Servier Laboratories (Aust) Pty Ltd (Servier) complies with the Australian Privacy Principles (APP) contained in the Commonwealth Privacy Act 1988 (Cth) (Privacy Act) and 2016/679 General Data Protection Regulation (GDPR) which regulates how personal information is handled from collection to use, disclosure, storage, access and destruction.
Servier and the Servier Group is committed to protecting the privacy of a Data Subject’s personal information and does so through:
- compliance: compliance with relevant privacy legislation.
- BCR: adopting Binding Corporate Rules to ensure the same level of protection is respected within all of the Servier Group entities, and to ensure consistency regarding the transfer of personal information within the Servier Group.
- governance: appointment of a global data protection officer, local data protection officers and compliance relays who are responsible for privacy compliance and raising awareness and educating employees on privacy rules. Implementation of numerous internal policies and procedures to ensure compliance of applicable privacy rules within the Servier Group.
- training: monitoring privacy education and compliance within the Servier Group through regular training.
- third party compliance: ensuring privacy compliance from all third parties Servier works with which process Data Subject’s personal information on our behalf.
- Data subject means an identified or identifiable natural person to whom personal information relates.
- Personal information means information or an opinion, whether true or not, that identifies a Data Subject, or from which a Data Subject’s identity can be easily determined. It includes information such as name, age, gender and contact details.
- Processing means any operation performed upon on a Data Subject’s personal information, whether or not by automated means, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of a Data Subject’s personal information
- Sensitive information is a subset of personal information and includes information or an opinion on a Data Subject’s race or ethnic origin, political opinions, membership of political, professional or trade associations or trade unions, religious beliefs, sexual orientation, criminal record, state of physical or mental health or medical history.
In this policy all references to personal information include sensitive information.
Collection of personal information
As a provider of pharmaceutical products, Servier collects personal information reasonably necessary to carry out its business. The types of personal information we may collect include:
- in relation to healthcare professionals – identifying and contact information such as name and business contact details, professional details, comments regarding our products and services, details during calls made by our sales representatives, statistical details regarding prescriptions given or filled and details of samples requested from us. This information is collected through some of the followings ways: direct contact, in response to product queries, in connection with providing product related information or services, conducting market research and purchasing such information from third party providers and conducting clinical research in accordance with clinical research guidelines and regulatory requirements.
- in relation to members of the public – identifying and contact information such as name and contact details, information about an individual’s physical or mental health and employment details. This information is collected through some of the followings ways: responding to individual queries, participation in Servier’s patient support programs, reporting from your healthcare professional for pharmacovigilance management, conducting market research through recruitment and conducting clinical research in accordance with clinical research guidelines and regulatory requirements.
Servier will not collect sensitive information without the consent of the Data Subject.
Servier will collect personal information directly from the Data Subject where it is reasonable and practicable to do so. We may also collect personal information from third parties such as:
- organisations that Servier engages to assist us to carry out our functions and activities (such as conference organisers);
- healthcare providers or colleagues; and
- online directory providers or providers of customer contact databases.
Servier may engage third parties such as data verification providers to provide services to us, which may include processing and validating personal information on our behalf.
Purposes for which we collect, hold, use and disclose personal information
Generally, Servier collects, holds, uses and discloses personal information for the following purposes:
- processing and verification of a Data Subject’s identity and personal information;
- general sales and marketing and providing information about Servier products and services or those of third parties which may be of interest to a Data Subject;
- to manage our patient support programs and other similar programs;
- to plan conferences, events and seminars including to organise travel to such events and accommodation and invite speakers and attendees;
- to assist in providing information relevant to Servier products and services;
- to help Servier research the needs of its users and to market its products and services with a better understanding of individual needs and the needs of users generally;
- to conduct Clinical Research in accordance with Clinical Research Guidelines and regulatory requirements and regulations;
- to establish and run medical boards or to acquire general opinions on medical and/or patient related issues;
- manage, review, develop and improve our business and operational processes and systems;
- manage, review and resolve any regulatory, government or other medical authority matters, notifications or requirements (including adverse event reporting);
- to recruit and manage human resourcing requirements and needs;
- manage relationships with Servier suppliers and vendors;
- monitoring of the scientific medical liaison with healthcare professionals;
- communication and relationship management and promotional activities with healthcare professionals including interactions, profiling activities, contract management, congress and meetings management and databases);
- pharmacovigilance management;
- resolve any legal and/or commercial complaints or issues; and
- perform any of our other functions and activities relating to our business.
In order to carry out the above purposes, Servier may disclose personal information to persons or organisations such as:
- Servier Head Office in France and its subsidiaries including those based in the US;
- our in-licensed partners in Japan and its subsidiaries;
- third party data verification providers who maintain and verify our company databases. Please note that such third party data verification providers may collect and disclose such personal information to their clients such as other pharmaceutical companies;
- our agents and service providers such as mailing houses, conference organisers and suppliers;
- our professional advisors;
- healthcare professionals;
- persons authorised by or responsible for the individual, including their agents and advisors;
- government agencies; and
- other parties to whom we are authorised or required by law to disclose information.
From time to time, Servier may use personal information to contact a Data Subject (including by mail, telephone call, text message or email) to provide promotional material about the company, our products and services or the products or services of third parties.
If a Data Subject does not wish to receive marketing information, the Data Subject can request not to receive this information by following the opt out instructions set out in the relevant communication or contacting our Privacy Officer using the details set out below.
Data quality, storage and security
Servier may store personal information that we hold in hard copy documents or as electronic data in our IT systems.
To the extent required by the Privacy Act and GDPR, Servier will take reasonable steps to:
- limit the collection of a Data Subject’s personal information to what is necessary in relation to the purposes for which it is collected and processed;
- make sure that the personal information that we collect, use and disclose is accurate, complete and up to date;
- retain a Data Subject’s personal information only for the legal and business retention requirements of Servier or the Servier Group and in a form which permits a Data Subject’s identification for no longer than is necessary for the purposes for which a Data Subject’s personal information is processed;
- protect the personal information that we hold from misuse and loss and from unauthorised access, modification or disclosure and take reasonable steps to ensure that any third parties who Servier works with which process a Data Subject’s personal information on our behalf comply with the same or at least as stringent security measures as those applied by Servier.; and
- where permitted by law, destroy, permanently de-identify or erase a Data Subject’s personal information that is no longer needed for any purpose that is permitted by the Privacy Act or GDPR.
If a Data Subject believes that any of their Personal Information that we may hold about them has been the subject of a data breach or has otherwise been unlawfully accessed, used or disclosed, the Data Subject should notify us immediately so that we can take appropriate steps to ensure its security.
Transfer of personal information overseas
Servier is a global organisation, with a presence on five continents, and businesses, IT systems, management structures and processes that cross borders. As such, it is sometimes necessary for Servier to transfer personal information to other Servier entities or third parties, in the same country as or in countries other than the country in which it was initially provided, and store personal information in databases that may be hosted in or accessible from other countries.
Any transfer of personal information outside Australia will comply with the requirements of the Privacy Act that relate to transborder data flows.
Access to and correction of personal information
A Data Subject has the right to:
- access its personal information: depending on whether a Data Subject’s request to access its personal information is as a patient, candidate, vendor or other and the applicable law, a Data Subject’s personal information may be disclosed either to the Data Subject directly or through a healthcare professional or another person designated by the Data Subject
- rectify and update its personal information
- erase its personal information
- restrict the Processing of its personal information
- exercise its right to data portability: and obtain from Servier the right to receive the Data Subject’s personal information, which the Data Subject has provided to Servier, in a structured, commonly used and machine-readable format
- object: at any time of the Processing, free of charge and without having to state legitimate grounds, to the Processing of the Data Subject’s personal information for the purposes of direct marketing (including profiling to the extent that it is related to such direct marketing)
- lodge a complaint: regarding the use of the Data Subject’s personal information,
- by contacting our Privacy Officer using the details set out below.
There are some circumstances where Servier may not allow a Data Subject to access or correct their personal information, in which case Servier will provide the Data Subject with the reasons for this decision in accordance with law.
If a Data Subject has a complaint about Servier’s handling of its personal (including sensitive) information, or a Data Subject believes Servier has acted in a manner that has breached the APPs or GDPR, the Data Subject should put their complaint in writing and send it to our Privacy Officer (details set out below).
The Privacy Officer will assess the complaint and advise the Data Subject of the outcome within (one month renewable on legitimate grounds and subject to the level of complexity of the case) after the complaint was received. If the Privacy Officer determines that the complaint was valid, appropriate action will be taken to remedy the breach.
The Privacy Officer will keep a record of all complaints, and review them annually for possible identification of systemic problems and to assist in finding ways in which Servier’s privacy practices can be improved.
Data Subjects who are not satisfied with our response to a complaint can contact the Office of the Australian Information Commissioner on the details below:
Office of the Australian Information Commissioner
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001
Online form: www.oaic.gov.au (Privacy Complaint Form)
If a Data Subject has any concerns or complaints about the manner in which personal information is collected or handled by Servier, or a Data Subject wishes to exercise any of its rights as described above in relation to its personal information, please contact the Servier Privacy Officer by phone: 03 8823 7333, in writing: P.O. Box 196, Hawthorn, Victoria 3122, by email:
or by clicking here.
Further information about the application of the Privacy Act can be found at the website of the Office of the Australian Information Commissioner at www.privacy.gov.au.