1. Pledge on Privacy
The term "personal data" as used in this Policy refers to information such as your name, birth date, e-mail address or mailing address, that can be used to identify you. Novartis will not process your personal data without your consent. In processing your personal data, we pledge to fully comply with internationally recognized standards of privacy protection. In so doing, we ensure compliance by our staff with strict standards of security and confidentiality. The next sections explain how and when we collect personal data from you.
2. Intended Use of Personal Data
Most of our services do not require any form of registration, allowing you to visit our site without telling us who you are. However, some services may require registration. When you register with us, you may need to complete certain fields (some are required and some are optional), as well as choose a user name and password. In these situations, if you choose to withhold any personal data requested by us, it may not be possible for you to gain access to certain parts of the site and for us to respond to your query. Novartis processes personal data for specific and limited purposes which we inform you about when we ask you for information. For example, we may collect and use personal data to provide you with products or services, to bill you for products and services you request, to market products and services which we think may be if interest to you, or to communicate with you for other purposes. Information you send to our customer service department is used only to help resolve your problem and is otherwise kept private. Novartis keeps your data only for as long as is reasonably needed for such purposes and in accordance with any applicable legal or ethical reporting or documentation retention requirements.
3. Non-Disclosure of Information
Novartis will not sell, share, or otherwise distribute your personal data to third parties outside the Novartis group. However, personal data may occasionally be transferred to third parties who act for or on behalf of Novartis, or in connection with the business of Novartis, for further processing in accordance with the purpose(s) for which the data were originally collected. Where disclosure of personal data to a third party is likely or necessary for whatever reason, Novartis will, wherever possible, endeavor to ensure that the disclosure and intended use of the data are clearly indicated. Such third parties may operate different privacy policies. However, we endeavor to ensure that such third parties provide the same level of protection as Novartis and, where appropriate, we will contractually require them to process data transferred only for the purposes expressly authorized by Novartis. We will not share with third parties any data about you that is sensitive (e.g., medical information) in the absence of your prior and explicit consent. Your consent may always be revoked at a later date. If consent is revoked Novartis may not be able to carry out certain requests made by you. Novartis will, where practicable, inform third parties to whom your data have been transferred of your withdrawal of consent.
4. Right of Access
You have the right to access and update your personal data or to require their deletion. We endeavor to ensure that personal data are up-to-date, accurate, and complete. If you wish to access or correct your personal data held by us, please contact the webmaster. Your requests will be dealt with in a prompt and proper manner. No charge will be levied for complying with a correction request, however, for all other requests Novartis may charge a small fee to cover its costs. Requests to delete personal data will be subject to any applicable legal and ethical reporting or document filing or retention obligations imposed on Novartis.
5. Security and Confidentiality
To ensure the security and confidentiality of personal data that Novartis collects on-line, Novartis uses data networks protected, inter alia, by industry standard firewall and password protection. Access to personal data is restricted to those employees who have a need to use the data and who have been trained to handle such data properly and observe strict standards of confidentiality. If an employee breaches our policies and procedures he/she will be disciplined accordingly. Staff compliance with our policies and procedures is regularly audited and reviewed. While we cannot guarantee against any loss, misuse or alteration to data, we try to prevent such unfortunate occurrences.
6. Data Transfer Abroad
Novartis is a global enterprise and has databases in different jurisdictions. Novartis may transfer your data to one of its databases outside your country of domicile. If the level of privacy protection in a country does not comply with recognized international standards, we will ensure that data transfers to Novartis databases in that country are adequately protected and that the transfer of data to third parties in such countries will not occur unless we obtain your express consent to such transfer in advance.
7. Anonymous Data and "Cookies"
Most of the information that Novartis collects from its website(s) is anonymous information, such as the pages you visit and searches you perform. When you visit our website we do not collect any personal data from you unless otherwise authorized by you. Anonymous information is processed by Novartis to help improve the contents of the site and to compile aggregate statistics about individuals using our site for internal, market research purposes. In so doing, Novartis may install "cookies" that collect the first level domain name of the user (e.g., "bigmail.com" from an e-mail address of "firstname.lastname@example.org") and the date and time of access. "Cookies" by themselves cannot be used to discover the identity of the user. A "cookie" is a small piece of information which is sent to your browser and stored on your computer's hard drive. Cookies do not damage your computer. You can set your browser to notify you when you receive a "cookie", this will enable you to decide if you want to accept it or not.
Novartis does not condone "spamming". Spamming is defined as sending unsolicited e-mails, usually of a commercial nature, in large numbers and repeatedly to individuals with whom the sender has had no previous contact or who have declined to receive such communications. In contrast, where Novartis believes that certain product, health, or other information is of importance to you it reserves the right to inform you by e-mail whilst giving you the choice of opting out of such service.
9. Personal Information and Children
Novartis will not knowingly collect, use or disclose personal data from a minor under the age of 13, without obtaining prior consent from a person with parental responsibility (e.g., a parent or guardian) through direct off-line contact. We will provide the parent with (i) notice of the specific types of personal data being collected from the minor, and (ii) the opportunity to object to any further collection, use, or storage of such information. Novartis abides by the Children's Online Privacy Protection Act in the U.S. and respect similar laws designed to protect children found in other countries.
10. Links to Other Sites
11. Contact Novartis