PRIVACY INFORMATION NOTICE FOR:
HEALTHCARE PROFESSIONALS (HCP)/EYECARE PROFESSIONALS (ECP) included in Alcon’s CRM system and receiving digital marketing communications
Alcon would like to tell you about the personal data (any information that identifies you) we collect and use, as well as how we ensure we respect your rights.
Why do we need to collect and use your data?
- We include your personal data in our Customer Relationship Management System (CRM) in order to communicate with you regarding the sale and promotion of our products – because you have used or bought our products in the past.
- You have given us your consent to do so (on an opt-in or an opt-out basis as required by the laws of the country where you are resident). We will use your personal data to send you digital promotional communications as per your specific choices.
We collect your personal data in order to:
- Schedule meetings with you;
- Determine your interest in receiving information relating to Alcon products;
- Provide information relevant to your professional interests such as promotional, medical and educational information;
- Comply with voluntary or regulatory transparency reporting disclosures or other regulatory obligations.
We rely on our legitimate interest as a healthcare company to engage in business interactions with you. We may also have a contract with you, or be involved in a specific question on patient care.
In the case of digital marketing activities, we rely on your consent either on an opt-in or opt-out basis, as required by the laws of the country where you are resident.
We may also collect and use your personal data as necessary based on our regulatory transparency reporting or other legal requirements. For any voluntary transparency reporting related to compliance with codes/regulations, we will ask for your consent.
How do we ensure we respect your rights and the law?
We follow these Privacy Principles when we collect and use your personal data:
Security: personal data is kept safe and secure from misuse or unauthorized alteration, loss, or access by using appropriate technical, physical, and organizational measures (e.g. multifactor password authentication, encryption, access restriction).
Limited Purpose: We collect/use personal data only as necessary for the purpose.
Limited Data: We only collect the personal data that we need.
Data Quality: We keep your personal data up to date and ensure that it is accurate.
Limited Access: access to your personal data is given on a strict need to know basis.
Limited Retention: personal data is kept as long as necessary for the purpose.
Lawful Use: We require a valid and lawful reason to collect and use your personal data (e.g a legitimate business interest or contact with an existing customer).
What personal data do we collect and use?
We collect and use the following personal data:
- Your name, business contact details, and professional qualifications, (sources: directly from you, public sources such as websites or third party data providers like IQVIA/IMS/Veeva/MedPro);
- Information specific to our professional interactions, e.g. meeting visit notes, (source: directly from you);
- The scheduling of meetings with you (source: directly from you or from your employer or place of business);
- Information relevant to your professional interests such as promotional, medical, and educational information (source: directly from you or from a third party provider); and
- If you have consented (on an opt-in or opt-out basis) to receiving digital communications from us: information relevant to your preferred content, preferred communication channels, your access to and interest in communication sent.
How long do we keep your data?
We keep and use your information for as long as necessary for the administration of our relationship, unless you ask us to delete your data, or unless otherwise required under transparency reporting disclosures or other regulatory obligations.
Automated Decision Making and Profiling
We do not use any automated decision making or profiling.
Do you have to provide us with your personal data?
You are not obliged to provide us with any personal data.
Who do we share your personal data with?
If required your personal data can be shared by Alcon with:
- Other companies in the worldwide Alcon Group, wherever located;
- Third party consultants, service providers, partner companies contracted by or on behalf of Alcon or its affiliates, wherever located – for the purpose of fulfilling a contract with you;
- Healthcare professional boards, authorities, government agencies, regulators;
- Publicly online as part of voluntary transparency disclosures as per applicable codes/regulations; and
- Where required by institutional policy or government entity, to your employer.
Where is your personal data used or stored?
We transfer your personal data:
- To Switzerland and Japan: both are considered as providing adequate data protection standards by the EU.
- Within the worldwide Alcon group of companies including to the United States: We rely on approved legal methods for such international transfers including Standard Contractual Clauses (an approved European Union legal method) or other country approved transfer contracts for non-European Union countries, for these transfers.
- To service providers located in countries where data protection standards may not have been determined to be adequate by the European Union, for example the United States and India. In these cases, if you are located in a European Union country we will ensure that any recipients of your personal data are bound by contract to meet applicable data protection standards.
Please contact our Data Protection Officer for further information. Alternatively for persons based in the European Union, you can find further details on these protections on the European Commission’s webpage on international transfers (see for example: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/rules-international-data-transfers_en)
What are your rights?
Depending on your country of residence and on where your personal data is used, you may have a number of rights.
You may have the right to:
- obtain access to your personal data together with information about how and on what basis that personal data is processed;
- rectify inaccurate personal data (including the right to have incomplete personal data completed);
- erase your personal data in limited circumstances where it is no longer necessary in relation to the purposes for which it was collected or processed or where you object to or withdraw your consent. This right may also apply where the processing was unlawful;
- restrict processing of your personal data where:
- the accuracy of the personal data is contested;
- the processing may be non-compliant but you do not wish at this stage to request erasure of the personal data;
- challenge processing where it is justified on the basis of a legitimate interest;
- obtain a portable copy of your personal data, or to have a copy transferred to a third party controller;
- obtain more information as to safeguards under which your personal data is transferred outside of the EEA (if relevant); or,
- withdraw your consent
- lodge a complaint with the data protection/supervisory authority noted below.
We will ask you to confirm your identity for security purposes, if you exercise a right.
Who can you contact regarding your rights?
Data Controller: The entity that determines why and how your personal data is processed is called a Data Controller.
The Data Controller for the processing of your personal data is:
Alcon Vision LLC and its affiliates
For Alcon organizations or affiliates located outside of the EEA and for the purposes of the applicability of the General Data Protection Regulation 2016/679, Alcon has elected Alcon Laboratories Belgium BVBA as its legal representative.
Data Protection Officer Alcon: [email protected]
Data Protection Authority/Supervisory Authority: The Data Protection Authority/Supervisory Authority for the processing of your personal data is the authority located in the country where you live or work. For individuals resident in the European Union, more information about how to contact these authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en .