PRIVACY INFORMATION NOTICE FOR:
HEALTHCARE PROFESSIONALS (HCP)/EYECARE PROFESSIONALS (ECP) included in Alcon’s CRM system and receiving digital marketing communications
With this Privacy Notice, Alcon would like to tell you about the personal data (any information that is capable of identifying you) we collect and use as well as how we ensure we respect your rights.
For which reasons do we need to collect and use your data?
- We include your personal data in our Customer Relationship Management System (CRM) in order to communicate with you regarding the sale and promotion of our products (based on our legitimate interest).
- If you have given us your consent, we will use your personal data for sending you digital promotional communications as per your specific choices.
How do we ensure we respect your rights and the law?
We make sure we follow these Privacy Principles when we collect and use your personal data:
Security: We keep your personal data safe and secure from misuse or unauthorized alteration, loss, or access by using appropriate technical, physical, and organizational measures (such as multifactor password authentication, encryption, access restriction, etc.).
Limited Purpose: We collect and use your personal data only as necessary for the purpose.
Limited Data: We only collect the personal data that we need.
Data Quality: We keep your personal data up to date and ensure that it is accurate.
Limited Access: We only give access to your personal data on a strict need to know basis.
Limited Retention: We only keep your personal data as long as necessary for the purpose.
Lawful Use: We make sure we have a valid and lawful reason to collect and use your personal data.
What personal data do we collect and use?
We collect and use the following personal data:
- Your name, business contact details, and professional qualifications, (sources: directly from you, public sources such as websites or third party data providers like IQVIA/IMS/Veeva/MedPro);
- Information specific to our professional interactions, e.g. meeting visit notes, (source: directly from you);
- The scheduling of meetings with you (source: directly from you or from your employer or place of business);
- Information relevant to your professional interests such as promotional, medical, and educational information (source: directly from you or from a third party provider); and
- If you have consented to receiving digital communication from us: information relevant to your preferred content, preferred communication channels, your access to and interest in communication sent.
Why do we collect and use your personal data?
We collect your personal data in order to:
- Schedule meetings with you;
- Determine your interest in receiving information relating to Alcon products;
- Provide Information relevant to your professional interests such as promotional, medical and educational information;
- Comply with voluntary or regulatory transparency reporting disclosures or other regulatory obligations.
We rely on our legitimate interest as a healthcare company to engage in business interactions with you.
In the case of digital marketing activities we rely on your consent.
We may also collect and use your personal data as necessary based on our regulatory transparency reporting or other legal requirements. For any voluntary transparency reporting we will ask for your consent.
How long do we keep your data?
We keep and use your information for as long as necessary for the administration of our relationship unless you ask us to delete your data prior to that date or unless otherwise required under transparency reporting disclosures or other regulatory obligations.
Automated Decision Making and Profiling
We do not use any automated decision making or profiling.
Do you need to provide us with your personal data?
You are not obliged to provide us with any personal data.
Who do we share your personal data with?
If required your personal data can be shared by Alcon with:
- Other companies in the worldwide Alcon Group, wherever located
- Third party consultants, service providers, partner companies contracted by or on behalf of Alcon or its affiliates, wherever located;
- Healthcare professional boards, authorities, government agencies, regulators wherever located;
- Publically online as part of voluntary transparency disclosures; and
- Where required by institutional policy or government entity, to your employer.
Where is your personal data used or stored?
We transfer your personal data to other countries outside of the European Economic Area including to countries like the US where Data Protection standards are less strict.
We transfer your personal data:
- To Switzerland and Japan: Switzerland and Japan are considered as providing adequate data protection standards.
- Within the worldwide Alcon group of companies to the United States: We rely on Standard Contractual Clauses for these transfers.
- To service providers located in countries where data protection standards have not been determined to be adequate by the European Union: these countries include the United States and India. In these cases, we will ensure that any recipients of your personal data are bound by contract to the European data protection standards.
You can reach out to our Data Protection Officer for further information. Alternatively you can find further details on these protections on the European Commission’s webpage on international transfers (see for example: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/rules-international-data-transfers_en)
What are your rights?
Depending on your country of residence and on where your personal data is used, you may have a number of rights.
The availability of some of these rights depends on the lawful basis for processing your personal data and your rights may also be subject to certain other legal conditions and restrictions.
You may have the right:
- to obtain access to your personal data together with information about how and on what basis that personal data is processed;
- to rectify inaccurate personal data (including the right to have incomplete personal data completed);
- to erase your personal data in limited circumstances where it is no longer necessary in relation to the purposes for which it was collected or processed or where you object to or withdraw your consent. This right may also apply where the processing was unlawful;
- to restrict processing of your personal data where:
- the accuracy of the personal data is contested;
- the processing is unlawful but you object to the erasure of the personal data; o we no longer require the personal data for the purposes for which it was collected, but it is required for the establishment, exercise, or defense of a legal claim;
- to challenge processing which we have justified on the basis of a legitimate interest;
- to obtain a portable copy of your personal data, or to have a copy transferred to a third party controller;
- to obtain more information as to safeguards under which your personal data is transferred outside of the EEA (if relevant); or,
- to withdraw your consent
- to lodge a complaint with the data protection/supervisory authority noted below.
We may ask you for additional information to confirm your identity and for security purposes before processing your request.
Who can you contact regarding your rights?
Data Controller: The entity that determines why and how your personal data is processed is called a Data Controller.
The Data Controller for the processing of your personal data is:
For Alcon organizations or affiliates located outside of the EEA, Alcon has elected Alcon Laboratories Belgium BVBA as its legal representative.
Data Protection Officer Alcon: [email protected]
Data Protection Authority/Supervisory Authority: The Data Protection Authority/Supervisory Authority for the processing of your personal data is the authority located in the country where you live or work. More information about how to contact these authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en .