PRIVACY INFORMATION NOTICE FOR:
HEALTHCARE PROFESSIONALS (HCP)/EYECARE PROFESSIONALS (ECP) included in Alcon’s CRM system and receiving digital marketing communications
With this Privacy Notice, Alcon would like to tell you about the personal information (any information that is capable of identifying you) we collect and use as well as how we ensure we respect your rights.
For which reasons do we need to collect and use your personal information?
- We include your personal information in our Customer Relationship Management System (CRM) in order to communicate with you regarding the sale and promotion of our products (based on our legitimate interest).
- If you have given us your consent, we will use your personal information for sending you digital promotional communications as per your specific choices.
How do we collect your personal information and for what purpose?
We collect information that you voluntarily provide when you use our services.
Purpose: We use your information to deliver the programs, services, products, or information you request, and we may also use it:
- to provide customer support;
- to deliver marketing communications that may be of interest to you;
- to send administrative information to you, such as information about the our services and our terms, conditions and policies;
- to permit you to participate in polls, surveys, promotions, or other interactive features, such as chat features, and to administer these activities;
- to personalise your experience and better tailor content and offers to you;
- to help us and our business partners better understand our customers, improve our services, and perform other market research activities;
- for our business purposes, such as data analysis; audits; monitoring and prevention of fraud, infringement, and other potential misuse of our services; modifying our services, determining the effectiveness of our promotional campaigns; and operating and expanding our business activities.
We may use information that does not personally identify you for any purpose, except where we are required to do otherwise under applicable law.
How do we ensure we respect your rights and the law?
We make sure we follow these Privacy Principles when we collect and use your personal information:
Security: We keep your personal information safe and secure from misuse or unauthorized alteration, loss, or access by using appropriate technical, physical, and organizational measures (such as multifactor password authentication, encryption, access restriction, etc.).
Limited Purpose: We collect and use your personal information only as necessary for the Purpose.
Limited Information: We only collect the personal information that we need to achieve the Purpose.
Information Quality: We keep your personal Information up to date and ensure that it is accurate.
Limited Access: We only give access to your personal information on a strict need to know basis to carry out the Purpose for which it was collected.
Limited Retention: We only keep your personal Information as long as necessary for the Purpose.
Lawful Use: We make sure we have a valid and lawful reason to collect and use your personal information.
What personal information do we collect and use?
We collect and use the following personal information:
- Your name, business contact details, and professional qualifications, (sources: directly from you, public sources such as websites or third party data providers like IQVIA/IMS/Veeva/MedPro);
- Information specific to our professional interactions, e.g. meeting visit notes, (source: directly from you);
- The scheduling of meetings with you (source: directly from you or from your employer or place of business);
- Information relevant to your professional interests such as promotional, medical, and educational information (source: directly from you or from a third party provider); and
- If you have consented to receiving digital communication from us: information relevant to your preferred content, preferred communication channels, your access to and interest in communication sent.
Why do we collect and use your personal information?
We collect your personal information in order to:
- Schedule meetings with you;
- Determine your interest in receiving information relating to Alcon products;
- Provide Information relevant to your professional interests such as promotional, medical and educational information;
- Comply with voluntary or regulatory transparency reporting disclosures or other regulatory obligations.
We rely on our legitimate interest as a healthcare company to engage in business interactions with you.
In the case of digital marketing activities we rely on your consent.
We may also collect and use your personal information as necessary based on our regulatory transparency reporting or other legal requirements. For any voluntary transparency reporting we will ask for your consent.
How long do we keep your personal information?
We keep and use your information for as long as necessary for the administration of our relationship unless you ask us to delete your personal information prior to that date or unless otherwise required under transparency reporting disclosures or other regulatory obligations.
Automated Decision Making and Profiling
We do not use any automated decision making or profiling.
Do you need to provide us with your personal information?
You are not obliged to provide us with any personal information.
Who do we disclose/share your personal information with?
If required your personal information can be disclosed/shared by Alcon with:
- Other companies in the worldwide Alcon Group, wherever located
- Third party consultants, service providers, partner companies contracted by or on behalf of Alcon or its affiliates, wherever located;
- Healthcare professional boards, authorities, government agencies, regulators wherever located;
- Publically online as part of voluntary transparency disclosures; and
- Where required by institutional policy or government entity, to your employer.
Such disclosure/sharing is carried out for undertaking the purpose for which the information was collected.
Where is your personal information used or stored?
We transfer your personal information to other countries outside of Australia and New Zealand including to countries like the US where Data Protection standards are less strict.
We transfer your personal information:
- To the European Economic Area which has a high level of data protection laws and requirements;
- To Switzerland and Japan: Switzerland and Japan are considered as providing adequate data protection standards.
- Within the worldwide Alcon group of companies to the United States: We rely on Standard Contractual Clauses for these transfers.
- To service providers located in countries where data protection standards have not been determined to be adequate by the European Union: these countries include the United States and India. In these cases, we will ensure that any recipients of your personal information are bound by contract to the Australian Privacy Law standards and EU General Data Protection Regulations (EU GDPR .
You can reach out to our Data Privacy Officer for further information. Alternatively you can find further details on these protections on the European Commission’s webpage on international transfers (see for example: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/rules-international-data-transfers_en)
What are your rights?
Depending on your country of residence and on where your personal information is used, you may have a number of rights.
The availability of some of these rights depends on the lawful basis for processing your personal information and your rights may also be subject to certain other legal conditions and restrictions.
You may have the right:
- to obtain access to your personal information together with information about how and on what basis that personal information is processed;
- to rectify inaccurate personal information (including the right to have incomplete personal information completed);
- to erase your personal information in limited circumstances where it is no longer necessary in relation to the purposes for which it was collected or processed or where you object to or withdraw your consent. This right may also apply where the processing was unlawful;
- to restrict processing of your personal information where:
- the accuracy of the personal information is contested;
- the processing is unlawful but you object to the erasure of the personal information; we no longer require the personal data for the purposes for which it was collected, but it is required for the establishment, exercise, or defense of a legal claim;
- to challenge processing which we have justified on the basis of a legitimate interest;
- to obtain a portable copy of your personal information, or to have a copy transferred to a third party controller;
- to obtain more information as to safeguards under which your personal information is transferred outside of Australian and New Zealand(if relevant); or,
- to withdraw your consent
- to lodge a complaint with the data protection/supervisory authority noted below.
We may ask you for additional information to confirm your identity and for security purposes before processing your request.
Who can you contact regarding your rights?
Privacy Officer : The entity that determines why and how your personal information is processed is called a Privacy Officer.
The Privacy Officer for the processing of your personal data is:
The Privacy Officer
or alternatively you can write to us at:
Alcon Laboratories (Australia) Pty Ltd
Suite 1, Level 7
15 Talavera Road
Macquarie Park NSW 2113
Data Protection Authority/Supervisory Authority: The Data Protection Authority/Supervisory Authority for the processing of your personal information is the authority located in the country where you live or work. More information about how to contact these authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en .
More information about Australian privacy law and privacy principles is available from the Privacy Commissioner. The Privacy Commissioner may be contacted at www.oaic.gov.au (email: [email protected]) or if you are within Australia call 1300 363 992.
If you have a complaint about a breach of the Privacy requirements - who to contact
If there is a concern about a breach of the relevant Privacy requirements, please contact the Privacy Officer at one of the above contact points. We may ask you to put your complaint in writing and to provide details about it. We may discuss your complaint with our personnel and our service providers and others as appropriate.
Our Privacy Officer will investigate the matter and attempt to resolve it in a timely manner. Our Privacy Officer will inform you in writing about the outcome of the investigation. If our Privacy Officer does not resolve your complaint to your satisfaction and no other complaint resolution procedures are agreed or required by law, our Privacy Officer will inform you that your complaint may be referred to the Privacy Commissioner for further investigation and will provide you with the Commissioner’s contact details.