Galderma Privacy Notice
SCOPE OF THIS NOTICE
Please read this Privacy Notice (“Notice”) carefully to understand our policies and practices regarding your Personal Data and how we will treat it. This Notice applies to individuals who interact with Galderma services as set out below (“you”). This Notice explains how your Personal Data is collected, used, and disclosed by Galderma SA and its affiliated entities (“Galderma”, “We”, Us”). It also tells you how you can access and update your Personal Data and make certain choices about how your Personal Data are used. Where affiliates have their own privacy notice that governs, this Notice will not apply.
This Notice covers both our online and offline data collection activities, including Personal Data that We collect through our various channels such as websites, third party social networks and through our vigilance activities.
If you do not wish to provide necessary Personal Data to us (We will indicate to you when this is the case, for example, by making this information clear in our registration forms), We may not be able to provide you with our goods and/or services. This Notice can change from time to time (see Section 11).
This Notice provides important information in the following areas:
- SOURCES OF PERSONAL DATA
- PERSONAL DATA THAT WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
- PERSONAL DATA OF CHILDREN
- COOKIES/SIMILAR TECHNOLOGIES, LOG FILES AND WEB BEACONS
- USES MADE OF YOUR PERSONAL DATA
- DISCLOSURE OF YOUR PERSONAL DATA
- RETENTION OF PERSONAL DATA
- STORAGE AND/OR TRANSFER OF YOUR PERSONAL DATA
- ACCESS TO YOUR PERSONAL DATA
- YOUR CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR PERSONAL DATA
- CHANGES TO OUR NOTICE
- DATA CONTROLLERS & CONTACT
- SOURCES OF PERSONAL DATA
This Notice applies to Personal Data that We collect from or about you, through the methods described below (see Section 2), from the following sources:
Galderma websites. Websites operated by or for Galderma, including sites that We operate under our own domains/URLs and mini-sites that We run on third party social networks such as Facebook (“Websites”).
E-mail, text and other electronic messages. Interactions with electronic communications between you and Galderma.
Data We create. In the course of our interactions with you, we may create Personal Data about you (e.g. records of your interactions with our Websites).
Data from other sources. Third party social networks (e.g. such as Facebook, Google), market research (if feedback not provided on an anonymous basis), events, public sources and data received when we acquire other companies.
- PERSONAL DATA THAT WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
Depending on how you interact with Galderma (online, offline, over the phone, etc.), We collect various types of information from you, as described below.
- Personal contact information. This includes any information you provide to us that would allow us to contact you, such as your name, postal address, e-mail address, phone number or fax number.
- Professional information. This includes any information you provide to us relating to your profession and/or qualifications, but also information found in your curriculum vitae, information about your current and past interactions with Galderma and about your participation in events, conferences and scientific studies, and other personal information that you may provide about yourself and your professional activities.
- Information from computer/mobile device. Any information about the computer system or other technological device that you use to access one of our Websites, such as the Internet protocol (IP) address used to connect your computer or device to the Internet, operating system type, and web browser type and version. If you access a Galderma Website via a mobile device such as a smartphone, the collected information will also include, where permitted, your phone’s unique device ID, advertising ID, geo-location, and other similar mobile device data.
- Websites/communication usage information. As you navigate through and interact with our Websites or newsletters, we use automatic data collection technologies to collect certain information about your actions. This includes information such as which links you click on, which pages or content you view and for how long, and other similar information and statistics about your interactions, such as content response times, download errors and length of visits to certain pages. This information is captured using automated technologies such as cookies and web beacons, and is also collected through the use of third party tracking for analytics and advertising purposes. You have the right to object to the use of such technologies, for further information please see Section 4 .
- Consumer-generated content. Any content that you create and then share with Us on third party social networks or by uploading it to one of our Websites, including the use of third party social network apps such as Twitter. Examples include photos, videos, personal stories, or other similar media or content. Where permitted, we collect and publish consumer-generated content in connection with a variety of activities, including contests and other promotions, website community features, consumer engagement, and third party social networking.
- Third party social network information. Any information that you share publicly on a third party social network or information that is part of your profile on a third party social network (such as Twitter) and that you allow the third party social network to share with us. Examples include your basic account information (e.g. name, email address, gender, birthday, current city, profile picture, user ID, list of friends, etc.) and any other additional information or activities that you permit the third party social network to share. We receive your third party social network profile information (or parts of it) every time you download or interact with a Galderma web application on a third party social network such as Twitter, or every time you use a social networking feature that is integrated within a Galderma site (such as Facebook Connect) or every time you interact with us through a third party social network. This Privacy Notice does not apply to the third-party social networks. To learn more about how your information from a third party social network is obtained by Galderma, or to opt-out of sharing such social network information, please visit the website of the relevant third party social network.
- Personal contact information. This includes any information you provide to us that would allow us to contact you, such as your name, postal address, e-mail address, phone number or fax number.
- PERSONAL DATA OF CHILDREN USING INFORMATION SOCIETY SERVICES (INCLUDING OUR WEBSITE)
We do not knowingly solicit or collect Personal Data from children below the age of 13. If we discover that we have unintentionally collected Personal Data from a child below 13, we will remove that child’s Personal Data from our records promptly. However, Galderma may collect Personal Data about children below the age of 13 years of age from the parent or guardian directly, and with that person’s explicit consent as required by law.
- COOKIES/SIMILAR TECHNOLOGIES & GOOGLE FONTS
Cookies/Similar Technologies.Please see our Cookie Policy to learn how you can manage your cookie settings and for detailed information on the cookies We use and the purposes for which We use them.
We also use Google Fonts, which is a web font service provided by Google that enables the optimization of our Websites providing the correct fonts. We host Google Fonts locally without ever having to connect to a Google Server and thus collect IP addresses.
- USES MADE OF YOUR PERSONAL DATA
The following paragraphs describe the various purposes for which We collect and use your Personal Data, and the different types of Personal Data that are collected for each purpose. Please note that not all of the uses below will be relevant to every individual.
What We use your Personal Data for
Our reasons
Our legitimate interests
Patient/Consumer service. We use your Personal Data for consumer service purposes, including responding to your enquiries. We collect information about how Our Websites are used to be able to provide you with certain content and improve it based on the feedback we receive. Responding to your inquires typically requires the use of certain personal contact information and information regarding the reason for your inquiry (e.g. responding to any questions or concerns you may have concerning your use of our products, order status, technical issue, product question/complaint, general question, etc.).
- Fulfilling contractual obligations
- Legal obligations
- Our legitimate interests
- Improving and developing new products and services
- Being more efficient
Establishing and maintaining our relationship with Healthcare Professionals. We use your Personal Data to verify whether there is a potential business opportunity, reach out to you and inform you about our products and services, invite you to events and maintain a relationship with you. We also use your Personal Data to comply with our transparency related obligations regarding any Transfer of Values (ToVs) made to Healthcare Professionals
- Legitimate interest
- Your consent (where required)
- Legal obligation(e.g., data collected in safety reports)
- Maintaining a relationship with you
- Assessing your interests and expertise
- Consider future collaboration with you and reaching out to you in relation to such opportunities
- Disclose publicly any transfers of value made to Health Care Professional, as required by law or in order to comply with applicable industry standards
Contacting you and conducting advertising on third party social networks: We use your Personal Data when you interact with third party social networking features, such as “Like” functions, to serve you with advertisements and engage with you on third party social networks. You can learn more about how these features work, the profile data that We obtain about you, and find out how to opt out by reviewing the privacy notices of the relevant third party social networks.
- With your consent (where required)
- Our legitimate interests
- Working out which of our products and services may interest you and telling you about them
- Defining types of consumers for new products or services
Legal reasons or merger/acquisition. In the event that Galderma or its assets are acquired by, or merged with, another company including through bankruptcy, we will share your Personal Data with any of our legal successors. We will also use your personal data to comply with our legal obligations (e.g., tax law and product safety obligations). We will disclose your Personal Data to third parties (i) when required by applicable law; (ii) to establish or respond to legal proceedings; (iii) in response to a request from a competent law enforcement agency; (iv) to protect our rights, privacy, safety or property, or the public; or (v) to enforce the terms of any agreement or the terms of our Website.
- Legal obligations
- Our legitimate interests
- Compliance with legal obligations
- Protect our assets and staff
For Website usage analytics.We may also collect and process information about your visit to our Website, such as the pages you visit, the website you came from and the searches you perform. We may use such information to help improve the contents of the site and to compile aggregate statistics about people using our site for our internal usage statistics and market research purposes. In doing this, we may install "cookies" that collect the domain name of the user, your internet service provider, your operating system, and the date and time of access.
- With your consent (where required)
- Our legitimate interests
- Improve the efficacy of our Website
In case we want to use your Personal Data for purposes unrelated to those described in this Notice, we will first notify you and, where required, offer you a choice as to whether or not we may use your Personal Data in this manner.
- DISCLOSURE OF YOUR PERSONAL DATA
In addition to the Galderma entity mentioned in the data controllers & contact section (see Section 12), We share your Personal Data with the following types of organisations:
Other Galderma subsidiaries and affiliates worldwide. Galderma and its subsidiary companies may share your personal data amongst and between each other for the purposes set forth in this Privacy Notice.
Service providers. These are external companies that We use to help Us run our business (e.g. website operation, support services, website development, data analysis, CRC, etc.). Service providers, and their selected staff, are only allowed to access and use your Personal Data on our behalf for the specific tasks that they have been requested to carry out, based on our instructions, and are required to keep your Personal Data confidential and secure. Where required by applicable law, you can obtain a list of the providers processing your Personal Data (see Section 12 to contact Us).
Third party recipients using Personal Data for legal reasons or due to merger/acquisition. We will disclose your Personal Data to third parties for legal reasons or in the context of an acquisition or a merger and will require such third parties to use and protect your personal data consistent with this Privacy Notice. We may also share your personal data with third parties that were formerly wholly or partly included in the Galderma family of companies to whom we provide services during a transition period following separation. (see Section 5 for details).
- RETENTION OF YOUR PERSONAL DATA
Galderma takes every reasonable step to ensure that your Personal Data are only processed for the minimum period necessary for the purposes set out in this Privacy Notice. The criteria for determining the retention period for your Personal Data are:
(a) Galderma will retain copies of your Personal Data in a form that allows for identification only for as long as: (i) We maintain an ongoing relationship with you; or (ii) your Personal Data are necessary in connection with the purposes set out in this Privacy Notice and we have a valid legal basis,
(b) if you are a healthcare professional, your Personal Data will be retained for 2 years after your last interaction with us, unless applicable laws or sectoral regulations impose longer retention periods,
(c) in the remaining cases, your Personal Data is kept for the duration of: (i) any applicable limitation period (i.e. any period during which a person could bring a legal claim against us), and (ii) an additional 2 months following the end of the applicable limitation period (so we are able to identify any personal data of a person who may bring a claim at the end of the applicable period), and
(d) in addition, if any relevant legal claims are brought, we may continue to process your Personal Data for such additional time necessary in connection with that claim.
During the periods noted in paragraphs c (i) and c (ii) above, we will restrict our processing of your Personal Data to storage or, and maintaining the security of, those data, except to the extent the data need to be reviewed in connection with any claim, or any obligation under applicable law.
Once the periods in paragraphs (a), (b), (c) and (d) above, each to the extent applicable, have concluded, we will either (i) permanently delete or destroy the relevant Personal Data or (ii) anonymise the relevant Personal Data.
- DISCLOSURE, STORAGE AND/OR TRANSFER OF YOUR PERSONAL DATA
We use appropriate measures (described below) to keep your Personal Data confidential and secure. Please note, however, that these protections do not apply to information you choose to share in public areas such as third party social networks.
People who can access your Personal Data. Your Personal Data will be processed by our authorised staff or agents, on a need to know basis, depending on the specific purposes for which your Personal Data have been collected.
Measures taken in operating environments. We store your Personal Data in operating environments that use reasonable security measures to prevent unauthorised access. We follow reasonable standards to protect Personal Data. The transmission of information via the Internet is, unfortunately, not completely secure and although We will do our best to protect your Personal Data, We cannot guarantee the security of the data during transmission through our Websites.
Transfer of your Personal Data. The storage as well as the processing of your Personal Data as described above may require that your Personal Data are ultimately transferred/transmitted to, and/or stored at, a destination outside of your country of residence, notably Switzerland, UK and the USA. When we share your Personal Data with an entity located outside of the European Economic Area (“EEA”) (e.g. other Galderma / Galderma entities), including to countries which have different data protection standards to those which apply in the EEA, we will put in place, in line with applicable legal requirements, appropriate safeguards to ensure that your Personal Data gets the same protection as it does here in the European Economic Area. In the absence of an adequacy decision and/or any other data protection related certifications these measures may include (i) entering into European Commission approved standard contractual clauses, as amended or replaced at any time, to protect your Personal Data, as well as any supplementary measures required by law or deemed necessary, to provide an adequate level of data protection (and you have a right to ask Us for a copy of these clauses by contacting us as set out below) and/or (ii) will rely on your consent (where permitted by law).
- YOUR RIGHTS
Depending on your jurisdiction, you may have the following rights, in accordance with the applicable data protection laws:
(a) To withdraw consent at any time, if we are processing your Personal Data on the basis of consent,
(b) To access and/or update the Personal Data that Galderma holds about you,
(c) To request that Galderma rectify or erase your Personal Data,
(d) To request that Galderma restrict the way it processes your Personal Data,
(e) To object to the way Galderma processes your Personal Data,
(f) To transfer your Personal Data either back to you or to another individual or entity, and
(g) To express your point of view in the event of any individual decision having a significant impact on you being made by automated means about you and to request that such automated decision be reviewed by a human.
If you wish to exercise one of these rights, you may send an email at privacy.office@galderma.com, or write at the Galderma entity that processes your Personal Data or at the Galderma Headquarters, at Galderma SA, Zählerweg 10, 6300 Zug, Switzerland.
We will require appropriate evidence of your identity or to be provided with additional relevant personal information based on your relationship with us before we are able to act on your request in circumstances where the Personal Data, we have in our systems is insufficient detail to identify you or reply to your request. If you are submitting a request on behalf of someone else, it may be necessary that we verify your authority to submit such a request. You may therefore be asked to provide signed confirmation that you are permitted by the data subject or by law to submit such request.
If We do not satisfy your request, depending on your jurisdiction, you may also have the right to lodge a complaint with a data protection authority in your country of residence. If you are based in the EU/EEA, the competent Data Protection Authority’s contact details may be found here. If you are based in the UK, you may contact ICO here. If you are based in Switzerland, you may contact FDPIC here.
We will be processing your personal data, as provided directly from you or your authorized representative while exercising your right for the purpose of receiving, processing, responding, and managing in general your request. Particularly, all personal data collected while exercising your right will be collected, processed, and held by OneTrust LLC - 1200 Abernathy Rd NE, Atlanta, GA 30328, U.S.A., as data processor, for and on behalf and under the instructions of Galderma, as data controller.
If you are based in the US, please visit our US Privacy Notice to learn how to exercise your privacy rights.
- CHANGES TO THIS NOTICE
If We change the way We handle your Personal Data, We will update this Notice. We reserve the right to make changes to our practices and this Notice at any time, please check back frequently to see any updates or changes to our Notice.
- DATA CONTROLLERS & CONTACT
To ask questions or make comments on this Notice and our privacy practices or to make a complaint about our compliance with applicable privacy laws, please contact our Group Data Protection Officer at: privacy.office@galderma.com or in writing to Galderma SA, Rue d'Entre-deux-Villes 10, 1814 La Tour-de-Peilz Switzerland or write to the relevant Galderma entity in your country of residence.
Please also note that we have designated as our EU Representative pursuant to Article 27 of the GDPR the Swedish Company named Q-MED AB, whose contact details are the following:
Q-MED AB
Seminariegaten 21, 75228, Uppsala, Sweden
Email: DataProtection.SEUPP@galderma.comWe will acknowledge and investigate any complaint about the way We manage Personal Data (including a complaint that We have breached your rights under applicable privacy laws).
Last updated: July 2023