Galderma Privacy Notice 

 

SCOPE OF THIS NOTICE 

Please read this Privacy Notice (“Notice”) carefully to understand our policies and practices regarding your Personal Data and how we will treat it, in the context of the use of the GAIN Connect platform (“platform”). This Notice applies to individuals who interact with Galderma services as set out below (“you”). This Notice explains how your Personal Data are collected, used, and disclosed by Galderma SA and its affiliated entities (“Galderma”, “We”, Us”). It also tells you how you can access and update your Personal Data and make certain choices about how your Personal Data are used.  

If you are a California resident, see “For California Residents” under Section 9 (Your Rights) for information provided pursuant to the California Consumer Privacy Act. 

If you do not wish to provide necessary Personal Data to us, We will not be able to provide you with certain of our services. This Notice can change from time to time (see Section 11). 

This Notice provides important information in the following areas: 

  1. SOURCES OF PERSONAL DATA 
  2. PERSONAL DATA THAT WE COLLECT ABOUT YOU AND HOW WE COLLECT IT 
  3. PERSONAL DATA OF CHILDREN 
  4. COOKIES/SIMILAR TECHNOLOGIES, LOG FILES AND WEB BEACONS 
  5. USES MADE OF YOUR PERSONAL DATA 
  6. DISCLOSURE OF YOUR PERSONAL DATA 
  7. RETENTION OF PERSONAL DATA 
  8. STORAGE AND/OR TRANSFER OF YOUR PERSONAL DATA 
  9. ACCESS TO YOUR PERSONAL DATA 
  10. YOUR CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR PERSONAL DATA 
  11. CHANGES TO OUR NOTICE 
  12. DATA CONTROLLERS & CONTACT 

1. SOURCES OF PERSONAL DATA

This Notice applies to Personal Data that We collect from or about you, through the methods described below (see Section 2), from the following sources: 

  • You. We collect information from or about you when you use our services, including when you share information with us 

Galderma Online Registration form. To be able to use the services provided by this platform, you need to complete a registration form to provide us with specific personal information to create an account and have access to our services. 

IQVIA OneKey Web Authentication. The GAIN Portal uses IQVIA’s OneKey authentication service to ensure that everyone who accesses the site is an authorised healthcare professional in their relevant jurisdiction. Use of IQVIA’s OneKey Web Authentication service (www.owa-secure.com) is subject to the OneKey Web Authentication Terms of Use available here: https://www.owa-secure.com/sso/login?_flowId=cgu-webflow   provided by IQVIA (www.iqvia.com). We have no possibility to read your username or password. For the “OneKey” service that we are using, only a random string of characters is passed, which serves to record repeat visits to our website. The character string does not allow any conclusions to be drawn about you as a user. No personal data will be passed on to us.

E-mail, text and other electronic messages. Interactions with electronic communications between you and Galderma.

Data We create. In the course of our interactions with you, we may create Personal Data about you (e.g. records of your interactions with our Gain Connect Platform). 

Data from other sources. Social networks (e.g. such as Facebook, Google), advertising and marketing vendors, market research vendors (if feedback not provided on an anonymous basis) and other vendors that provide services on our behalf, your friends or family, public sources and data received when we acquire other companies. 

2.  PERSONAL DATA THAT WE COLLECT ABOUT YOU AND HOW WE COLLECT IT

We collect various types of information from you, as described below, in the context of the provision of our services.

  • Personal contact information. This includes any information you provide to us that would allow us to contact you, such as your name, e-mail address, phone number or fax number. 
  • Professional information. This includes any information you provide to us relating to your profession and/or qualifications (IQVIA OneKey validation, information about your current and past interactions with Galderma and about your participation in events, conferences and scientific studies, and other personal information that you may provide about yourself and your professional activities.  
  • Information from computer/mobile device. Any information about the computer system or other technological device that you use to access  our platform, such as the Internet protocol (IP) address used to connect your computer or device to the Internet, operating system type, and web browser type and version. If you access via a mobile device such as a smartphone, the collected information will also include, where permitted, your phone’s unique device ID, advertising ID, geo-location, and other similar mobile device data.
  • Payment information: Specifically for the operation and functionalities of our online store, we will process the information related to your preferred method of payment. 
  • Communication usage information. As you navigate through and interact with our platform, we use automatic data collection technologies to collect certain information about your actions. This includes information such as which links you click on, which pages or content you view and for how long, and other similar information and statistics about your interactions, such as content response times, download errors and length of visits to certain pages. This information is captured using automated technologies such as cookies and web beacons and is also collected through the use of third party tracking for analytics and advertising purposes. You have the right to object to the use of such technologies, for further information please see Section 4.

Personal Data processed by IQVIA OneKey Web Authentication Service:

  • Identification information and contact details such as name, title, date of birth, email address and phone number;
  • Professional data, such as your profession, professional registration number, your organization/institution you are belonging to and your business address;
  • User credentials, such as your username and password;

3. PERSONAL DATA OF CHILDREN USING INFORMATION SOCIETY SERVICES (INCLUDING OUR WEBSITE)

Our Platform is not directed to children. We do not knowingly solicit or collect Personal Data from children below the age of 13. If we discover that we have unintentionally collected Personal Data from a child below 13, we will remove that child’s Personal Data from our records promptly, where permissible by Law. However, Galderma may collect Personal Data about children below the age of 13 years of age from the parent or guardian directly, and with that person’s explicit consent as required by law. 

 4. COOKIES/SIMILAR TECHNOLOGIES, LOG FILES AND WEB BEACONS

Cookies/Similar Technologies. Please see our Cookie Notice to learn how you can manage your cookie settings and for detailed information on the cookies We use and the purposes for which We use them.

Log Files. We collect information in the form of log files that record your activity in our platform and gather statistics about your browsing habits. These entries are generated automatically, and help Us to troubleshoot errors, improve performance and maintain the security of our platform. 

Web Beacons.  Web beacons (also known as “web bugs”) are small strings of code that deliver a graphic image on a web page or in an email for the purpose of transferring data back to Us. The information collected via web beacons will include information such as IP address, as well as information about how you respond to an email campaign (e.g., at what time the email was opened, which links you click on in the email, etc.). We will use web beacons on our platform or include them in e-mails that We send to you. We use web beacon information for a variety of purposes, including but not limited to, site traffic reporting, unique visitor counts, advertising, email auditing and reporting, and personalization. 

5.  USES MADE OF YOUR PERSONAL DATA 

The following paragraphs describe the various purposes for which We collect and use your Personal Data, and the different types of Personal Data that are collected for each purpose. Please note that not all of the uses below will be relevant to every individual. 

What We Use Your Personal Data For  Our Reasons  Our Legitimate Interests 
Consumer service and e-commerce functionalities. We use your Personal Data for consumer service purposes, including responding to your enquiries, processing your orders and arranging for delivery. We collect information about how Our platform is able to provide you with certain content and improve it based on the feedback we receive.  Responding to your inquiries typically requires the use of certain personal contact information and information regarding the reason for your inquiry (e.g. responding to any questions or concerns you may have concerning your use of our products, order status, technical issue, product question/complaint, general question, etc.).
  • Fulfilling contractual obligations 

  • Legal obligations 

  • Our legitimate interests 

  • Operating our online store

  • Improving and developing new products and services

  • Being more efficient

Establishing and maintaining our relationship with Healthcare Professionals. We use your Personal Data to verify whether there is a potential business opportunity, reach out to you and inform you about our products and services, provide you with consultation and e-learning materials, offer a single online destination where you can place and track your product orders and generally maintain our commercial relationship with you. We also use your Personal Data to comply with our transparency related obligations regarding any Transfer of Values (ToVs) made to Healthcare Professionals (where applicable). 
  • Legitimate interest 

  • Your consent (where required) 

  • Legal obligation (e.g., data collected in safety reports) 

  • Maintaining a relationship with you 

  • Assessing your interests and expertise 

  •  Considering future collaboration with you and reaching out to you in relation to such opportunities 

  • Managing the provision of good and services to you 

  • Disclosing publicly any transfers of value made to Health Care Professional, as required by law or in order to comply with applicable industry standards 

For platform usage analytics. We may also collect and process information about your visit to our platform, such as the pages you visit, the platform you came from and the searches you perform. We may use such information to help improve the contents of the site and to compile aggregate statistics about people using our site for our internal usage statistics and market research purposes. In doing this, we may install "cookies" that collect the domain name of the user, your internet service provider, your operating system, and the date and time of access.
 
  • With your consent (where required) 

  • Our legitimate interests 

  • Improve the efficacy of our platform 

For account registration purposes: In order to use some of the services offered through the online portal, you need to register for an account. We will use your Personal Data from various categories outlined above (e.g. identification information, contact and professional data) as applicable, to personalize your browsing experience and offer you our products, services, healthcare insights and training materials. 

  • With your consent (where required)

  • Our legitimate interests 

  •  Creation and management of user accounts in the web portal

For sharing our newsletters and promotional materials:
In the context of promoting the latest developments in our products, services and company news – as well as the different ways our users can make the best out of GAIN Connect, we conduct direct marketing by sending newsletters to users who have signed up for them and to our consumers with whom we have an ongoing contractual relationship.

  • With your consent 

  • Our legitimate interests 

  • Promoting our services and products

  • Maintaining a relationship with you

 

In case we want to use your Personal Data for purposes unrelated to those described in this Notice, we will first notify you and, where required, offer you a choice as to whether or not we may use your Personal Data in this manner. 

 

6. DISCLOSURE OF YOUR PERSONAL DATA

In addition to the Galderma entity mentioned in the data controllers & contact section (see Section 12), We share your Personal Data with the following types of organizations:

Other Galderma subsidiaries and affiliates worldwide. Galderma and its subsidiary companies may share your personal data amongst and between each other for the purposes set forth in this Privacy Notice.

Service providers. These are external companies that We use to help Us run our business (e.g. platform operation, support services, platform development, data analysis, CRC, etc.). Service providers, and their selected staff, are only allowed to access and use your Personal Data on our behalf for the specific tasks that they have been requested to carry out, based on our instructions, and are required to keep your Personal Data confidential and secure. Where required by applicable law, you can obtain a list of the providers processing your Personal Data (see Section 12 to contact Us).

Other recipients using Personal Data for legal reasons or due to merger/acquisition. We will disclose your Personal Data to other parties for legal reasons or in the context of an acquisition or a merger and will require such third parties to use and protect your personal data consistent with this Privacy Notice. We may also share your personal data with third parties that were formerly wholly or partly included in the Galderma family of companies to whom we provide services during a transition period following separation. (see Section 5 for details).

 We may also share Personal Data with our business partners for our promotional and marketing purposes. Galderma may share Personal Data with others to co-sponsor or promote our services, including through social media platforms and advertising networks.

7. RETENTION OF YOUR PERSONAL DATA 

Galderma takes every reasonable step to ensure that your Personal Data are only processed for the minimum period necessary for the purposes set out in this Privacy Notice. The criteria for determining the retention period for your Personal Data are:


(a) Galderma will retain copies of your Personal Data in a form that allows for identification only for as long as: (i) We maintain an ongoing relationship with you; or  (ii) your Personal Data are necessary in connection with the purposes set out in this Privacy Notice and we have a valid legal basis, 

(b) if you are a healthcare professional, your Personal Data will be retained for 2 years after your last interaction with us, unless applicable laws or sectoral regulations impose longer retention periods, 

(c) in the remaining cases, your Personal Data is kept for the duration of: (i) any applicable limitation period (i.e. any period during which a person could bring a legal claim against us), and (ii) an additional 2 months following the end of the applicable limitation period (so we are able to identify any personal data of a person who may bring a claim at the end of the applicable period), and 

(d) in addition, if any relevant legal claims are brought, we may continue to process your Personal Data for such additional time necessary in connection with that claim.

During the periods noted in paragraphs c (i) and c (ii) above, we will restrict our processing of your Personal Data to storage or, and maintaining the security of, those data, except to the extent the data need to be reviewed in connection with any claim, or any obligation under applicable law. 

Once the periods in paragraphs (a), (b), (c) and (d) above, each to the extent applicable, have concluded, we will either (i) permanently delete or destroy the relevant Personal Data or (ii) anonymise the relevant Personal Data. 

8. DISCLOSURE, STORAGE AND/OR TRANSFER OF YOUR PERSONAL DATA

We use appropriate measures (described below) to keep your Personal Data confidential and secure. Please note, however, that these protections do not apply to information you choose to share in public areas such as third party social networks.

People who can access your Personal DataYour Personal Data will be processed by our authorised staff or agents, on a need to know basis, depending on the specific purposes for which your Personal Data have been collected. 

Measures taken in operating environments. We store your Personal Data in operating environments that use reasonable security measures to prevent unauthorised access. We follow reasonable standards to protect Personal Data. The transmission of information via the Internet is, unfortunately, not completely secure and although We will aim to do our best to protect your Personal Data,  

Transfer of your Personal Data. The storage as well as the processing of your Personal Data as described above may require that your Personal Data are ultimately transferred/transmitted to, and/or stored at, a destination outside of your country of residence, notably Switzerland, UK and the USA. When we share your Personal Data with an entity located outside of the European Economic Area (“EEA”) (e.g. other Galderma / Galderma entities), including to countries which have different data protection standards to those which apply in the EEA, we will put in place, in line with applicable legal requirements, appropriate safeguards to ensure that your Personal Data gets the same protection as it does here in the European Economic Area.  In the absence of an adequacy decision and/or any other data protection related certifications these measures may include (i) entering into European Commission approved standard contractual clauses, as amended or replaced at any time, to protect your Personal Data, as well as any supplementary measures required by law or deemed necessary, to provide an adequate level of data protection (and you have a right to ask Us for a copy of these clauses by contacting us as set out below) and/or (ii) will rely on your consent (where permitted by law). 

 

9. YOUR RIGHTS

Access to Personal Data. You have the right to access and request a physical or electronic copy of information held about you. Where the data was not obtained directly from you, you also have the right to request information on the source of your Personal Data. 

Additional rights (e.g. modification, deletion of Personal Data). Where provided by law, you can request deletion, objection, the portability, rectification of your Personal Data and restrict our processing of your Personal Data. You also have the right to know if you are the subject of automated decision-making, including profiling, and to object to such processing. Finally, you have the right to provide us with your instructions on how your data should be processed after your death.  

You can withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent. 

Please note that, in certain circumstances, We will not be able to delete your Personal Data without also deleting your user account. We may be required to retain some of your Personal Data after you have requested deletion, to satisfy our legal or contractual obligations. We may also be permitted by applicable laws to retain some of your Personal Data to satisfy our business needs. 

 For California Residents. The California Consumer Privacy Act of 2018 (“CCPA”) went into effect January 1, 2020. The CCPA provides California residents with certain privacy rights. Under the CCPA, you have the right access, where you may request that we disclose to you any or all of the following: 

  • the categories of personal information we collected about you 

  • the categories of sources from which we collected such information 

  • the specific pieces of information we collected about you 

  • the business or commercial purpose for collecting personal information about you 

  • the categories of personal information about you that we shared or disclosed 

  • the categories of third parties with whom we shared or to whom we disclosed such information in the preceding twelve months. 

You have also the following rights: 

  • Right to delete: You have the right to request the deletion of your personal information, subject to certain exceptions. However, we may not be required to delete personal information under certain circumstances. Specifically, the CCPA includes exemptions that provide that we do not have to delete information that, for example, is necessary to comply with legal obligations including those pertaining to the quality, safety or effectiveness of a product or activity regulated by the Food and Drug Administration etc.
  • Right to non-discrimination: You have the right to not be discriminated against for exercising any of the above-listed privacy rights. 

In addition, under the CCPA, you also have the right to request that we delete personal information we collected from you subject to certain exceptions. You also have the right to exclude the use of personal information about you by electing to opt-out per the terms of this Policy and the CCPA.
We do not sell personal information about California or any other State/Country residents.

For Canada Residents. The Personal Information Protection and Electronic Documents Act (PIPEDA) went into effect on 13 April 2000. The PIPEDA, as amended, provides Canada residents with the following privacy rights: 

  • Right to access: You have the right to be informed of and access your personal information processed  

  • Right to rectification: You have the right to ask for updates and/or corrections of any inaccuracies in your personal information processed 

How to exercise your rights. Your privacy rights can be exercised by sending Us an e-mail at privacy.switzerland@galderma.com  or writing to us at Galderma SA, Rue d'Entre-deux-Villes 10, 1814 La Tour-de-Peilz, Switzerland, attaching a copy of your ID or equivalent details (where requested by Us and permitted by law). If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected. Please note that any identification information provided to Us will only be processed in accordance with, and to the extent permitted by applicable laws. 
Where available, our platform has a dedicated feature through which you can review and edit the Personal Data that you have provided.
We hope that We can satisfy queries you may have about the way we process your Personal Data. However, you have the right at any time to complain to competent data protection authorities. A list with the Supervisory Authorities in Europe and their contact details is available here:  https://edpb.europa.eu/about-edpb/board/members_en

For UK Residents: In case we do not handle your request timely or if you are not satisfied with our response to any exercise of these rights, you are entitled to lodge a complaint with the Information Commissioner’s Office (ICO); you can contact ICO here: The Information Commissioner’s Office | Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF | Website: https://ico.org.uk | Tel. +44 1625 545 700 | Helpline number: 0303 123 1113

10. YOUR CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR PERSONAL DATA

We strive to provide you with choices regarding the Personal Data that you provide to Us. The following mechanisms give you the following control over your Personal Data: 

Cookies/Similar Technologies. You manage your consent via (i) our consent management solution or (ii) your browser so as to refuse all or some cookies/similar technologies, or to alert you when they are being used. Please see Section 4 above. 

11. CHANGES TO THIS NOTICE

If We change the way We handle your Personal Data, We will update this Notice. We reserve the right to make changes to our practices and this Notice at any time, please check back frequently to see any updates or changes to our Notice. 

12. DATA CONTROLLERS & CONTACT

To ask questions or make comments on this Notice and our privacy practices or to make a complaint about our compliance with applicable privacy laws, please contact our  Group Data Protection Officer at: privacy.switzerland@galderma.com or in writing to Galderma SA, Rue d'Entre-deux-Villes 10, 1814 La Tour-de-Peilz Switzerland  or write to the relevant Galderma entity in your country of residence. 

Please also note that we have designated as our EU Representative pursuant to Article 27 of the GDPR the Swedish Company named Q-MED AB, whose contact details are the following: 

Q-MED AB 
Seminariegaten 21, 75228, Uppsala, Sweden 
Email:  DataProtection.SEUPP@galderma.com   

We will acknowledge and investigate any complaint about the way We manage Personal Data (including a complaint that We have breached your rights under applicable privacy laws). 

 

Last updated: October 2021