GSK Privacy Statement

Updated: January 4, 2019

We value our ability to provide you with information through our interactions with you, whether they are face to face interactions, through our digital platforms (like our mobile applications and websites) or one of the other ways you can choose to interact with us. 

This Privacy Statement sets out how GlaxoSmithKline and its group of companies (“GSK,” “we,” “us” and “our”)  uses and protects any information that you give to us. We respect your privacy and are committed to protecting your personal information. This Privacy Statement explains how we collect, transfer, process, use and disclose data about you and sets out our security practices.

By providing us with your personal information, you agree and consent to its transfer, processing, use and disclosure as outlined in this Privacy Statement.

What we collect

We collect personally identifiable information (PII) which is information that identifies you as an individual.   

Digital usage information

From all visitors to our websites and all users of our mobile applications we e automatically collect information about your internet address (“URL or “Uniform Resource Locator”), the unique ID of your device, computer browser type and operating system, websites you visited before and after visiting our websites, standard server log information, Internet Protocol (IP) addresses, GPS location data, mobile phone service provider, and mobile phone operating system.

We use this information to understand how our visitors use our websites and mobile applications so that we can improve them, the services we offer, and our advertising by tracking the pages viewed and hyperlinks clicked-on.. We may also share this information with other companies within the GSK group and with other third parties.  

Information about the operator of websites or mobile applications (and the GSK entity controlling any PII that is collected) can be found on the footer and/or contact page of websites and in the licensing agreement of mobile applications.

Registered Users

We collect additional PII if you register with our websites or mobile applications and specifically provide it to us

This PII may include your:

  • name
  • postal address
  • telephone number
  • e-mail address
  • date of birth, age;
  • certain information from your social media account where you have chosen to connect your social media account with your GSK account;
  • activity data, such as whether an email we sent you was opened;

We may also process information about you which reveals information about your health status. For example, where you tell us about a health condition you are experiencing, where we receive a report that you have experienced a side effect associated with one of our products, or where health information can be inferred from information that you have provided to us when you get in touch with us for any reason. Where we process this type of information about you we will, if required by law, take appropriate steps to get your consent to our use of this information.

Registered Healthcare Providers

If you are a healthcare provider or healthcare student this may also include

  • your gender
  • language;
  • your contact preferences
  • your professional details (such as your education, occupation/position/role, hospital, medical specialty, and medical practitioner number, student number or professional ID);
  • your responses to any surveys that you may choose to participate in, including disease or practice-related survey responses (such as an estimate of the number of patients you see who have a certain condition).

We collect your personal information in the course of monitoring our technology tools and services, including email communications sent to and from GSK. Otherwise, we gather and generate information about you when you provide it to us or interact with us directly. For example, when you register on one of our digital platforms, engage with one of our sales representatives, attend events hosted by or attended by us, and when you get in touch for customer support or to provide feedback. We may also receive professional information about you from other sources, such as external sources of healthcare provider information (including publicly available sources), social media companies in accordance with their authorization procedures (e.g. where you have linked your GSK account with your social media account), and your patients (e.g., where they have told us that you are their healthcare provider). We may combine information that we have about you from various sources, including the information that you have provided to us.

How we use your PII

By providing your PII, you agree that, where it is permitted by local law or where you have agreed to receiving these communications from us, we, and trusted third parties working on our behalf, may use the information:

  • to respond to your requests
  • to improve our level of service
  • to improve the content of our communications and advertising
  • to provide you with tips, helpful information, product news and updates
  • to notify you of our new products and services
  • to seek your views on our products and services
  • to consider your application for employment
  • for our own administrative and quality assurance purposes
  • to meet our legal requirements
  • for other purposes that may be detailed on the website or mobile application

How we protect your PII

GSK will take appropriate legal, organizational, and technical measures to protect your PII consistent with applicable privacy and data security laws.

When GSK uses a third-party service provider, that provider will be carefully selected and required to use appropriate measures to protect the confidentiality and security of personal information. We use a variety of security technologies and procedures to help protect your PII from unauthorised access, use or disclosure.

Unfortunately, the transmission of information via the Internet or a mobile phone network connection is not completely secure.

Although we will do our best to protect your PII, we cannot guarantee the security of the PII you transmit to our websites or mobile applications: any transmission is at your own risk.

While we cannot guarantee that loss, misuse or alteration to data will not occur, once we have received your information, we will employ appropriate technical security measures to help prevent such unfortunate occurrences.

Sharing PII with third parties

We may share your PII with our affiliates, contractors, and agents in the normal course of business for the purposes described in this policy.

Unless otherwise specified in the website or mobile application, we will not sell or rent PII to other third parties, except that your PII may be transferred to a third party in the event that the business of this site or a part of it and the customer data connected with it is sold, assigned or transferred.

Sometimes we use selected third parties to provide support services in connection with our websites, mobile applications or in the normal course of business.

These parties may, from time to time, have access to your information to enable them to provide those services to us. We do not allow service providers to use your PII for their own marketing activities.

We may replace your PII with an arbitrary string of characters and disclose this string of characters to our third-party partners to serve you with more relevant ads across the websites and apps you use. 

When we may disclose your PII to others

GSK reserves the right to disclose personal information about you, including your e-mail address, for reporting to government authorities, to parties in relevant legal proceedings as authorized by the presiding court or tribunal and otherwise to the extent required or explicitly authorized by applicable law. In certain special cases where permitted by local law, we may disclose your PII:

  • when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to you or otherwise injuring or interfering with GSK's rights, property or operations, other users of this website or mobile application or anyone else who could be harmed by such activities
  • when we believe the law requires it, or in response to any demand by law enforcement authorities in connection with a criminal investigation, or civil or administrative authorities in connection with a pending civil case or administrative investigation
  • in connection with a substantial corporate transaction, such as the sale of a product line or division, a merger, consolidation, asset sale or in the unlikely event of bankruptcy.

PII collected may be transferred to, stored and processed in your country of residence or any other country in which GSK (including its affiliates), subcontractors or agents maintain facilities, including the United States and countries outside the European Economic Area (EEA). 

This means that your information may be processed in countries with lower data protection standards than your country of residence. By using our websites and mobile applications, you consent to any transfer, processing or storing of information outside of your country of residence and outside the EEA. We will ensure that if information is transferred outside your country of residence, it will still be treated in accordance with this Privacy Statement.

Use of IP addresses

An IP address is a set of numbers that is automatically assigned to your computer whenever you log on to your Internet service provider or through your organisation's local area network (LAN) or wide area network (WAN). Web servers automatically identify your computer by the IP address assigned to it during your session online.

GSK, or third-party companies acting on our behalf, may collect IP addresses for the purposes of systems administration and to audit the use of our websites. We also may use IP addresses to identify users of our websites when we feel it is necessary to enforce compliance with the websites’ terms of use or to protect our service, websites or other users.


Our websites and mobile applications may use technology called "cookies."  A cookie is a small text file that is placed on your hard disk by a server. Cookies and other technologies such as device identifiers allow our websites and mobile applications to respond to you as an individual.  

The website or mobile application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. For instance, our server may set a cookie that keeps you from having to enter a password more than once during a visit to a website.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or receive a warning before a cookie is stored if you prefer.  Please refer to your Internet browser’s instructions or help screen to learn more about these functions and to specify your cookie preferences, and note that your browser controls might not control other types of technologies.   

If you choose to decline cookies, you may not be able to fully experience the interactive features of our websites or any other websites that you visit.  For additional information regarding our use of cookies, please see Third-party advertising, links and content.

Do-Not-Track Signals and Similar Mechanisms

Some web browsers transmit "do-not-track" signals to websites. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.

Information from outside sources

Where permitted by local law, we may also collect legally obtained information from third parties to add to our existing user databases.

Some of this information may be PII. We do this to better target information offerings and promotional campaigns in which we think you or others would be interested. Such PII will only be collected and used by us in accordance with the basis on which it was originally provided by the subject, or as otherwise permitted by local law.


We will retain your information only for the period necessary to fulfil the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law. 

You may contact us in writing to request the updating, correcting or removal of PII that you have provided to us at any time using the contact information provided at the end of this Privacy Statement.  

Your local laws may also give you the right to access information that you have provided to us. In some countries, you may need to pay a reasonable fee to meet our costs in providing you with this information.

Third-party advertising, links, and content

Our websites and mobile applications may from time to time provide links to or embed third party websites or content. Third parties may collect information about your use of our websites and apps through cookies, web beacons, and similar technologies to display advertisements that are tailored to your interests on other websites and services. Some of these third parties may participate in an industry organization that offers users an opportunity to opt out of ad targeting. To learn more, please visit About Our Ads. Due to the differences between using apps and websites on mobile devices, you also should check the settings for your apps and device to opt out.

We are not responsible for the privacy practices of these third parties, and this Privacy Statement does not apply to those websites. You agree that we are not responsible for the availability of such websites and do not review or endorse and shall not be liable, directly or indirectly, for:

  • how these websites treat your PII
  • the content of such websites
  • the use that others make of these websites.

Please ensure you check the legal and privacy statements posted on each website or mobile application you access before entering any PII.

Use of our websites and mobile applications by children

Unless otherwise explicitly stated, websites and mobile applications on which this Privacy Statement appears are not intended or designed to attract children under the age of 13. 

We do not knowingly collect PII from visitors in that age group via these websites or mobile applications. On those websites or mobile applications that are intended for use by children under the age of 13, we only collect PII with the explicit consent of a parent or guardian.


We may occasionally update this Privacy Statement. If the changes we make are material, we also may post a notice regarding the changes on our websites or mobile applications and related licensing agreements. We encourage you to periodically review this Privacy Statement to stay informed about how we are helping to protect the PII we collect.  

Your continued use of our websites and mobile applications constitutes your agreement to the Privacy Statement and any updates. Subsequent changes in this Privacy Statement will not apply to data that were collected before the change is made.

This Privacy Statement was last updated on January 4, 2019.

Contact us

References to “GSK,” “we,” “us” and “our” are references to GlaxoSmithKline PLC and its affiliates. Please address any questions, comments and requests regarding this Privacy Statement to your local GSK affiliate using the contact information below. If you contact us, please note the name of the websites you have visited, as well as how we may contact you.

To contact GSK in the United States, call 1-866-475-3844