Privacy Notice

Last revision: December 2024

This Privacy Notice is addressed to the healthcare professionals with whom we create or maintain a relationship.

You are reviewing this Privacy Notice because Novartis Pharma S.A.E is processing information about you which constitutes “personal data” and Novartis Group considers the protection of your personal data and privacy a very important matter.

Novartis Pharma S.A.E having its registered office at Building E/ Building No. (5), Plot No. 5A- Touristic Area, New Cairo, Cairo, Egypt (“Novartis”) is responsible for the processing of your personal data acting as the “controller”. It may exercise this responsibility alone or jointly with other company(-ies) in the Novartis group (Novartis Pharma AG and its group companies), acting as “co-controller(s)”, In this Privacy Notice, “we” or “us” refers to Novartis Pharma AG and its group companies including Novartis Pharma S.A.E.  

We invite you to carefully read this Privacy Notice, which sets out in which context we are processing your personal data and explains your rights and our obligations when doing so.

Should you have any further question in relation to the processing of your personal data, we invite you to contact your local data privacy officer at [email protected].

1. What information do we have about you?
This information may either be directly provided by you, by our business partners (i.e. the legal entity for whom you work), by third parties (e.g. external vendors like IQVIA) or be obtained through trusted publicly available sources (such as congress websites), having obtained your consent to provide us with such personal data where necessary under applicable law. We collect various types of personal data about you, including:

• your general and identification information (e.g. name, email, address, and/or phone number).
• your function (e.g. title, specialty, congress activities, biography, education).
• payment information; if required and provided by you (e.g. credit card details, bank account details, VAT or other tax identification number).
• your electronic identification data where required for the purpose of delivering products or services of our company (e.g. login, IP address, image recording or voice recordings).
• information regarding your utilization, responses and/or preferences including in terms of types of messages discussed, channels of communication and frequency.
• data you provide to us for example when you fill in forms or during events you attend, or when you answer questions during a conversation or in a survey.
• We collect personal information directly from you. The collection of personal data is on voluntary basis which shall be processed in line with the purposes indicated below.
• If you register on this website, we will collect the information on the registration form, including your name, work email address, and areas of expertise.

2. For which purposes do we use your personal data and why is this justified?
We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. In particular, we process your personal data for the following purposes:

• manage our relationship with you (e.g. through our databases).
• implement tasks in preparation of or to perform existing contracts.
• provide you with appropriate, adequate and updated information about disease, drugs as well as our products and service.
• improve the quality of our interactions and services by adapting our offering to your specific needs.
• answer your requests and provide you with efficient support.
• send you surveys (e.g. to help us improve your future interactions with us).
• send you communications regarding products, therapeutic areas, or services that we promote.
• manage, plan, and execute communications and interactions with you (e.g. through the operation of a database keeping records of interactions with healthcare professionals or managing call planning as well as call reporting).
• track our activities (e.g. measuring interactions or sales, number of appointments/calls).
• invite you to events or promotional meetings sponsored by us (e.g. medical events, speaker events, conferences).
• grant you access to our training modules allowing you to provide us with certain service.
• manage our IT resources, including infrastructure management and business continuity.
• running of patient support programs.
• any other purposes imposed by law and authorities.

3. Who has access to your personal data and to whom are they transferred?
We will not sell, disclose, share, or otherwise transfer your personal data to third parties other than those indicated in this Privacy Notice.

In the course of our activities and for the same purposes as those listed in this Privacy Notice, your personal data can be accessed by, or transferred to the following categories of recipients inside or outside of your country, on a need to know basis to achieve such purposes:

• our personnel (including personnel, departments, or other companies of the Novartis group).
• our independent agents or brokers (if any).
• our suppliers and services providers that provide services and products to us.
• our IT systems providers, cloud service providers, database providers and consultants.
• our business partners who offer products or services jointly with us or with our subsidiaries or affiliates.
• any third party to whom we assign or novate any of our rights or obligations; and
• our advisors and external lawyers in the context of the sale or transfer of any part of our business or its assets.

The above third parties are contractually obliged to protect the confidentiality and security of your personal data, in compliance with applicable local law. Your personal data can also be accessed by or transferred outside your jurisdiction, where we are allowed or required to do so by applicable law or regulation or at their request.

For intra-group transfers of personal data to our group companies, the Novartis Group has adopted Binding Corporate Rules, a system of principles, rules and tools, provided by European law, in an effort to ensure effective levels of data protection relating to transfers of personal data outside the EEA and Switzerland. Read more about the Novartis Binding Corporate Rules by clicking here Novartis Binding Corporate Rules (BCR) | Novartis.

If we transfer your personal data to external companies (including third parties) in other jurisdictions, we will make sure to protect your personal data by acting in accordance with our policies and standards.

4. How long do we store your personal data?
We will only retain your personal data for as long as necessary to fulfill the purpose for which it was collected or to comply with legal or regulatory requirements.

5. What are your rights and how can you exercise them?
If you have a question or want to exercise any of your privacy rights, you may send an email to [email protected] with a scan of your identity card for identification purpose, it being understood that we shall only use such data to verify your identity and shall not retain the scan after completion of the verification.

If you are not satisfied with how we process your personal data, please address your request to our data protection officer at [email protected] who will investigate your concern.

In any case, you also have the right to file a complaint with the competent data protection authorities, in addition to your rights above.

6. How will you be informed of the changes to our Privacy Notice?
Any future changes or additions to the processing of your personal data as described in this Privacy Notice will be notified to you in advance through an individual notice through our usual communication channels (e.g. by email or via our internet websites).