AstraZeneca [We, Us, Our] take the privacy and security of your Personal Data very seriously. This Privacy Notice outlines what Personal Data We may collect about you and how We may use it.
We may change this Privacy Notice from time to time. Therefore, We may ask you to check this Privacy Notice occasionally to ensure that you are aware of the most recent version. We will notify you of any changes where We are required to do so.
What Information Do We Collect and How Do We Use It?
If you need to register to use this website, or complete an online form (e.g. to obtain email updates or ask Us to send you further information), then We may collect Personal Data about you such as:
- Email address
- Country of residence
- Occupation (for example, if you are a Healthcare Professional seeking information about Our products)
This information is used by Us to administer the website, register you for any services you have signed up to and respond to any queries or requests for information you may have.
Occasionally We may obtain Sensitive Personal Data about you, for example, if you voluntarily provide information about your physical or mental health, as part of a request for information. By providing us with your Sensitive Personal Data, you consent to Us processing this data for the purposes set out in this Privacy Notice or any collection notice provided to you.
We use aggregate information, which does not identify individuals, to monitor customer traffic patterns to the website and particular pages, as well as site usage, in order to help us improve the design and layout of the content.
Who Will Have Access To Your Personal Data?
Your Personal Data may be made available within the AstraZeneca group of companies. We sometimes employ other companies and individuals to perform functions on our behalf, for example providing technical support for the systems where your Personal Data is held. They may need access to your Personal Data in order to perform their functions but will not use your Personal Data for any other purpose.
We may also disclose Personal Data in order to comply with our legal or regulatory obligations, in response to a non-mandatory request for information made by a governmental or state body, or as part of an investigation of unlawful activity.
Your Personal Data may be transferred outside your country of origin, including to countries or jurisdictions which do not provide the same level of data protection as your home country. Regardless of which country your Personal Data is held in it will be protected in line with our privacy and security policies, as outlined below.
How We Protect Your Information
We have in place appropriate privacy and security policies which are intended to ensure, as far as reasonably possible, the security and integrity of all Our information, including your Personal Data.
Access and Correction
If We process Personal Data about you, then you may have a right under data privacy law to request access to your Personal Data (for which We may charge a small fee), to correct any inaccuracies or to have it deleted.
If We agree that the information is incorrect, or that the processing should be stopped We will delete or correct the information. If We do not agree that the information is incorrect, We will nevertheless, record the fact that you consider the information to be incorrect.
If you would like to access, correct or delete the Personal Data We hold about you please contact email@example.com quoting the url/address of this website.
If you have any general queries relating to data privacy in AstraZeneca please contact firstname.lastname@example.org, quoting the url/address of this website.
Opting Out Of Further Communications From Us
If you have elected to receive information about Our products or services, or those of other AstraZeneca companies and wish to opt-out of receiving such information, then you can do so by sending an email to email@example.com. You should clearly state on all communications: your name, username (if any), registration details (if any) and the name of this website.
You should note that if Our business (or any part of it) is sold or transferred at any time, the information We hold may form part of the assets transferred, although it will still only be used in accordance with this Privacy Notice.
AstraZeneca’s Binding Corporate Rules
AstraZeneca has ensured compliance with some of its legal obligations in relation to your personal data in some countries by creating a set of “binding corporate rules”. These binding corporate rules set out AstraZeneca’s data privacy commitments in respect of personal data that is transferred internationally from AstraZeneca affiliates in the European Economic Area (the “EEA”) (and countries with similar restrictions on the use of personal data).
Where your personal data is transferred in the circumstances described above, you have rights under the binding corporate rules to ensure We do the following:
- Transparency: We will provide you with information about how We process your personal data to the extent necessary to ensure that processing is fair. Some of that information is set out above.
- Access: As described in the “Access and Corrections” section above, you may ask AstraZeneca for access to the personal data that AstraZeneca holds about you and AstraZeneca will take steps to provide you with access to the personal data you have requested, although AstraZeneca may not be able to provide you with all the information you ask for.
- Rectification and deletion: As described in the “Access and Corrections” section above, you may ask AstraZeneca in writing to rectify, amend, delete, or suspend the use of, the personal data that AstraZeneca holds about you where that personal data is inaccurate or used in breach of the binding corporate rules. Except in certain circumstances and subject to applicable law, AstraZeneca will comply with that request;
- Right of objection: As described in the “Access and Corrections” section above, you may object to the collection, retention or use of your personal data by AstraZeneca if there are compelling legitimate grounds. You may also object to your use of personal data for marketing purposes using the process set out in the section headed “Opting out of further communications from us” above; and
- Automated Processing: In the unlikely circumstances that we process information about you on a purely automated basis that has a significant impact on you, we shall give you the opportunity to discuss the output of such processing before making those decisions (save to the extent otherwise permitted under applicable law).
Depending on your circumstances and location, you may be able to enforce your privacy rights using the binding corporate rules through one of the regulators who has approved the binding corporate rules or through an English court or a court in your jurisdiction. You are also entitled to obtain a copy of the binding corporate rules upon request, in order that you can see the mechanism by which We ensure that We protect your information and give you enforceable rights. We may redact some commercially sensitive information from the copy of the binding corporate rules We give to you.
As part of the binding corporate rules agreement, We have also agreed that where you can show you have a case against Us, We shall have the burden of proving that We have complied with the binding corporate rules. Before exercising those rights We request that you contact Us in the manner described in the ‘How to Contact Us’ section below so that We can try to address your concerns.
How To Contact Us
If you would like to know more about the binding corporate rules and your rights under them or if you have a complaint about the way in which AstraZeneca handles your personal data you can raise a concern via www.AZethics.com which is part of AstraZeneca’s complaint management process.
Alternatively, you can also raise a question or concern by writing to the Global Privacy Office at 2 Kingdom Street, London, W2 6BD, United Kingdom or via firstname.lastname@example.org.