img

Privacy Policy

 

Looking After Your Personal Information 
We are committed to protecting and respecting your privacy and we think it is important that you understand how we look after your personal information and how we make sure that we meet our legal obligations to you under the Protection of Personal Information Act, No 4 of 2013 (“POPIA”). 

Please read this privacy notice (“Notice”) carefully to understand our policies and practices regarding your personal information and how we will treat it. This Notice applies to all data subjects (as defined in POPIA) who interact with Galderma services as set out below and that we process personal information in respect of, including our clients, consumers, suppliers, service providers, healthcare professionals, 3rd parties, job applicants and website visitors (“you”).  

This Notice explains how your personal information is collected, used, and disclosed by Galderma SA and its affiliated entities (“Galderma”, “we”, us”). It also tells you how you can access and update your personal information records and make certain choices about how your personal information is used.  

This Notice covers both our online and offline data collection activities, including personal information that we collect through our various channels such as websites, third party social networks and through our vigilance activities. 

If you do not provide necessary personal information to us (we will indicate to you when this is the case, for example, by making this information clear in our registration forms), we may not be able to provide you with our goods and/or services.  

1. Who We Are
Galderma Laboratories South Africa (Pty) Ltd is a South African subsidiary company of Galderma Pharma SA. Our office is situated at Nicol Main Office Park, Block C FutureSpace, 2 Bruton Road Bryanston, 2191, Gauteng, South Africa. 

As a South African registered company, all our data processing activities are primarily regulated by the Protection of Personal Information Act, No. 4 of 2013 (“POPIA”), as amended from time to time. For the purposes of this Notice, the terms “data subject”, “personal information” and “process”, are as defined in POPIA. 

2. Personal Information
POPIA defines personal information as information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to: 

  • information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; 
  • information relating to the education or the medical, financial, criminal or employment history of the person; 
  • any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person; 
  • the biometric information of the person; 
  • the personal opinions, views or preferences of the person; 
  • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; 
  • the views or opinions of another individual about the person; and 
  • the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person. 

3. What Personal Information We May Collect and Process
While using our website or engaging with us for the provision of any of our services, you may be required to provide us with your personal information and/or we may collect certain personal information about you. In certain instances, you may also be required to give us, or we may be required to collect sensitive information that is classified by POPIA as special personal information. The collection of this personal information from you or other sources, when required, will be necessary in order to provide you with our services. 
Some of the personal information we may collect about you, could include: 
•    Identification details such as name, surname, ID/Passport Number; 
•    Contact details, such as phone numbers, email addresses, physical and postal addresses; 
•    Personal details, such as names, family information, ages and next of kin details; 
•    Demographical details, such as race, gender and age groups; 
•    Financial information, such as account numbers and credit information; 
•    Background or historic information; 
•    Medical and health information, in relation to the reporting of adverse events; 
Professional Information which you provide to us relating to your profession and/or qualifications including but not limited to

i) CV’s and other personal information that may be requested throughout the recruitment process to assess and consider the job application (in relation to job applicants);

ii) information about your current and past interactions with Galderma and about your participation in events, conferences and scientific studies;

iii) practice information in relation to healthcare professionals; and

iv) other personal information that you may provide about yourself and your professional activities; 
Technical and website usage information: 
Information from computer/mobile device:

Any information about the computer system or other technological device that you use to access our website, such as the Internet protocol (IP) address used to connect your computer or device to the Internet, operating system type, and web browser type and version. If you access a Galderma website via a mobile device such as a smartphone, the collected information will also include, where permitted, your phone’s unique device ID, advertising ID, geo-location, and other similar mobile device data. 

Websites/communication usage information: As you navigate through and interact with our website or newsletters, we use automatic data collection technologies to collect certain information about your actions. This includes information such as which links you click on, which pages or content you view and for how long, and other similar information and statistics about your interactions, such as content response times, download errors and length of visits to certain pages. This information is captured using automated technologies such as cookies and web beacons, and is also collected through the use of third-party tracking for analytics and advertising purposes. Where you are a registered user of our website, we also collect your login-in information to enable you to access your registered account. 

We collect some of this information from you or your device through the use of cookies. Our website uses cookies to distinguish you from other users of the website. This helps us provide you with a good experience when you browse the website and also allows us to improve the website. For detailed information on the cookies we use and how we use them, please see our Cookies Notice. 

Consumer-generated content: Any content that you create and then share with us on third party social networks or by uploading it to our websites, including the use of third-party social network apps such as Twitter. Examples include photos, videos, personal stories, or other similar media or content. Where permitted, we collect and publish consumer-generated content in connection with a variety of activities, including contests and other promotions, website community features, consumer engagement, and third-party social networking. 

Third-party social network information: Any information that you share publicly on a third-party social network or information that is part of your profile on a third-party social network (such as Twitter) and that you allow the third-party social network to share with us. Examples include your basic account information (e.g. name, email address, gender, birthday, current city, profile picture, user ID, list of friends, etc.) and any other additional information or activities that you permit the third-party social network to share. We receive your third-party social network profile information (or parts of it) every time you download or interact with a Galderma web application on a third-party social network such as Twitter, every time you use a social networking feature that is integrated within a Galderma site (such as Facebook Connect) or every time you interact with us through a third-party social network. To learn more about how your information from a third-party social network is obtained by Galderma, or to opt-out of sharing such social network information, please visit the website of the relevant third-party social network. 

4 Who We Collect Personal Information From?
Generally, we collect your personal information directly from you. 
In certain circumstances we may also collect your personal information from other sources, such as (but not limited to):  

  •  Through your use of our website (Technical and Website Usage information); 
  • Through your use of third-party social networks (Third-party social network information); 
  • From other members in our group (such as our subsidiaries, our holding company and our holding companies’ subsidiaries) if you use any of the other websites which they operate or the services they provide; 
  • From our business partners, who provide us with your name, contact details, IP address, job interests and the website you submitted your details to. Our business partners only share your personal information with us where you have specifically agreed to them sharing it with us;  
  • From healthcare professionals in relation to the reporting of any adverse events relating to the use any of our products. 

5. Do You Have to Provide Us with Your Personal Information? What Happens if You Don’t? 
Generally, the collection of personal information from you and the other sources referred to above is mandatory in order to achieve the purpose for which it is being collected by us (as set out below). 

We will notify you where the collection of certain personal information is voluntary and not mandatory. The refusal to provide us with the mandatory personal information that we may require, may have an impact on our ability to provide you with our products or services. 
Where the provision of your personal information is voluntary, you do not have to provide us with your information. 

If you do not provide us with your name and contact details, we will not be able to respond to your enquiry. 

If you do not provide us with the details that we require as mandatory fields when registering to use the website, you will not be able to register.  
If you don't provide us with the technical information about your visit to our website, our website may not work properly on your device, and you may not be able to access all the features of our website. 

6. The Purposes We May Use Your Personal Information for 
We may collect, use, share and/or generally process your personal information (including, where applicable your special personal information) for the following purposes: 

  • To provide you with our products and/or services and to notify you about changes to our services; 
  • To comply with all legislative and legal requirements placed on us, which may include, but not be limited to, legislative reporting and document retention periods and where the law requires that personal information be notified to third parties (such as government institutions); 
  • To conclude or perform a contract with you, or to take any take steps linked to or necessary for the conclusion or performance of a contract with you; 
  • When you register to use our website www.galderma.com/south-africa (“the/our website”) or Brand websites, subscribe to our services, search for job opportunities, or enter a competition, promotion, or survey, we may also ask you to provide us with your name, address, email address and phone number, your date of birth, and job interest; 
  • When you contact us, submit an enquiry on our website through our “Contact us” form or report a problem with our website; 
  • Where applicable, for general marketing and communication purposes, including to provide you with relevant employment opportunities, targeted advertising campaigns and career news articles, where you are an existing customer of Galderma or where we have received your consent to receive these communications, and in compliance with the provisions of POPIA. You will be given the opportunity to unsubscribe from any marketing communications, general communications and/or newsletters at any time, and with each communication received;  
  • Where necessary, for any purposes which are in our, your, or a third party’s legitimate interest;  
  • To improve our services and to manage our relationship with you, for example by asking for your feedback on the services you received from us or through the completion of a customer service satisfaction survey;  
  • To perform general administrative, operational, management and performance functions and activities relating to the operation and running of our business and of our website, and for the purposes of managing our legal and operational affairs; 
  • For credit checking or credit reporting purposes (though a credit bureau), in order to assist Galderma’s decision to provide services to you or to report on any slow or non-payment of your accounts with Galderma to any third party;  
  • For any purposes which are required or authorised by law; 
  • To respond to requests by government, a court of law, or law enforcement authorities conducting an investigation; 
  • For reporting, statistical, analytical, research and historical purposes, including (but not limited to) the use of medical and health information for the purposes of reporting adverse events; 
  • Where you are a healthcare professional, to establish and maintain our relationship with you, to inform you about our products and services, and for the provision of our products and services; 
  • Where you are applying for a vacancy, to process your application throughout our recruitment process; 
  • When you interact with us through third-party social networks, to interact and engage with you on these networks and to generally advertise our company, goods, and services on these social networks; 
  • In relation to the use of our website, to: 
  • Identify, investigate, and attend to any technical issues, support, and user queries; 
  • Ensure that content from the website is presented in the most effective manner for you and for your device;  
  • Allow you to participate in interactive features of our service when you choose to do so; 
  • Measure or understand the effectiveness of adverts we deliver to you and other users and to make sure that the advertising we deliver to you is relevant to you. Our software will also apply algorithms to the information we hold about you to help us identify which adverts we think will be most relevant to you; 
  • Make suggestions and recommendations to you and other users of the website about goods or services that may interest you or them; 
  • Administer our website, including troubleshooting, data analysis, testing, research, statistical and survey purposes; 
  • For our record keeping and identification protocols; and 
  • Help us keep our website safe and secure;  
  • Where we receive personal information about you from our any member in our group of companies or through our trusted business partners, we will use that information to provide you with the information, products and services that you have told our group company member(s) or business partners you are interested in receiving from us, such as emails regarding job opportunities and news available through our website; 
  • We may also combine this personal information with information you give to us and information we collect about you. We may use this information, and the combined information for the purposes set out above (depending on the types of information we receive); 
  • To detect, prevent or deal with any actual or alleged fraud, security breach, or the abuse, misuse or unauthorised use of the website and/or contravention of this Privacy Notice. 
  • We may also collect, use, share and/or generally process personal information or data that has been de-identified and/or aggregated, for example statistical or demographic data, for any purpose. In certain circumstances this aggregated or de-identified data may also be commercialised. Aggregated or de-identified data is not considered personal information in terms of POPIA, as this information is de-identified and does not, directly or indirectly, reveal your identity. 

7. Disclosure of Your Personal Information
We value and respect the confidentiality and privacy of the personal information that you entrust us with. We are not in the business of selling your personal information and we will not share or disclose your personal information to anyone except as provided in this Notice and/or any contracts or terms and conditions of service concluded with us. 

By using our website and/or engaging with us for the provision of our products or services, you acknowledge and agree that we may share your personal information (including, where applicable your special personal information) in the following instances: 
If it is necessary in order to provide you with a product or a service that you have requested or contracted us to provide or source on your behalf; 
If it is in your legitimate interest; 
If it is necessary for the proper performance of a public law duty by a public body; 
If we are required or authorised to do so in order to comply with our legal obligations or the requirements of a regulatory authority; 
If you have provided us with your consent; 
Where we are permitted to do so in terms of the provisions of POPIA; 
With other members of our group of companies, which means our subsidiaries, our holding company and its subsidiaries, where required; 
With our employees, who may require that information to do their jobs;  
With regulators and government authorities in connection with our compliance procedures and legal obligations; 
With selected third parties including our business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you, or generally as required for the administration and management of our business. In these instances, we will ensure that the necessary security safeguards and confidentiality undertakings are in place to secure your personal information. We will only allow third parties to process your personal information for a specific purpose, in accordance with our instructions and in accordance with the requirements of POPIA and any other applicable data privacy laws; 
With our third-party service providers, who we have carefully selected to supply us with products and services, such as software for managing our business, hosting our databases and collecting payment information or generally as required for the administration and management of our business. We also use analytics and search engine providers to help us improve and optimise our website. We will only share your personal information with our suppliers where it is necessary for them to provide us with the services we need. In these instances, we will ensure that the necessary security safeguards and confidentiality undertakings are in place to secure your personal information. We will only allow third parties to process your personal information for a specific purpose, in accordance with our instructions and in accordance with the requirements of POPIA and any other applicable data privacy laws; 
With your healthcare professional, where applicable, and Galderma Head Office (in Switzerland) in relation to any adverse event reported by you in relation to the use of our products; 
With advertisers and advertising networks which deliver adverts to you.  However, we do not share personal information that can identify you with our advertisers and advertising networks. We only share anonymous information about our users which has been aggregated for the purposes of statistical analysis. For example, we may share with them the fact that 500 men aged under 30 clicked on their advert on any given day. We may also use such anonymous aggregated information to help advertisers reach the kind of audience they want to target. We may make use of the information we have collected from you to enable us to display our advertiser's adverts on our website to that target audience; 
If you have agreed to receive marketing communications from our named third-party business partners, we will share your personal information with those specific third parties; 
Where we buy or sell any business or assets, in which case we may share your personal information with the prospective buyer or seller of such business or assets; 
Where we (the company) or substantially all of our assets are acquired by a third party, in which case the personal information we hold about you will be one of the assets acquired by the third-party buyer; 
Where we believe, in good faith, that it is necessary to protect our rights, property, safety or reputation or the rights, property, safety or reputation of any of our customers or partners. 

8. Securing Your Personal Information.
Securing the personal information you give us, or that we receive about you, is a priority for Galderma. 

We take appropriate and reasonable technical and organisational security measures to protect the personal information that we process, in accordance with the requirements of POPIA. Please note, however, that these protections do not apply to personal information you choose to share in public areas such as third-party social networks. 

People who can access your personal information:  
Your personal information will be processed by our authorised staff or agents, on a need-to-know basis, depending on the specific purposes for which your personal information has been collected. 

Measures taken in operating environments:  
We store your personal information in operating environments that use appropriate and reasonable security measures to prevent unauthorised access. We also follow appropriate and reasonable standards to protect personal information.  

Website security and website generated information: 
All personal information which you provide to us is stored on our secure servers. Any sensitive information, or information classified as special personal information, will be encrypted using secure socket layer technology, or through such other technical security measures as we may determine appropriate and adequate to secure your personal information, from time to time.   
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone, in order to keep your information secure. 

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our website; and you accept that any transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to try to prevent unauthorised access. 

Our website may, from time to time, contain links to and from the websites of our partner networks (such as other group companies and our trusted business partners), advertisers and affiliates and other third-party sites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these websites and/or these policies. Please check these policies before you submit any personal information to these websites. 

9. Storage and Transfer of Your Personal Information.
We are based in the South Africa, but we do form part of an international group of companies.  
While we try, as far as reasonably possible to store and process your personal information locally in South Africa, we may be required to transfer and/or store your personal information on servers located outside of South Africa. This may include destinations such as United Arab Emirates, countries within the European Economic Area such as France or Sweden etc., or other countries such as Switzerland, the UK, the USA etc. Your personal information may be transferred to, held by, or stored with other group companies located outside of South Africa. Galderma may also have third party service providers that are located outside of South Africa, which may result in your personal information being transferred and processed outside of South Africa. Given the nature of Galderma’s business, some of this personal information may include categories of special personal information, and some of this information may include the personal information of children. 

Your personal information may also be processed by staff operating outside of South Africa who work for us or for one of our suppliers or service providers. Such staff may be engaged in, among other things, the provision of our services to you.  

Where we share personal information with our suppliers or third-party business partners who transfer or process the data outside of South Africa, we make sure that your personal information is protected by only transferring it to third parties who will also look after it. Galderma will take reasonable and appropriate measures to ensure that any personal information, special personal information, or children’s personal information (where applicable) that is transferred outside of the borders of South Africa is transferred in compliance with the requirements of POPIA and that an adequate level of privacy protection is in place between us and these third-party service providers. 

By submitting your personal information to us, you understand and acknowledge that your personal information may be transferred, stored, and processed outside of South Africa.

 
10. How Long We Retain Your Personal Information for.
We will not retain your personal information longer than necessary. We will retain the personal information you provide to us or that we receive about you for as long as is needed to achieve the purpose that it was collected for, or for an extended period of time, even after the personal information is no longer needed to achieve the purpose that it was collected for, if the retention of your personal information records is: 
Required by law or any code of conduct; 
Required to meet regulatory requirements; 
Needed for evidentiary purposes, to resolve disputes, to prevent or investigate fraud and abuse, or to enforce any contract concluded with you; 
Reasonably required for lawful purposes that are related to Galderma’s functions, operations, or activities; 
Determined necessary in accordance with our internal document retention and destruction policies; 
Required for historical, research or statistical purposes. In these circumstances we will take measures to de-identify this personal information as far as reasonably possible. 
Where applicable, personal information that has been included on our customer database and that is used for marketing and communication purposes will be retained by us. When you request to unsubscribe from these communications, your contact information contained in our customer communication database will be placed into an unsubscribe list, to enable us to manage and honour your unsubscribe request. Should you require us to delete your personal information completely from our customer communication data base, you understand that we will no longer be able to manage your unsubscribe request (as we will no longer have a record of your unsubscribe request available in our database).  

11. Processing of Children's Personal Information.
We do not knowingly solicit or collect personal information from children below the age of 18 through our website or any third-party social networks. We do however record that the use of any of our third-party social network platforms by children under the age of 18 years of age is beyond our control, and in these circumstances the child is assumed to have deliberately made his/her personal information publicly available on the third-party social network platform with the consent of his/her parent or legal guardian. 

If we discover that we have unintentionally collected personal information from a child below the age of 18, we will remove that child’s personal information from our records promptly.  
Galderma may, however, collect personal information about a child below the age of 18 from the parent or legal guardian directly and/or and with parent or legal guardian’s consent, as required by law. 

12. Cookies, Similar Technologies, Log Files and Web Beacons 
Cookies/Similar Technologies: Please see our Cookie Notice to learn how you can manage your cookie settings and for detailed information on the cookies We use and the purposes for which We use them. 

Log Files: We collect information in the form of log files that record website activity and gather statistics about your browsing habits. These entries are generated automatically, and help us to troubleshoot errors, improve performance and maintain the security of our website. 

Web Beacons: Web beacons (also known as “web bugs”) are small strings of code that deliver a graphic image on a web page or in an email for the purpose of transferring data back to us. The information collected via web beacons will include information such as IP address, as well as information about how you respond to an email campaign (e.g. at what time the email was opened, which links you click on in the email, etc.). We may use web beacons on our website or include them in e-mails that we send to you. We use web beacon information for a variety of purposes, including but not limited to, site traffic reporting, unique visitor counts, advertising, email auditing and reporting, and personalisation. 

13. Direct Marketing.
Any electronic communications sent out by Galderma for the purposes of direct marketing will be done in compliance with the requirements of POPIA. 

You will be given the opportunity to unsubscribe from any of our electronic service and direct marketing communications, at the bottom of each communication that is sent to you, if you no longer wish to receive them.  

If you want to change how you receive any service and direct marketing communications from us or stop receiving it altogether, you can also contact our Deputy Information Officer at: info.sa@galderma.com (for the attention of the Deputy Information Officer). 

14. What Are Your Privacy Rights?
As a data subject, POPIA provides you with a number of rights in relation to how your personal information is used and processed. In terms of POPIA, you are entitled, in the prescribed manner and form, to: 
Request a copy of the personal information that we hold about you (subject to and in accordance with the provisions of the Promotion of Access to Information Act); 
Update the personal information you have given to us, in the event that the personal information is inaccurate or outdated; 
Request the correction, destruction, or deletion of personal information we hold about you (where legally permissible and subject to our right not to correct or delete the personal information record in certain circumstances); 
Object to your personal information being processed by us (on reasonable and lawful grounds), in instances where you have a legitimate reason to believe that we are not processing your personal information in accordance with the provisions of POPIA; and to 
Object to any processing of your personal information for the purpose of direct marketing by electronic communication, in the prescribed manner and form, or to unsubscribe from receiving any marketing or communication emails received from us by clicking the “unsubscribe” link at the bottom of any email.  

We will make commercially reasonable efforts to provide you reasonable access to any of your personal or other account information that we process and/or retain. In certain circumstances, such as when we are required retain or withhold the disclosure of certain personal information by law, we may not be able to provide you with access to all your personal information or we may not be able to change, rectify or delete your personal information at your request. In these circumstances, we will provide you with reasons as to why your request cannot be complied with.  
You can exercise any of your rights by contacting our Deputy Information Officer at Nicol Main Office Park, Block C FutureSpace, 2 Bruton Road Bryanston, 2191, Gauteng, South Africa, or by sending an email to info.sa@galderma.com (for the attention of the Deputy Information Officer).  

15. Complaints.
If you have a complaint about how we are processing your personal information, or if you wish to object to us processing your personal information or request the correction, deletion or destruction of any of the personal information records we hold about you please contact our Deputy Information Officer at info.sa@galderma.com (for the attention of the Deputy Information Officer), in the first instance, so that we can resolve the complaint or attend to your request. 
All requests need to be submitted on the prescribed forms, as set out in the POPIA Regulations. 
All requests for access to personal information records must be done on the form prescribed in terms of PAIA. 

The prescribed form for reporting complaints regarding the use or processing of your personal information by us, must be addressed on Form 1.

 
The prescribed form for requesting the correction, deletion, or destruction of your personal information records by us, must be addressed on Form 2. You acknowledge that in some instances Galderma may not be able to comply with your request to correct or delete your personal information, where this request conflicts with any applicable laws. 
In terms of POPIA, you are also entitled to direct a compliant to the Office of the Information Regulator, South Africa, if you feel that your complaint has not been adequately addressed directly with us. Complaints to be addressed to the Information Regulator must be completed in the prescribed manner and form (on prescribed Form 5 Part II, as set out in the POPIA Regulations).  

The Office of the Information Regulator may be contacted at inforeg@justice.gov.za (general enquiries) or complaints.IR@justice.gov.za (complaints). Their website is: http://www.justice.gov.za/inforeg/.  

16. Changes to This Notice.
Changes may need to be made to this Notice, from time to time. We will endeavour to only make changes to this Notice where they are material, necessary and/or required as a result of legislative or regulatory changes or guidance, or any code of conducts published that may be relevant to the industry in which our business operates.  

Any changes made to this Notice will be posted through an updated Notice that is loaded onto this website page. Please check this page to keep informed of any updated or revised Notice that may be posted.  

17. Laws Applicable to This Notice.
This Notice is governed by the laws of the Republic of South Africa, and you hereby consent to the jurisdiction of the South African courts in respect of any dispute which may arise out of or in connection with the formation, interpretation, substance, or application of this Notice.