Last updated 19 July 2019
GlaxoSmithKline (GSK or we) value your privacy and care about the way in which your personal information is treated. We want you to understand:
If you have any questions, feel free to get in touch via one of the methods set out in the Contact us section below.
The personal information that we process includes:
- Your basic information – such as name (including name prefix or title), gender, age and date of birth;
- Contact information – such as mailing address, email address, social media username, phone number(s), your preferred mode of contact and language;
- Professional details – such as your education, occupation/position/role, hospital, medical specialty, and medical practitioner number, student number or professional ID;
- certain information from your social media account where you have chosen to connect your social media account with your GSK account;
- your responses to any surveys that you may choose to participate in, including disease or practice-related survey responses (such as an estimate of the number of patients you see who have a certain condition);
- Technical information – such as: information about the device you use to interact with us (including the unique device identifier, hardware model, operating system and version, and mobile network information);
- Activity data, such as whether an email we sent you was opened; and
- Information from your visits to our websites (including the type of browser and operating system you use, access times, pages viewed, URLs clicked on, your IP address and the page you visited before navigating to our websites)
We may also process information about you which reveals information about your health status. For example, where you tell us about a health condition you are experiencing, where we receive a report that you have experienced a side effect associated with one of our products, or where health information can be inferred from information that you have provided to us when you get in touch with us for any reason. Where we process this type of information about you we will, if required by law, take appropriate steps to get your consent to our use of this information.
We collect your personal information in the course of monitoring our technology tools and services, including email communications sent to and from GSK. Otherwise, we gather and generate information about you when you provide it to us or interact with us directly. For example, when you register on one of our digital platforms, engage with one of our sales representatives, attend events hosted by or attended by us, and when you get in touch for customer support or to provide feedback. We may also receive professional information about you from other sources, such as external sources of healthcare provider information (including publicly available sources), social media companies in accordance with their authorisation procedures (e.g. where you have linked your GSK account with your social media account), and your patients (e.g., where they have told us that you are their healthcare provider). We may combine information that we have about you from various sources, including the information that you have provided to us.
We use your personal information to:
A. Provide you with services, including to:
- personalise the content on our digital platforms to match your user profile or likes and dislikes, and improve our services;
- provide you with information, including marketing communications, through the channels you choose, for example by email
- if you are an HCP, learn about your professional practice and your interests.
B. Contact and interact with you, including to:
- answer your questions and request for services, and solicit your feedback
- send important notices, such as changes to our terms, conditions and policies; and
- send you technical notices, updates, security alerts and support and administrative messages.
C. Manage our day-to-day operations, including:
- to comply with applicable laws, rules, regulations, guidance, codes, and industry/ professional rules and regulations;
- to comply with demands or requests made by local and foreign regulators, governments, courts and law enforcement authorities, and complying with a court process, or in connection with any litigation; and
- to investigate and take action against users who violate our rules or who engage in behaviour that is illegal or harmful to others or to others’ property.
D. Improve our day-to-day operations, including:
- for internal purposes such as auditing, data analysis and research to help us deliver and improve our GSK digital platforms, content and services;
- to monitor and analyse trends, usage and activities in connection with our products and services to understand which parts of our digital platforms and services are of the most interest and to improve the design and content of our platforms; and
- to ensure we have up-to-date contact information for you.
- For legitimate business purposes: Using your personal information helps us to operate and improve our business and minimise any disruption to the services that we may offer to you. It also allows us to make our communications with you more relevant and personalised to you, and to make your experience of our products and services an efficient and effective one.
- To comply with our legal obligations and other demands for information: Compliance with laws, regulations, rules, codes and guidance is important to us, and we would want to be able to comply with these, as well as the other requests or demands for data as set out here. They affect the way in which we run our business, and they help us to make our products and services as safe as we can. Where we use your personal information for this purpose, rest assured that where possible we will take measures to protect your personal information.
- Your consent: At times we may need to get your consent to allow us to use your personal information for one or more of the purposes set out above. See the Your rights section for information about the rights that you have if we process your information on the basis of your consent.
We will always keep your personal information for the period required by law. We will also keep your personal information where we need to do so in connection with legal action or an investigation involving GSK.
Otherwise, we keep your personal information for two years after the last date you were active on gskhealthpartner.com, or:
- where we have provided you with product samples, we keep your personal information (such as your signed receipt of the samples) for no longer than three years
- where you have participated in our conventions, we keep your personal information for no longer than seven years
- where you have contacted us with a question or request, we will keep your personal information for as long as necessary to allow us to respond your question or request
We may share your personal information with any of the following:
- members of the GSK group of companies; and
the following trusted third parties:
- our agents and suppliers, including those who provide us with technology support services such as data analytics, hosting and technical support;
- our professional advisors and auditors;
- our affiliates;
- regulators, governments and law enforcement authorities;
- courts, tribunals, arbitrators or other judicial committees; and
- other third parties in connection with our selling, merging, buying, or reorganising all or any part of our business, or carrying out any similar change of our business (including any potential or actual purchaser of that business or that purchaser’s advisors).
See the Protecting your personal information section for information on how we keep your personal information secure when sharing it with others.
Your personal information may be processed by GSK, its affiliated companies and GSK’s trusted third party suppliers anywhere in the world, including in countries where data privacy laws may not be equivalent to, or as protective as, the laws in your home country
These countries may include: United States and India, as well as countries within the European Union.
We will implement appropriate measures to ensure that your personal information remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws. These measures include data transfer agreements implementing standard data protection clauses. You can find more information about data transfer agreements here.
Websites that we do not own or control
From time to time we may provide links to websites or mobile applications that we do not own or control. This Privacy Notice does not apply to those websites. If you choose to use those websites, please make sure that you check the legal and privacy statements posted on each website or mobile application you access to understand their privacy practices.
We use a variety of security measures and technologies to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection and privacy laws.
For example, when we share your personal information with external suppliers, we may put in place a written agreement which commits the suppliers to keep your information confidential, and to put in place appropriate security measures to keep your information secure.
You may be entitled to:
- opt out from processing of your personal information for direct marketing purposes (where you have previously opted in);
- ask GSK about the processing of your personal information, including to be provided with a copy of your personal information;
- request the correction and/or deletion of your personal information;
- request the restriction of the processing of your personal information, or object to that processing;
- withdraw your consent to the processing of your personal information (where GSK is processing your personal information based on your consent);
- request receipt or transmission to another organisation, in a machine-readable form, of the personal information that you have provided to GSK; and
- complain to your local supervisory authority if your privacy rights are violated, or if you have suffered as a result of unlawful processing of your personal information.
Where you are given the option to share your personal information with us, you can always choose not to do so. If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.
This could mean that we are unable to perform the actions necessary to achieve the purposes of processing described (see ‘How do we use your personal information?’) or that you are unable to make use of the services and products offered by us. After you have chosen to withdraw your consent GSK may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with our reporting obligations, such as adverse effect reporting.
If you have questions or requests about the processing of your personal information (including any exercise of your rights), or need additional information, you can contact us at: EU.DPO@GSK.com
If you contact us, please note the name of the websites you have visited, as well as how we may contact you.
Consumer enquiries: email@example.com
Adverse Event reporting: +44 (0) 800 783 8881
Contact information for other GSK locations can be found at http://www.gsk.com/en-gb/contact-us/worldwide/
Data Controller and Data Protection Officer
GlaxoSmithKline Consumer Healthcare (UK) Trading Limited, 980 Great West Road, Brentford Middlesex TW8 9GS England, is the controller of your personal information. EU.DPO@GSK.com is the data protection officer.