SANOFI fully understands the importance of privacy and the protection of personal data in the digital era and is committed to ensure an adequate level of data protection for all persons with whom Sanofi has dealings. This includes, notably: 

• Healthcare professionals,
• users of our products and services, including websites and apps users,
• representatives of our contractors and business partners,
• representatives of the scientific community, etc.

This Global Privacy & Data Protection Policy (“Policy”) describes SANOFI’s global practices to ensure an adequate protection of personal data, i.e. any information relating to an identified or identifiable natural person, for all data processing carried out in the framework of its business and activities (“Personal Data”).

The objective of this Policy is to help you understand:

• INFORMATION WE COLLECT FROM YOU: what information Sanofi collects and processes about you
• THE PURPOSES: for what reasons and purposes SANOFI processes your Personal Data
• ON WHAT GROUND: on what basis does SANOFI process your Personal Data
• WHERE FROM: from what sources does SANOFI collect your Personal Data
• WHO: who are the authorized parties that SANOFI may disclose your Personal Data to
• WHERE: where SANOFI and its authorized parties may process your Personal Data
• HOW SECURE: what SANOFI does to protect your Personal Data
• HOW LONG: SANOFI’s approach to defining the term of retention of your Personal Data
• YOUR RIGHTS: what your rights are and how you can exercise them
• HOW TO CONTACT US: where and how you can reach us if you wish to exercise your rights or if you have a question

For the purposes of this Website Privacy Policy, Personal Data is any information relating to an identified or identifiable natural person, processed by SANOFI in connection with the objectives and purposes defined in this Website Privacy Policy.

To make things clear, it is any information that relates to an individual. Such Personal Data can take the form of

• Basic identification information such as your name or date of birth; 
• Information that can be attributed to you directly or indirectly – such as a post on a social media;
• Information which can be associated to you or your device such as, for instance, an IP address (i.e. the network address of your machine).

In this respect, the notion of “processing” designates any action that is undertaken on your Personal Data such as, for instance:

• Collection;
• Storage; 
• Access;
• Analysis;
• Deletion.

When operating, this Website may collect the following categories of Personal Data:

• Identification data: any information which allows your identification, whether directly or indirectly such as your name or contact details (address, email address, telephone number), your job type, your company.
• Connection data: any information regarding your connection and access to this Website (e.g. type of machine and browser used, timestamp of your connection, IP address, pages visited, etc.), browsing history.
• Location data: information that may be provided by your machine and browser about your location if you allow such information to be shared with SANOFI.
• Data relating to and data which may be collected by cookies: for more information about cookies, please see below.

For the purposes of this Website, your Personal Data is only processed on the basis of:

• Your prior CONSENT: where you have clearly expressed your approval of SANOFI’s processing of your Personal Data. In practice, this will generally mean that SANOFI will ask you to sign a document, or to fill-in an online “opt-in” form or to follow any relevant procedure to allow you to be fully informed and then either clearly accept or refuse the envisaged Personal Data processing. By navigating this Website and, if relevant, consenting to the processing of your Personal Data using cookies.
• The “legitimate interest” of SANOFI in the sense of applicable data protection law. In such a case, SANOFI shall consider your fundamental rights and interests in determining whether the processing is legitimate and lawful.

SANOFI will only retain your personal data for as long as reasonably necessary up to 1 year to fulfill the purposes we collected it for, as outlined in this policy. 

As an exception, SANOFI may be required to retain your personal data for longer periods as required or permitted by law, or as necessary to protect its rights and interests. In such a case, you will be informed of the intended retention period in the applicable Privacy Notice.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting and other requirements.

In some circumstances you can ask us to delete your data: see the “Your Rights” section below for further information.

We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

For the purposes described above, SANOFI may need to share your personal data with the following authorised third-parties:

• Sanofi and its affiliates who undertake leadership reporting, and provide IT and system administration services and other services.
• Our partners, such as healthcare professionals and organisations, distributors and agents, and other members of the healthcare and pharmaceutical industry.
• Selected suppliers, service providers and vendors acting upon our instructions who provide website hosting, information technology, system administration and related infrastructure provision, customer service, healthcare professional validation, email delivery, data analysis, auditing, market research, marketing, advertising, brand, communication and other services.
• Legal, regulatory, administrative and other authorities, as required by applicable laws including laws outside your country of residence.

SANOFI may need to share your personal data with other third-parties, in which case we will inform you in the applicable Privacy Notice.

In any case, SANOFI will require that all such third-parties:

• undertake to comply with data protection laws and the principles of this Policy;
• only process the personal data for the purposes described in this Policy and in accordance with our instructions; and
• implement appropriate technical and organisational security measures designed to protect the integrity and confidentiality of your personal data.

Where such internal or external transfer of Personal Data implies the transfer of your Personal Data to a country providing a lower level of protection to Personal Data than generally afforded in your jurisdiction, SANOFI will ensure that a sufficient level of protection is provided to your Personal Data by implementing adequate safeguards such as the European Standard Contractual Clauses, the SANOFI Binding Corporate Rules or asking for your prior explicit consent.

You can exercise your rights as provided by applicable data protection laws.

To that end, SANOFI informs you that you are entitled:

• To have access upon simple request to your Personal Data – in which case you may receive a copy of such data (if requested), unless such data is made directly available to you, for instance within your personal account;
• To obtain a rectification of your Personal Data should your Personal Data be inaccurate, incomplete or obsolete;
• To obtain the deletion of your Personal Data in the situations set forth by applicable data protection law (‘right to be forgotten’);
• To withdraw your consent to the processing of Personal Data processing without affecting the lawfulness of processing, where your Personal Data has been collected and processed on the basis of your consent;
• To object to the processing of your Personal Data, where your Personal Data has been collected and processed on the basis of legitimate interests of SANOFI, in which case you will need to justify your request by explaining to us your particular situation;
• To request a limitation of the processing of Personal Data processing in the situations set forth by applicable data protection law;
• To receive your Personal Data for transmission from SANOFI to a third-party or to have your Personal Data directly transferred by SANOFI to the third-party of your choice, where technically feasible (data portability right allowed only where the processing is based on your consent).

If you would like to exercise any of these rights, please contact us as described in the “How to Contact Us” section below and we will take necessary steps to respond as soon as possible.

You may also file a complaint before a competent data protection authority regarding the processing of your Personal Data. While we suggest that you contact us beforehand, if you wish to exercise this right, you should contact directly the competent data protection authority.