Novartis Corporation (Malaysia) Sdn Bhd having its registered office at Level 18, Imazium, No. 8, Jalan SS 21/37, Damansara Uptown, 47400 Petaling Jaya, Selangor, Malaysia is responsible for the processing of your personal information as it decides why and how it is processed, thereby acting as the “data controller”. It may exercise this responsibility alone or jointly with other company(-ies) in the Novartis group, acting as “co-controller(s)”. In this Privacy Notice, “we” or “us” refers to <Novartis Legal Entity> and its group companies.
For the purpose of the scope of this data privacy notice (“Notice”), it applies to the users (will be further referred in this Notice as “you”) of our websites, web applications or mobile applications (collectively referred as ‘”app”) where this Notice has been specifically referred.
We invite you to carefully read this Notice, which sets out in which context we are processing information that relates directly or indirectly to you as an individual (“personal information”) and explains your rights with respect to the processing of your personal information.
Though this Notice is intended for individuals interacting with the app mentioned in this Notice, you may be asked to refer to additional privacy policies available on our corporate website or separate data privacy notices on our country specific websites if you reside in a certain location or where the processing activities are governed by other policies or notices. Wherever required, we will also present you with specific privacy notices for the purposes of activities not covered under this Notice including but not limited to recruitment, employment, third party management, or patient support.
Do take note that if you access any third-party link or website from our app, you may need to refer to the privacy policies of such third parties. Novartis does not endorse and is not responsible for the information or privacy practices of websites or services owned by third parties.
We consider privacy as a very important matter. We are committed to ensuring that any personal information we receive is processed and protected in accordance with applicable data protection laws and Novartis policies and standards.
If you have any questions in relation to the processing of your personal information or this Notice, please contact our data protection officer at <[email protected]>
We may change or update this Notice from time to time by posting a new Notice on this app. Please keep checking this Notice occasionally so that you are aware of any changes.
Should you have any further questions in relation to the processing of your personal information, you are invited to contact our data protection officer at [email protected].
Novartis Corporation (Malaysia) Sdn. Bhd. is processing personal information about you when you are using out app, ICanCare mobile application, a patient-centric mobile application for the purpose for users from their point of cancer diagnosis to survivorship.
The personal information may either be directly provided by you (e.g. when filling a web form or interacting with a website or app), provided by the third parties owning or managing the apps or obtained through trusted publicly available sources, having obtained your consent to provide us with such personal information where necessary under applicable law. We may collect various types of personal information about you, including:
[insert below specific personal information collected in the above context, e.g. general and identification information (such as name, gender, date of birth, email and/or postal address, phone number), your conversation history, social media account information, heartbeat frequency or a “selfie” photograph.]
Please note that we will not knowingly collect, use or disclose personal data from a minor under the age of [13] without obtaining prior consent from a parent or legal guardian.
In some countries, information relating to a company (“legal person”) is also considered as personal information. In such scenarios, if the above-mentioned information collected or provided is specific to a legal entity, we will treat it as personal information in accordance with the applicable data protection law.”
We will not process your personal information if we do not have a proper justification foreseen in the law for that purpose. Therefore, we will only process your personal information if:
[Note: Except for Canada, the following additional criteria applies]
[Note: For China, the legitimate interest criteria does not apply]
Please note that, when processing your personal information on this last basis, we always seek to maintain a balance between our legitimate interests and your privacy. Examples of such ‘legitimate interests’ are data processing activities performed are:
Mostly we process your personal information on a legal basis other than consent. However, if you have consented to the processing of your personal information, you have the right to withdraw that consent at any time. To withdraw your consent or to get more information on our specific interests and your rights, Novartis can be contacted as indicated under section 7 below.
We always process your personal information for a specific purpose and only process the personal information, which is relevant to achieve that purpose. In particular, we process your personal information for any or all of the following purposes:
[insert list of purposes – please be as specific as possible as to why the above information is necessary in this specific context (e.g. “provide you with information about our apps, products, programs, services, your accounts and notices”, “allow you to participate in polls, surveys, promotions, or other interactive features (e.g. chat features)”, “measure and record your heartbeat frequency to create statistics as it is a key factor to determine your risk to develop a cardiac complication”). Other standard purposes which may be included are as follows:
Updated the list of purposes that are used in our application.
Please note that the collected data may also be used by us for a number of other standard purposes (e.g. to measure the usage of our website and app), as mentioned below
We will not sell, share, or otherwise transfer your personal information to third parties other than those indicated in this Notice.
We will share your personal data with the following third parties:
Caspian Digital Solutions Sdn. Bhd.
In the course of our activities and for the same purposes as those listed in this Notice, your personal information can be also accessed by, or transferred to the following categories of recipients on a need-to-know basis to achieve such purposes:
The above parties are contractually obliged to protect the confidentiality and security of your personal information, in compliance with applicable law.
Your personal information can also be accessed by or transferred to any national and/or international regulatory, enforcement, public body or court, where we are required to do so by applicable law or regulation or at their request.
The personal information we collect from you may also be processed, accessed or stored in a country outside the country where Novartis Corporation (Malaysia) Sdn. Bhd. is located, which may not offer the same level of protection of personal information.
If we transfer your personal information to external parties in other jurisdictions, we will make sure to protect your personal information by (i) applying the level of protection required under the local data protection/privacy laws applicable to Novartis Corporation (Malaysia) Sdn. Bhd. and its group companies, (ii) acting in accordance with our policies and standards and, (iii) for Novartis Corporation (Malaysia) Sdn. Bhd. and its group companies located in the European Economic Area (i.e. the EU Member States plus Iceland, Liechtenstein and Norway, the “EEA“), unless otherwise specified, only transferring your personal information on the basis of standard contractual clauses approved by the European Commission or the Swiss Federal Data Protection and Information Commissioner respectively. You may request additional information in relation to international transfers of personal information and obtain a copy of the adequate safeguard put in place by exercising your rights as set out in Section 6 below.
|
If you are located in Australia, the personal information we collect from you may be processed, accessed or stored outside of Australia, including in the EEA. We will take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the Australian Privacy Principles. |
For intra-group transfers of personal information the Novartis Group has adopted Binding Corporate Rules, a system of principles, rules and tools, provided by European law, in an effort to ensure effective levels of data protection relating to transfers of personal information outside the EEA and Switzerland. Read more about the Novartis Binding Corporate Rules by clicking here
https://www.novartis.com/privacy-policy/novartis-binding-corporate-rules-bcr
We may also collect and process information about your visit to this website or app, such as the pages you visit, the website you came from and the searches you perform. We may use such information to help improve the contents of the site or app and to compile aggregate statistics about people using our site for our internal usage statistics and market research purposes. In doing this, we may install “cookies” or similar technologies that collect the domain name of the user, your internet service provider, your operating system, and the date and time of access. Cookies are created and stored on the user’s computer, phone or other devices when the user’s browser loads a particular website. Every time the user goes back to the same website, the browser retrieves and sends this “cookie” file to the website. Cookies are useful because they serve key purposes like helping a website remember your preferences and settings, performing analytics to improve services, serving you relevant content or advertisements and authenticating you on the websites. Cookies do not damage your computer. You can set your browser to notify you when you receive a cookie, this will enable you to decide if you want to accept it or not. You can also refuse cookies altogether. However, if you do not accept our cookies, you may not be able to use all functionalities of our website or app. When you visit our websites, you may be presented with a cookie-setting banner that allows you to manage the settings and accept or deny the cookies. It is legally permitted to store cookies on your machine if they are essential to the operation of the website, but for all other types of cookies we need your permission to do so.
[On Novartis websites, you have the option to consent to the use of cookies by using <Cookie Settings> banner that pops up while visiting the website for the first time or manage these settings anytime later. The cookie settings gives you the option of accepting or denying your consent to every category of cookies (with the exception of the necessary cookies). Please refer to our <Cookie Settings> to learn more about what types of cookies we use (the purpose they serve, their lifespan, and their provenance) and how you can manage your preferences.]
[The following specific types of cookies and/or other tracking technologies are used on [name relevant website or app:
Certain of our Services, including websites, may use the web analysis service “Google Analytics” from Google LLC, of 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) to optimize them. Google uses this information obtained by the cookie to save a profile of which pages you have visited within a session. The information generated by the cookie about the use of the Services is transmitted to Google servers and stored there. In order to increase the security of your personal data, we use the “anonymize IP” function or other features provided by Google to keep you anonymous. For more information on how IP anonymization works, click https://support.google.com/analytics/answer/2763052
Apart from cookies we may also use other tracking technologies (also known as action tags, Flash local objects, single-pixel GIFs, clear GIFs, invisible GIFs and 1-by-1 GIFs) provided by third party advertisement companies to provide relevant advertisements (interactive or non-interactive) to you based on your interests or browsing history. Typically, we use the services of social media companies and other third-party advertisement companies to collect information like your browser details, unique client ID etc. so that we may serve you ads on our websites and on other websites you may use.
[Please refer to our <Cookie Settings> to learn more about such technologies used or find below the list:].
The legal basis for the processing of your Personal Information when we do website analytics is your consent or our legitimate business interests.
We have implemented appropriate technical and organisational measures to provide an adequate level of security and confidentiality to your personal information.
The purpose thereof is to protect it against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and against other unlawful forms of processing.
We will only retain your personal information for as long as necessary to fulfil the purpose for which it was collected or to comply with legal or regulatory requirements.
We will only store the above personal data and the personal information for a period of lifetime the users use the application in their phone [days/months/years OR duration of the use of the specific app], unless overriding legal or regulatory schedules require a longer or shorter retention period. When this period expires, your personal information is removed from our active systems.
Personal information collected and processed in the context of a dispute are deleted or archived (i) as soon as an amicable settlement has been reached, (ii) once a decision in last resort has been rendered or (iii) when the claim becomes time barred.
You may exercise the following rights under the conditions and within the limits set forth in the law:
If you have a question or want to exercise the above rights, you may send an email to our data protection officer at [email protected] or a letter to Novartis at their local address with a scan of your identity card for identification purpose, it being understood that we shall only use such data to verify your identity and shall not retain the scan after completion of the verification. When sending us such a scan, you should make sure to redact your picture and national registry number or equivalent on the scan.
If you are not satisfied with how we process your personal information, you may address your request to our data protection officer at [email protected], who will investigate your concern.
In any case, you also have the right to file a complaint with the competent data protection authorities, in addition to your rights above.
We may change or update this Notice from time to time by posting a new privacy notice. Please keep checking this Notice occasionally so that you are aware of any changes.