Privacy Notice

GSK Healthcare Professional Privacy Notice

China (Mainland)

 

Last Updated: September 11, 2023

This Privacy Notice is intended for healthcare professionals and other experts who work with GSK.

We understand that privacy is important to you. We are committed to treating your personal information with care and integrity.

Our Privacy Notice tells you what personal information we collect and how we collect it. It explains what we use your personal information for and how we protect your personal information and keep it safe. This Privacy Notice explains our general practices. However, where local laws or regulations require that we process information differently, or refrain from such processing, we will always comply with the applicable local law.

GlaxoSmithKline values your privacy. When we say “GSK”, “we”, “us” or “our”, we mean GlaxoSmithKline(China) Investment Co., Ltd. (at Unit 901, 9th Floor, Building 56, East 4th Ring Middle Road, Chaoyang District, Beijing) and its affiliated companies.

Personal information means various information related to identified or identifiable natural persons recorded electronically or in other ways, excluding anonymized information; “process(ing)” personal information refers to collection, storage, use, processing, transmission, provision, disclosure and deletion, etc. of personal information.

Sensitive personal information refers to personal information that, once leaked or illegally used, may easily lead to the infringement of a natural person's human dignity, or endanger the safety of his or her person or property, including biometric, religious beliefs, specific identity, medical and health, financial accounts, trajectory and other information, as well as the personal information of minors under 14 years of age.

In this Privacy Notice, we explain:

h

Who is the controller of your personal information?

GlaxoSmithKline(China) Investment Co., Ltd. and its affiliated companies are the controllers of your personal information. 

Contact information and your privacy point of contact

If you want to exercise your rights, have any questions about this Privacy Notice, need more information or would like to raise a concern, please contact GSK China Privacy Office at cn.pharma-privacy@gsk.com.

What personal information do we collect about you? 

What personal information do we collect about you? 

The personal information we collect, and process, may include:

  • Basic information – your name, surname (including prefix or title), alias, gender, age or date of birth, as well as your preferred language; your city of location;
  • Personal identity information – ID card number.
  • Contact information – information that enables us to contact you, e.g. your email address, mailing address, telephone numbers and profile on a social media platform; 
  • Professional information and experience – information related to your qualifications, areas of expertise, place of practice, medical practitioner number and qualification certificate information; hospital level, hospital address, your hospital and department, professional title, position, expertise; academic research records, publications, etc.;
  • Financial information – bank account informationremuneration details;
  • Technical and network activity information – information about your device and your usage of our websites, apps, WeChat mini programs, WeChat official accounts and systems, including your IP address, device ID, hardware model and version, mobile network information, operating system and other online identifiers, website browsing logging; your WeChat open ID, unique ID, nick name and profile picture;
  • Conflicts – circumstances which may create a conflict of interest – including whether you or a close family member are an officer or employee of a political party, candidate for public office or hold a position in government;
  • Professional biography and/or other information – including your CV/resume, academic information and your interests (such as any specific health care topics about which you request information from GSK);
  • Product use – data related to your use of our products, your interactions with us, your preferred method of communications with us, and services you may use, your activity data (for example, whether you have opened the email we sent to you, whether you have accept invite to webinar, whether you have opened and read the WeChat promotion articles we shared with you, whether you have attended meetings hosted by GSK and/or partners, meeting durations etc.)
  • Signature – copy of your hand-written signature or your e-signature;
  • Photo or video that contains individual – photo or video that records taken when you attend meeting or activity hosted by GSK and/or partners, photo collected to verify your qualification; and
  • Survey result – your answers to survey, including any survey result involving illness or physician practice.

You can choose not to give us personal information when we ask you for it. If you decide not to give us your personal information, it may restrict our relationship with you. For example, we may not be able to provide you with the services that you have requested.

h

How do we collect your personal information?

Directly from you when you:

  • Create an account and profile in the GSK Pro Portal or other GSK websites, apps, WeChat mini programs, WeChat official accounts and systems; 
  • Share or use your social media profile to contact GSK; 
  • Register with us to use GSK’s authentication services;
  • Use GSK Pro Portal or other GSK websites, apps, WeChat mini programs, WeChat official accounts and systems;
  • Sign up with us to receive promotional material; 
  • Engage with one of our sales representatives, medical science liaisons or call centers;
  • Get in touch for support or to provide feedback;
  • Attend an online event such as a webcast;
  • Respond to any surveys that you may choose to participate in;
  • Share adverse events or medical information enquiries with us; and 
  • Attend offline meetings, such as advisory boards or conferences.

From other sources:

  • Data companies providing information services in the healthcare sector (including Veeva Opendata, aPureBase, IQVIA and Wilmington Healthcare);
  • Third-party cooperation platform authorized by you;
  • Publicly accessible sources;
  • Joint marketing partners;
  • Marketing vendors;
  • Healthcare provider directories;
  • Patient organisations;
  • Events management agencies;
  • Professional social media platforms; and
  • When you talk about us online, like when you mention a GSK product in a Tweet.

If you connect your social media account to your GSK Pro Portal or other GSK portal account, you will share certain personal information from your social media account with us. This may include your name, email address, photo, list of social media contacts, and any other information you make accessible to us when you connect your social media account to your GSK Pro Portal or other GSK portal account.

We also combine information about you from various sources, including the information you provide to us and personal information, which is collected during your relationship with us.

How do we use your personal information or process your personal information in other ways?

We use your personal information for the purposes we have described below in this Privacy Notice, or for purposes which are reasonably compatible to the ones described.

To manage our relationship with you.

We will use your basic information, contact information, professional information and experience, technical and network connectivity information, professional biography and/or other information, product use, signature information, photo or video that contains individual, personal identity information, financial information to:

  • Provide our products and services to you;
  • Provide online services such as webcasts, employment opportunities and financial results;
  • Manage your account on the GSK Pro Portal or any other GSK portals;
  • Verify your professional information;
  • Invite you to a meeting and register and verify your attendance;
  • Respond to your queries and provide you with information when you request it or when we believe our products and services may be of interest to you;
  • Pay you the amount that meets the fair market value;
  • Invite you to provide feedback, participate in research, surveys or attend events;
  • Personalise your experience when interacting with GSK;
  • Plan engagements with sales representatives or medical science liaisons;
  • Report the adverse events you notify us about; and
  • Perform analytics, market research and segmentation to understand your preferences, improve our products and services and our communications to you.

To manage and improve our processes and our business operations.

We will use your basic information, contact information, professional information and experience, technical and network connectivity information, conflicts, product use, signature information, photo or video that contains individual to:

  • Manage our network and information systems security;
  • Manage our workforce effectively;
  • Respond to reports you make of a possible side effect associated with one of our products and to monitor the safety of our products;
  • Keep records related to our relationship with healthcare professionals;
  • Perform data analyses, auditing and research to help us deliver and improve our GSK digital platforms, content and services;
  • Monitor and analyse trends, usage and activities in connection with our products and services to understand which parts of our digital platforms and services are of the most interest and to improve the design and content of our platforms; and
  • Prepare and perform management reporting and analysis, including analytics and metrics.

To achieve other purposes.

  • We will use your basic information, contact information, professional information and experience, technical and network connectivity information, product use, signature information, photo or video that contains individual to:
  • Comply with applicable laws and regulations;
  • Respond to requests from competent public authorities;
  • Tell you about changes to our terms, conditions and policies;
  • Exercise or defend GSK against potential, threatened or actual litigation;
  • Investigate and take action against illegal or harmful behaviour of users;
  • Protect GSK, your vital interests, or those of another person;
  • Disclose any transfers of value made to you in relation to expert services that you provide to us;
  • Achieve the purpose of authorship of a scientific publication;
  • Gain insights and feedback on our products and services in order to correct or improve them, by analysing information from external sources such as Google, Facebook and Twitter (and others); and
  • When we sell, assign or transfer all or part of our business.

Registration for promotions and survey.

We will use your contact information to provide you with promotional material and invitation to participate in survey.

Provide service to you by using digital platforms.

We will use your basic information, contact information, professional information and experience, technical and network connectivity information, product or service use and survey result to:

  • Ensure the security of your platform account and implement a network real name system;
  • Personalize the content of our digital platforms to match your user personal information or preferences for the purpose of improving the Company's services;
  • Provide you with medical academic information, product promotion related information through the company's digital platforms (such as WeChat, email, webinars);
  • Invite you to provide feedback, participate in research, surveys or conferences, events;
  • Use the information you provide on other GSK digital platforms and service platforms (e.g. website, WeChat official account, call center, etc.)

Why we are allowed to process your personal information?

We can process your personal information when one of the following applies:

  • Where your consent is obtained;
  • Where it is necessary for the conclusion or performance of a contract to which the individual concerned is a party, or for the implementation of human resources management in accordance with the labour rules and regulations formulated in accordance with the law and the collective contract concluded in accordance with the law;
  • Where it is necessary for the performance of statutory duties or statutory obligations, such as providing your personal information to the social insurance authorities for the purpose of making social insurance contributions;
  • Where it is necessary for the response to a public health emergency or for the protection of the life, health and property safety of a natural person;
  • Where such acts as news reporting and supervision by public opinions are carried out for the public interest, and the processing of personal information is within a reasonable scope;
  • Where it is necessary to process the personal information disclosed by you or other personal information that has been legally disclosed within a reasonable scope in accordance with the law; and
  • Other circumstances prescribed by laws and administrative regulations. 

How do we protect your personal information?

We want to make sure your personal information is not shared with or used by those not allowed to see it. We have used industry-standard security safeguards to protect your personal information from unauthorized access, public disclosure, use, modification, damage or loss. We will take all reasonably practicable steps to protect your personal information. We use a variety of security measures and technologies to help protect your personal information.

We also require all personnel who may have access to your personal information to fulfil corresponding confidentiality obligations. Failure to fulfil these obligations may result in legal liability or suspension of the partnership with us. We carefully choose service providers to work with, and check they have security measures and technologies in place to protect your personal information. We do not allow our service providers and suppliers to use your personal information for their own and unauthorized purposes.

In the event of an unfortunate personal information security incident, we will promptly inform you of the following items in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, recommendations on the measures you can take to prevent and reduce risks on their own, remedies for you, etc. We will promptly notify you of the incident by email, letter, telephone, push notification, etc. When it is difficult to inform the subject of personal information incident individually, we will reasonably and effectively publish an announcement.

At the same time, we will also proactively report the handling of personal information security incidents in accordance with the requirements of regulatory authorities. 

What are your rights regarding your personal information?

You have rights we need to make you aware of. The rights available to you depend on our reason for processing your personal information and the laws and regulations in China. Depending on this you may have the right to take the following actions to the extent permitted by the law:

  • Ask us for copies of your personal information;
  • Ask us to correct information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete;
  • Ask GSK about the processing of your personal information;
  • Ask us to delete your personal information under any of the following circumstances;
    • where the purpose of processing has been achieved, it is impossible to achieve such purpose, or it is no longer necessary to achieve such purpose;
    • where we cease to provide products or services, or the retention period has expired;
    • where you withdraw your consent;
    • where we process your personal information in violation of laws, administrative regulations or the agreement with you; or
    • other circumstances stipulated by laws and administrative regulations;
  • Ask us to restrict the processing of your information;
  • Object to our processing of your personal information; 
  • Ask us to explain our rules for processing your personal information;
  • Ask that we transfer information you have given us from one organisation to another, or to give it to you; and
  • If we deny your request to exercise your rights or your privacy rights are violated, or if you have suffered as a result of unlawful processing of your personal information, you can file a lawsuit in the People's Court in accordance with the law.

You can find out how to get in touch with us to ask us to do any of the above by looking at the ‘Contact information and your privacy point of contact’ section.

For your protection, and to protect the privacy of others, we may need to verify your identity before completing what you have asked us to do. After verifying your identity, we will respond to your request based on the above rights in a timely manner and give a reply and reasonable explanation within 15 working days after receiving your request.

If you object to us using your personal information or withdraw permission for us to use your personal information, after initially giving it to us, we will respect your choice in line with applicable law. However, by objecting or withdrawing your permission, we may not be able to complete the processing activities described in the “How do we use your personal information or process your personal information in other ways”. Please note that if your personal information is processed based on a statutory basis other than your individual consent, the processing will not be impacted by the withdrawal of your consent. In addition, according to the relevant laws, if you withdraw your consent, it will not affect the validity of any personal information processing activity conducted based on your consent before such withdrawal.

How long do we keep your personal information?

We will keep your personal information only for the shortest period necessary for the purposes specified in this Privacy Notice, and we will also legally retain your personal information in accordance with the mandatory provisions of laws and regulations about the retention period of personal information. After the activity is completed, we will retain your personal information in accordance with relevant laws and regulations and GSK's global records retention schedule.

After the storage period of your personal information expires, we will delete or anonymize your personal information to make it not accessible and keep relevant deletion or anonymization record, except for the personal information that must continue to be stored for a longer period of time according to laws and regulations.

In some jurisdictions, we are legally required to keep your personal information for certain periods. How long depends on the specific legal requirements of the jurisdiction you are in when you share your information with us.

Will your personal information be shared, transferred or disclosed?

Will your personal information be shared, transferred or disclosed?

We share your personal information on a need to know basis, and to the extent necessary for the purposes listed in “How do we use your personal information or process your personal information in other ways” and provided that laws and regulations are followed.

We share your personal with members of the GSK group. You can query the name and contact information of GSK affiliates by accessing GSK’s worldwide contacts. We promise that all sharing is limited to your necessary personal information and is subject to this Privacy Policy; If we want to change the purpose of using and processing personal information, we will ask your authorization again. At the same time, we will strictly comply with the requirements of relevant laws and regulations on cross-border data transmission.

Except for the following circumstances, we will not share your personal information with any company, organization or individual other than members of the GSK group:

  • We may share your personal information with your explicit consent: After obtaining your explicit consent, we will share your personal information with other parties. 
  • We may share your personal information in accordance with the laws and regulations, or mandatory requirements from government authorities. 
  • We may share your personal information with the authorized partners: solely for the purpose stated in this policy, some of our services will be provided by the authorized partners. We list the circumstances where we share your personal information with the authorized partners. For any details, please refer to Third Party List. 

For authorized partners who we share your personal information with, we will sign a strict confidentiality agreement with each of them and ask them to handle your personal information in accordance with our instructions, this Privacy Policy and any other relevant confidentiality and security measures.

Entrustment

We will also share your personal information with other specialised service providers (please write to inquire about the specific name and contact information through the contact information set forth in this Privacy Notice) who work with us. They will process your personal information on behalf of GSK, and GSK will supervise the personal information processing activities of the third parties in accordance with the laws and regulations to ensure that they only process personal information within the scope of processing purposes, processing methods and types of personal information agreed with GSK:

  • Event agencies; 
  • Marketing agencies;
  • Technology suppliers who work with us to develop and improve our websites, digital forums and apps;
  • Media services providers who work with us;
  • Healthcare service providers who work with us;
  • Suppliers managing adverse event reports; and
  • Professional advisors, such as auditors, accountants and lawyers.

Transfer

We will not transfer your personal information to any company, organization or individual, except: 

  • Transferring with your explicit consent: After obtaining your explicit consent, we may transfer your personal information to other parties; 
  • During merger, division, dissolution or bankruptcy liquidation, if the transfer of personal information is involved, we will require the new entity holding your personal information to seek for consent from you. We will comply with the corresponding notification and other obligations in accordance with the law.

Public disclosure

We will not publicly disclose your personal information without obtaining your prior consent, unless we have a legal right or obligation to do so.

In what instances do we transfer your personal information outside of your home country?

In principle, the personal information collected and generated in the People’s Republic of China will be stored in the People’s Republic of China. Since GSK is a multinational corporation, based on the needs of unified group operation and management, for the specific purposes stated in this Privacy Notice to ensure business continuity and system security, we provide products or services through resources and servers all over the world, which means that, your personal information as listed below may be transferred to or accessed from overseas jurisdictions of your country / region: name, telephone number, email address, position, gender, expertise, medical practitioner number, as well as ID card number, bank account information, remuneration details (whether ID card number, bank account information, remuneration details will be collected and transferred abroad depends on whether you are our speaker).

The overseas recipients include GlaxoSmithKline Services Unlimited (at 980 Great West Road, Brentford, Middlesex, TW89GS, United Kingdom), GlaxoSmithKline LLC (at Corporation Service Company, 251 Little Falls Drive, Wilmington, Delaware, 19808, United States) and other GSK’s overseas affiliates. You can check the names and contact information of GSK's overseas affiliates by visiting GSK’s worldwide contacts

In addition, in order to better carry out medical interactions with you, the overseas recipients may engage third-party service providers (for specific names and contact information, please inquire through the contact information in this Privacy Notice) to assist us in providing relevant service support. During this process, such third-party service providers will act on behalf of GSK to process your personal information.

The personal information protection laws of the countries or regions where the recipients are located to which we transfer data may differ from the laws of China. We implement appropriate measures to protect your personal information when we transfer your personal information outside of China such as data transfer agreements with the data recipients that incorporate standard data protection clauses or cross-border data transfer security assessment, and we will also fulfill the obligations of cross-border transfer of personal information accordingly.

How do we process personal information of minors?

Our services are not directed to minors and we do not collect any personal information from minors.

Cookies, Website and Application Data; Use for Analytics and Marketing

Our websites may use cookies and similar technologies. You can choose to accept or decline cookies. If you choose to decline cookies, not all elements of our websites, apps and services may function as intended, so your experience may be affected.

To the extent that your local laws consider the information collected by cookies and other technologies as personal information, we will treat that information to the standards set out in this Privacy Notice.

You can access our list of SDKs under the Personal Information Third Party Sharing List. For more information about our use of cookies, please visit the Cookie Policy on the GSK website. You can usually find this link at the bottom of each page. This policy explains what cookies and similar technologies are, and how we use them. 

How we update this privacy notice?

From time to time, we will update this Privacy Notice, so as to timely reflect the changes of national laws and regulations and the adjustment of our service policies. Any changes become effective when we post the revised Privacy Notice on our Privacy Centre. Any changes become effective when we post the revised Privacy Notice on our Privacy Centre. This Privacy Notice was last updated as of the “Last updated” date shown above. If changes are significant, we will provide a more prominent notice to let you know what the changes are. If such updates involve the rights of personal information subjects and matters that may cause you to change your consent or need to obtain your consent again (for example, the purpose of processing, the type of information collected, etc.), we will re-seek your consent to the updated Privacy Policy in accordance with the provisions of laws and regulations.

Our responsibility regarding websites that we do not own or control

Our GSK Pro Portal and other GSK portals and websites may contain links to websites or mobile applications we do not own or control. This Privacy Notice does not cover them. Please read the privacy notices on those websites and mobile applications if you would like to find out how they collect, use and share your personal information.

Third Party List that GSK shares Personal Information With

SDK

We use SDK from the following parties:

Third-party company name: Zhihuiyun (Tianjin) Convention and Exhibition Co., Ltd

Product/Type: Car Service

Types of personal information collected: location information (pick-up and drop-off location, latitude and longitude, precise positioning, driving trajectory); Basic information of the employee (name, employee MUDID, phone number); Basic information of the passenger (name, phone number);

Personal information synchronized to third parties: name, telephone number, pick-up and drop-off location, latitude and longitude, phone number

Purpose of use: Car service

Usage scenario: Create a car order, select the pick-up and drop-off location to use accurate positioning; Get pick-up and drop-off locations and latitude and longitude; When placing an order, the pick-up and drop-off location, latitude and longitude, the name (employee) and phone number of the ride-hailer, and the name and phone number of the rider will be synchronized with the third-party car platform; Obtain the driving track during the use of the car and display it on the map;

Method of Sharing: synchronize data through third-party interfaces of data interfaces; Some third-party suppliers obtain information through the Zhihuiyun supplier platform to complete the car service

Third Party Privacy Policy: Follow the privacy policy set out by GSK

 

Name of third party: AutoNavi Software Co., Ltd.

Product / type: location services

Personal information involved: technical and network activity information (i.e. physical location)

Purpose: obtain individual’s location

Processing scenario: attendance registration of conference / event, identification of nearby contact point of event

Method of sharing: directly collect by third-party

Privacy notice: http://cache.amap.com/h5/h5/publish/238/index.html

Contact information:  Personal_Information_Officer@autonavi.com

 

Entrusted Party

We may share your personal information with the following parties for specific purpose:

 

Name of third party: AMEX

Personal information involved: basic information, contact information, travel related information (e.g. transportation method, room type), identification information

Purpose: provide conference-related service (including booking of air ticket, train ticket, hotel, within-conference meal ordering)

Processing scenario: conference related logistic arrangement

Method of sharing: collect and provide by GSK

Third Party Privacy Notice: http://cache.amap.com/h5/h5/publish/238/index.html

Contact information: Personal_Information_Officer@autonavi.com

 

In order to pay you remuneration for services, your personal information may be provided to the following partners, as described below:

 

Name of third party: Citibank Singapore

Personal information involved: basic information, financial information, identity information

Purpose: To pay experts for their services

Processing scenario: When GSK pays a service fee to an expert

Method of sharing: GSK collation provided

Third party privacy policy: Citigroup | Privacy

Contact information: https://online.citi.com/dataprivacyhub