an adequate level of security and confidentiality to your personal information.

The purpose thereof is to protect it against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and against other unlawful forms of processing.

These measures take into account:

  • the state of the art of the technology;
  • the costs of its implementation;
  • the nature and sensitivity of the information; and
  • the risk of the processing.

The purpose thereof is to protect it against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and against other unlawful forms of processing.

Moreover, when handling your personal information, we comply with the following obligations:

  • we only collect and process personal information which is adequate, relevant and not excessive, as required to meet the above purposes;
  • we ensure that your personal information remains up to date and accurate (for the latter, we may request you to confirm the personal information we hold about you and you are also invited to spontaneously inform us whenever there is a change in your personal circumstances so we can ensure your personal information is kept up-to-date); and
  • we may process any sensitive information about yourself you voluntary provide in compliance with applicable privacy laws and strictly as required for the relevant purposes listed above, the information being accessed and processed solely by the relevant personnel, under the responsibility of one of our representatives who is subject to an obligation of professional secrecy or confidentiality.

8. How long do we store your personal information?

We will only retain your personal information for as long as necessary to fulfil the purpose for which it was collected or to comply with legal or regulatory requirements, unless overriding legal or regulatory schedules require a longer or shorter retention period.

9. What are your rights and how can you exercise them?

You may exercise the following rights under the conditions and within the limits set forth in the law:

  • the right to be informed about what personal information we have about you and how we process your personal information;
  • the right to access your personal information as processed by us and, if you believe that any information relating to you is incorrect, obsolete or incomplete, to request its correction or updating; and
  • the right to withdraw your consent at any time. However, we may no longer be able to provide you with our services.

If you have a question or want to exercise the above rights, you may contact our Privacy Officer via email here.

10. How will you be informed of the changes to our Privacy Notice?

We may change or update this Notice from time to time by posting a new Privacy Notice. If we make important changes to this Privacy Notice, we will notify you in a manner that brings them to your attention. That said, please keep checking this Notice occasionally so that you are aware of any changes.

11. How can you get in touch with us?

Our Privacy Officer will respond to your requests for access, correction or deletion and handle complaints you may have about our privacy practices.

If you have any questions or comments about this Policy or the protection of your personal information, please contact our Privacy Officer via email here.

Last updated September 2023