Privacy Notice for people using Novartis website dontforget.ie
This Privacy Notice is addressed to our users.
You are receiving this Privacy Notice because Novartis Ireland Ltd (“Novartis”) is processing information about you which constitutes “personal data” and Novartis considers the protection of your personal data and privacy a very important matter.
Novartis is responsible for the processing of your personal data as it decides why and how it is processed, thereby acting as the “controller”. In this Privacy Notice, “we” or “us” refers to Novartis.
This Privacy Notice is divided into two parts. Part I contains key information about what personal data we process, why and how. Part II contains more general information about the context in which we are processing your personal data as well as your rights in that respect.
We invite you to carefully read this Privacy Notice, as it contains important information for you.
Novartis is processing personal data about you in the following context:
Dontforget.ie is a reminder text service. Once registered for the service you will receive a text message to remind you to take your medication at the same time every day.
You can unsubscribe to the service at any time. To unsubscribe from this service you need to log into dontforget.ie and click on change details/unsubscribe. You will be asked to provide your name and mobile phone number and then you will be sent a validation code via text message, which you must input into the website to confirm your wish to unsubscribe.
Specific personal data to be collected
For this purpose, we will collect some general personal data about you such as your name and contact details (see Part II for a complete list of categories of data collected), but will also require the following specific personal data about you and/or your condition:
Your name, date of birth, phone number, prescribed medication (optional) and the frequency with which you take it, how often you wish to be reminded to take your medication (e.g. daily, weekly, monthly) and what time of day you wish to be reminded.
Specific purposes for which we require your personal data
The collected information will be used by us for the following specific purposes:
To provide the service and text you reminders to take your medication at allocated times.
Please note that the collected data may also be used by us for a number of other standard purposes (e.g. for further research and product development), as set out in Part II below.
Specific third parties with whom we share your personal data
We will share your personal data with the following third parties:
MedMedia Limited, which manages the service and the website and processes your personal data on our behalf.
Please note that we may also have to share your data with a number of other recipients (e.g. another entity of the Novartis Group if the entity collecting the data is not the same as the one using it) but always under strict conditions, as further explained in Part II.
Duration of storage
We will store the above personal data for as long as you are subscribed to use the service. Once you unsubscribe from the service, this personal data will be deleted, unless any legal or regulatory obligations require it to be retained for a longer period.
Dedicated point of contact
Should you have any question in relation to the processing of your personal data in the above context, please contact firstname.lastname@example.org
The second part of this Privacy Notice sets out in more detail in which context we are processing your personal data and explains your rights and our obligations as a patient when doing so.
In addition to the information specifically identified in Part I of this Privacy Notice, we may also collect your general and identification information (e.g. email and/or postal address), but only if this is necessary to provide the service or necessary for the purposes described below.
Please note that we will not knowingly collect, use or disclose personal data from a minor under the age of 16 without obtaining prior consent from a parent or legal guardian.
We will not process your personal data if we do not have a proper justification foreseen in the law for that purpose. Therefore, we will only process your personal data if we have obtained your prior consent, or the processing is necessary to comply with our legal or regulatory obligations.
We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. In addition to the specific purposes identified on the first two pages, we may also process your personal data for the following general purposes:
We will not sell, share, or otherwise transfer your personal data to third parties other than those indicated in this Privacy Notice.
In the course of our activities and for the same purposes as those listed in this Privacy Notice, your personal data can be accessed by, or transferred to the specific third parties identified in Part I of this Privacy Notice and to the following categories of recipients, on a need to know basis to achieve such purposes:
The above third parties are contractually obliged to protect the confidentiality and security of your personal data, in compliance with applicable law.
Your personal data can also be accessed by or transferred to any national and/or international regulatory, enforcement, public body or court where we are required to do so by applicable law or regulation or at their request.
The personal data we collect from you may also be processed, accessed or stored in a country outside the country where Novartis is located, which may not offer the same level of protection of personal data.
If we transfer your personal data to external companies in other jurisdictions, we will make sure to protect your personal data by (i) applying the level of protection required under the local data protection/privacy laws applicable to Novartis, (ii) acting in accordance with our policies and standards and, (iii) for Novartis Ireland Ltd located in the European Economic Area (i.e. the EU Member States plus Iceland, Liechtenstein and Norway, the “EEA”), unless otherwise specified, only transferring your personal data on the basis of standard contractual clauses approved by the European Commission. You may request additional information in relation to international transfers of personal data and obtain a copy of the adequate safeguard put in place by exercising your rights as set out in Section 6 below.
For intra-group transfers of personal data, the Novartis Group has adopted Binding Corporate Rules, a system of principles, rules and tools, provided by European law, in an effort to ensure effective levels of data protection relating to transfers of personal data outside the EEA and Switzerland. Read more about the Novartis Binding Corporate Rules at https://www.novartis.com/our-company/corporate-responsibility/doing-business-responsibly/ethics-compliance/data-privacy
We have implemented appropriate technical and organisational measures to provide a level of security and confidentiality to your personal data.
These measures take into account:
The purpose thereof is to protect it against accidental or unlawful destruction or alteration, accidental loss, unauthorised disclosure or access and against other unlawful forms of processing.
Moreover, when handling your personal data, we:
We will only retain your personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal or regulatory requirements.
The retention period is set out at the beginning of this Privacy Notice. When this period expires, your personal data is removed from our active systems.
You may exercise the following rights under the conditions and within the limits set forth in the law:
If you have a question or want to exercise the above rights, you may send an email to email@example.com or a letter to Data Privacy, Vista Building, Elm Park Business Campus, Merrion Road, Dublin 4. If you wish to exercise your rights, please provide a copy of an identity document, it being understood that we shall only use such data to verify your identity and shall not retain the scan after completion of the verification. When sending us a copy of your identity document, please make sure to redact any photographs
Any future changes or additions to the processing of your personal data as described in this Privacy Notice will be notified to you in advance through an individual notice through our usual communication channels (e.g. by text message or via this website).