The stories on this website are fictional and no Galderma products have been given.
These stories do not represent the views of real patients.
Galderma (UK) Ltd Privacy Notice
Effective: 25th May 2018
SCOPE OF THIS NOTICE
Please read this privacy notice (“Notice”) carefully to understand our policies and practices regarding your Personal Data and how we will treat it. This Notice applies to individuals who interact with Galderma services as set out below (“you”). This Notice explains how your Personal Data are collected, used, and disclosed by Galderma (UK) Ltd (“Galderma”, “We”, “Us”). It also tells you how you can access and update your Personal Data and make certain choices about how your Personal Data are used.
This Notice covers both our online and offline data collection activities, including Personal Data that We collect through our various channels such as websites, third party social networks and through our vigilance activities. We have a legal obligation to monitor the safety of all products we market or have in development – we refer to these as our vigilance obligations or activities.
If you do not provide necessary Personal Data to us (We will indicate to you when this is the case, for example, by making this information clear in our registration forms), We may not be able to provide you with our goods and/or services. This Notice can change from time to time (see Section 11).
This Notice provides important information in the following areas:
- SOURCES OF PERSONAL DATA
- PERSONAL DATA THAT WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
- PERSONAL DATA OF CHILDREN
- COOKIES/SIMILAR TECHNOLOGIES, LOG FILES AND WEB BEACONS
- USES MADE OF YOUR PERSONAL DATA
- DISCLOSURE OF YOUR PERSONAL DATA
- RETENTION OF PERSONAL DATA
- STORAGE AND/OR TRANSFER OF YOUR PERSONAL DATA
- ACCESS TO YOUR PERSONAL DATA
- YOUR CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR PERSONAL DATA
- CHANGES TO OUR NOTICE
- DATA CONTROLLERS & CONTACT
1. SOURCES OF PERSONAL DATA
This Notice applies to Personal Data that We collect from or about you, through the methods described below (see Section 2), from the following sources:
Galderma websites. Websites operated by or for Galderma, including sites that We operate under our own domains/URLs and mini-sites that We run on third party social networks such as Facebook and Youtube (“Websites”).
E-mail, text and other electronic messages. Interactions with electronic communications between you and Galderma.
Data We create. In the course of our interactions with you, we may create Personal Data about you (e.g. records of your interactions with our websites).
Data from other sources. Third party social networks (e.g. such as Facebook, Google), market research (if feedback not provided on an anonymous basis), public sources and data received when we acquire other companies.
Adverse event reporting. We collect Personal Data about you when you, or a third party (a “reporter”), provide us with information about you in relation to your use of our products or an adverse event that affected you. We also collect Personal Data relating to the reporter. “Adverse event” means an unwanted, unintended or harmful event in relation to the use of a Galderma product.
2. PERSONAL DATA THAT WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
Depending on how you interact with Galderma (online, offline, over the phone, etc.), We collect various types of information from you, as described below.
|Type of Personal Data||Other Activities (inc. via our websites)||Vigilance Activities|
|Personal contact information. This includes any information you provide to Us that would allow Us to contact you, such as your name, postal address, e-mail address, phone number or fax number||✔||
(If you are the reporter of an adverse event)
|Other reporter personal data. This includes your relationship with the subject of the report.||✘||✔|
|Professional information. This includes any information you provide to us relating to your profession and/or qualifications.||✔||✔
(If you are the reporter of an adverse event)
|Information from computer/mobile device. Any information about the computer system or other technological device that you use to access one of our Websites, such as the Internet protocol (IP) address used to connect your computer or device to the Internet, operating system type, and web browser type and version. If you access a Galderma website via a mobile device such as a smartphone, the collected information will also include, where permitted, your phone’s unique device ID, advertising ID, geo-location, and other similar mobile device data.||✔||✘|
|Websites/communication usage information. As you navigate through and interact with our Websites or newsletters, We use automatic data collection technologies to collect certain information about your actions. This includes information such as which links you click on, which pages or content you view and for how long, and other similar information and statistics about your interactions, such as content response times, download errors and length of visits to certain pages. This information is captured using automated technologies such as cookies and web beacons, and is also collected through the use of third party tracking for analytics and advertising purposes. You have the right to object to the use of such technologies, for further details please see Section 4.||✔||✘|
|Consumer-generated content. Any content that you create and then share with Us on third party social networks or by uploading it to one of our Websites, including the use of third party social network apps such as Twitter. Examples include photos, videos, personal stories, or other similar media or content. Where permitted, We collect and publish consumer-generated content in connection with a variety of activities, including contests and other promotions, website community features, consumer engagement, and third party social networking.||✔||✔|
|Third party social network information. Any information that you share publicly on a third party social network or information that is part of your profile on a third party social network (such as Twitter) and that you allow the third party social network to share with Us. Examples include your basic account information (e.g. name, email address, gender, birthday, current city, profile picture, user ID, list of friends, etc.) and any other additional information or activities that you permit the third party social network to share. We receive your third party social network profile information (or parts of it) every time you download or interact with a Galderma (UK) Ltd web application on a third party social network such as Twitter, every time you use a social networking feature that is integrated within a Galderma (UK) Ltd site (such as Facebook Connect) or every time you interact with Us through a third party social network. To learn more about how your information from a third party social network is obtained by Galderma (UK) Ltd, or to opt-out of sharing such social network information, please visit the website of the relevant third party social network.||✔||✔
(If you are the reporter of an adverse event)
Records relating to the subject of an adverse event. Any information
that is shared with us either by you or a third party relating to an adverse
event that affected you. This may include your name or initials, age and
date of birth, gender, weight and height, photographs, details of the product
causing the reaction (including the dosage you have been taking or were prescribed,
the reason you have been using the product and any subsequent change to your
regimen), details of other medicines or remedies you are taking or were taking
at the time of the reaction, including the dosage you have been taking or
were prescribed, the period of time you were taking that medicine, the reason
you have been taking that medicine and any subsequent change to your regimen,
details of the adverse reaction you suffered, the treatment you received
for that reaction, and any long-term effects the reaction has caused to your
health and other medical history considered relevant by the reporter, including
documents such as lab reports, medication histories and patient histories.
Some of this information is considered by law to be “sensitive personal data” about you. This includes for instance any of the following categories of personal data:
3. PERSONAL DATA OF CHILDREN USING INFORMATION SOCIETY SERVICES (INCLUDING OUR WEBSITE)
We may process personal data relating to children below and over the age of 13 if they have been affected by an adverse event and this is reported to Us.
For the rest of our activities (including via our websites), We do not knowingly solicit or collect personal data from children below the age of 13. If we discover that we have unintentionally collected personal data from a child below 13, we will remove that child’s personal data from our records promptly. However, Galderma may collect personal data about children below the age of 13 years of age from the parent or guardian directly, and with that person’s explicit consent.
4.COOKIES/SIMILAR TECHNOLOGIES, LOG FILES AND WEB BEACONS
Cookies/Similar Technologies. Please see our Cookie Notice https://www.myskinjourney.co.uk/cookie-policy.html to learn how you can manage your cookie settings and for detailed information on the cookies We use and the purposes for which We use them.
Log Files. We collect information in the form of log files that record website activity and gather statistics about your browsing habits. These entries are generated automatically, and help Us to troubleshoot errors, improve performance and maintain the security of our Websites.
Web Beacons. Web beacons (also known as “web bugs”) are small strings of code that deliver a graphic image on a web page or in an email for the purpose of transferring data back to Us. The information collected via web beacons will include information such as IP address, as well as information about how you respond to an email campaign (e.g. at what time the email was opened, which links you click on in the email, etc.). We will use web beacons on our Websites or include them in e-mails that We send to you. We use web beacon information for a variety of purposes, including but not limited to, site traffic reporting, unique visitor counts, advertising, email auditing and reporting, and personalisation.
5.USES MADE OF YOUR PERSONAL DATA
The following paragraphs describe the various purposes for which We collect and use your Personal Data, and the different types of Personal Data that are collected for each purpose. Please note that not all of the uses below will be relevant to every individual.
|What We use your Personal Data for||Our reasons||Our legitimate interests|
|Patient/Consumer service. We use your Personal Data for consumer service purposes, including responding to your enquiries. This typically requires the use of certain personal contact information and information regarding the reason for your inquiry (e.g. responding to any questions or concerns you may have concerning your use of our products, order status, technical issue, product question/complaint, general question, etc.).||
|Third party social networks: We use your Personal Data when you interact with third party social networking features, such as “Like” functions, to serve you with advertisements and engage with you on third party social networks. You can learn more about how these features work, the profile data that We obtain about you, and find out how to opt out by reviewing the privacy notices of the relevant third party social networks.||
|Vigilance activities. Vigilance laws require us to take “detailed records” of every adverse event passed to us, which allow the event to be evaluated and collated with other adverse events recorded about that product. These requirements exist to allow us and competent vigilance authorities to diagnose, manage and prevent such adverse events from occurring in the future. We process your Personal Data for such purposes, including investigation of the adverse event, collating information about the adverse event with information about other adverse events received by Galderma to analyse the safety of a batch, Galderma product or active ingredient as a whole and to provide mandatory reports to national authorities or other public authorities so that they can analyse the safety of a batch, Galderma product, generic or active ingredient as a whole alongside reports from other sources. We may also contact you for further information about the adverse event you have reported and/ or to respond to any questions you may have concerning your use of our products.||
|Legal reasons or merger/acquisition. In the event that Galderma or its assets are acquired by, or merged with, another company including through bankruptcy, we will share your Personal Data with any of our legal successors. We will also disclose your Personal Data to third parties (i) when required by applicable law; (ii) in response to legal proceedings; (iii) in response to a request from a competent law enforcement agency; (iv) to protect our rights, privacy, safety or property, or the public; or (v) to enforce the terms of any agreement or the terms of our Website.||
6. DISCLOSURE OF YOUR PERSONAL DATA
In addition to the Galderma entity mentioned in the data controllers & contact section (see Section 12), We share your Personal Data with the following types of third party organisations:
Service providers. These are external companies that We use to help Us run our business (e.g. website operation, outsourced vigilance providers, support services, website development, data analysis, CRC, etc.). Service providers, and their selected staff, are only allowed to access and use your Personal Data on our behalf for the specific tasks that they have been requested to carry out, based on our instructions, and are required to keep your Personal Data confidential and secure. Where required by applicable law, you can obtain a list of the providers processing your Personal Data (see Section 12 to contact Us).
Third party recipients using Personal Data for legal reasons or due to merger/acquisition. We will disclose your Personal Data to third parties for legal reasons or in the context of an acquisition or a merger (see Section 5 for details).
Authorities relating to vigilance. We share information with national and European authorities in accordance with pharmacovigilance laws or industry codes (e.g. European Medicines Agency, Medical and Healthcare products Regulatory Agency).
7.RETENTION OF YOUR PERSONAL DATA
Galderma takes every reasonable step to ensure that your Personal Data are only processed for the minimum period necessary for the purposes set out in this Privacy Notice. The criteria for determining the retention period for your Personal Data are:
- Galderma will retain copies of your Personal Data in a form that allows for identification only for as long as: (i) We maintain an ongoing relationship with you; or (ii) your Personal Data are necessary in connection with the purposes set out in this Privacy Notice and we have a valid legal basis,
- the duration of: (i) any applicable limitation period (i.e. any period during which a person could bring a legal claim against us), and (ii) an additional 2 months following the end of the applicable limitation period (so we are able to identify any personal data of a person who may bring a claim at the end of the applicable period),
- in addition, if any relevant legal claims are brought, we may continue to process your Personal Data for such additional time necessary in connection with that claim, and
- in relation to our vigilance activities, we will retain vigilance reports as follows:
- for medicines: for a minimum period of 10 years following the withdrawal of the marketing authorization,
- for cosmetics: for a period of 10 years after the marketing of the last batch
- for medical devices: for a period of 5 years after the end of the marketing of the device
During the periods noted in paragraphs b(i) and b(ii) above, we will restrict our processing of your Personal Data to storage or, and maintaining the security of, those data, except to the extent the data need to be reviewed in connection with any claim, or any obligation under applicable law.
Once the periods in paragraphs (a), (b) (c) and (d) above, each to the extent applicable, have concluded, we will either (i) permanently delete or destroy the relevant Personal Data or (ii) anonymise the relevant Personal Data.
8. DISCLOSURE, STORAGE AND/OR TRANSFER OF YOUR PERSONAL DATA
We use appropriate measures (described below) to keep your Personal Data confidential and secure. Please note, however, that these protections do not apply to information you choose to share in public areas such as third party social networks.
People who can access your Personal Data. Your Personal Data will be processed by our authorised staff or agents, on a need to know basis, depending on the specific purposes for which your Personal Data have been collected (e.g. our staff in charge of vigilance matters will have access to your submitted information regarding an adverse event).
Measures taken in operating environments. We store your Personal Data in operating environments that use reasonable security measures to prevent unauthorised access. We follow reasonable standards to protect Personal Data. The transmission of information via the Internet is, unfortunately, not completely secure and although We will do our best to protect your Personal Data, We cannot guarantee the security of the data during transmission through our Websites.
Measures taken in respect of Personal Data regarding an adverse event. To protect your privacy, we put in place measures to reduce the ability of the data to be linked back to you, including by replacing identifying information such as your name with your initials.
Transfer of your Personal Data. The storage as well as the processing of your Personal Data as described above may require that your Personal Data are ultimately transferred/ transmitted to, and/or stored at, a destination outside of your country of residence, notably Switzerland, France and Sweden. We will also transfer your Personal Data to countries outside the European Economic Area (“EEA”) (e.g. other Nestlé Skin Health / Galderma entities) including to countries which have different data protection standards to those which apply in the EEA. We (i) have put in place European Commission approved standard contractual clauses to protect your Personal Data (and you have a right to ask Us for a copy of these clauses (by contacting Us as set out below) and/or (ii) will rely on your consent (where permitted by law).
9. YOUR RIGHTS
Access to Personal Data. You have the right to access, review and request a physical or electronic copy of information held about you. You also have the right to request information on the source of your Personal Data.
These rights can be exercised by sending Us an e-mail dataprotection.UK@galderma.com or writing to us at Galderma (UK) Ltd, Meridien House, 69-71 Clarendon Road, Watford, Herts, WD17 1DS, attaching a copy of your ID or equivalent details (where requested by Us and permitted by law). If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected. Please note that any identification information provided to Us will only be processed in accordance with, and to the extent permitted by applicable laws.
Additional rights (e.g. modification, deletion of Personal Data). Where provided by law, you can (i) request deletion, the portability, correction or revision of your Personal Data; (ii) limit the use and disclosure of your Personal Data; and (iii) revoke consent to any of our data processing activities.
Subject to applicable law, you may also have the following additional rights regarding the use of your Personal Data:
- the right to object, on grounds relating to your particular situation, to the use of your Personal Data by us, or on our behalf; and
- the right to object to the Processing of your Personal Data by us, or on our behalf, for direct marketing purposes.
Please note that, in certain circumstances, We will not be able to delete your Personal Data without also deleting your user account. We may be required to retain some of your Personal Data after you have requested deletion, to satisfy our legal or contractual obligations. We may also be permitted by applicable laws to retain some of your Personal Data to satisfy our business needs.
Where available, our Websites have a dedicated feature through which you can review and edit the Personal Data that you have provided.
We hope that We can satisfy queries you may have about the way we process your Personal Data. However, if you have unresolved concerns you also have the right to complain to competent data protection authorities.
10.YOUR CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR PERSONAL DATA
We strive to provide you with choices regarding the Personal Data that you provide to Us. The following mechanisms give you the following control over your Personal Data:
Cookies/Similar Technologies. You manage your consent via (i) our consent management solution or (ii) your browser so as to refuse all or some cookies/similar technologies, or to alert you when they are being used. Please see Section 4 above.
11.CHANGES TO THIS NOTICE
If We change the way We handle your Personal Data, We will update this Notice. We reserve the right to make changes to our practices and this Notice at any time, please check back frequently to see any updates or changes to our Notice.
12.DATA CONTROLLERS & CONTACT
To ask questions or make comments on this Notice and our privacy practices or to make a complaint about our compliance with applicable privacy laws, please contact Us at: dataprotection.UK@galderma.com or writing to us at Galderma (UK) Ltd, Meridien House, 69-71 Clarendon Road, Watford, Herts, WD17 1DS, or call Us on 01923 208950.
We will acknowledge and investigate any complaint about the way We manage Personal Data (including a complaint that We have breached your rights under applicable privacy laws).
|Data controllers||Responsible for|
Galderma (UK) Ltd
The stories on this website are fictional and no Galderma products have been given.