Last updated 4.24.2018
We value our ability to provide you with information through our interactions with you, whether they are face to face interactions, through our digital platforms (like our mobile applications and websites) or one of the other ways you can choose to interact with us.
This Privacy Notice explains how GlaxoSmithKline and its group of companies (“GSK,” “we,” “us” and “our”) collect, use, and share personal information that you provide to us, or that we may otherwise obtain or generate, which relates to you. Please take a moment to review this Privacy Notice and, if you have any questions, feel free to get in touch via one of the methods set out below.
The personal information that we collect about you includes:
- technical information – such as:
- activity data, such as whether an email we sent you was opened;
- information from your visits to our websites, including the type of browser and operating system you use, access times, pages viewed, URLs clicked on, your IP address and the page you visited before navigating to our websites;
- device information, including the unique device identifier, hardware model, operating system and version, and mobile network information; and
We may also process information about you which reveals information about your health status. For example, where you tell us about a health condition you are experiencing, where we receive a report that you have experienced a side effect associated with one of our products, or where health information can be inferred from information that you have provided to us when you get in touch with us for any reason. Where we process this type of information about you we will, if required by law, take appropriate steps to get your consent to our use of this information.
We collect your personal information in the course of monitoring our technology tools and services, including email communications sent to and from GSK. We may combine information that we have about you from various sources.
We use your personal information to:
1. Manage our day-to-day operations, including to:
- comply with applicable laws, rules, regulations, guidance, codes, and industry/ professional rules and regulations;
- comply with demands or requests made by local and foreign regulators, governments, courts and law enforcement authorities, and complying with a court process, or in connection with any litigation; and
- investigate and take action against users who violate our rules or who engage in behaviour that is illegal or harmful to others or to others’ property.
2. Improve our day-to-day operations, including:
- for internal purposes such as auditing, data analysis and research to help us deliver and improve our GSK digital platforms, content and services;
- to monitor and analyse trends, usage and activities in connection with our products and services to understand which parts of our digital platforms and services are of the most interest and to improve the design and content of our platforms; and
On what basis do we use your personal information?
- For legitimate business purposes: Using your personal information helps us to operate and improve our business and minimise any disruption to the services that we may offer to you. It also allows us to make our communications with you more relevant and personalised to you, and to make your experience of our products and services an efficient and effective one.
- To comply with our legal obligations and other demands for information: Compliance with laws, regulations, rules, codes and guidance is important to us, and we would want to be able to comply with these, as well as the other requests or demands for data as set out here. They affect the way in which we run our business, and they help us to make our products and services as safe as we can. Where we use your personal information for this purpose, rest assured that where possible we will take measures to protect your personal information.
We may share your personal information with:
- members of the GSK group of companies; and
- the following trusted third parties:
- our agents and suppliers, including those who provide us with technology services such as data analytics, hosting and technical support;
- our professional advisors and auditors;
- local or foreign courts, regulators, governments and law enforcement authorities;
- other third parties in connection with our selling, merging, buying, or reorganising all or any part of our business.
We may transfer your personal information outside of your home country. The countries to which your personal information is transferred may not offer an equivalent level of protection for personal information to the laws of your home country. These countries include:
United States, France, Ireland.
We will implement appropriate measures to ensure that your personal information remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws. These measures include data transfer agreements implementing standard data protection clauses. You can find more information about data transfer agreements here.
From time to time we may provide links to websites or mobile applications that we do not own or control. This Privacy Notice does not apply to those websites. If you choose to use those websites, please make sure that you check the legal and privacy statements posted on each website or mobile application you access to understand their privacy practices.
As a general rule, we keep your personal information for as long as required (a) to comply with law; (b) in connection with legal action or an investigation involving GSK; or (c) to provide you with information, access you have requested to digital channels (like our websites), our products and our services.
We use a variety of security measures and technologies to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection and privacy laws.
For example, when we share your personal information with external suppliers, we may put in place a written agreement which commits the suppliers to keep your information confidential, and to put in place appropriate security measures to keep your information secure.
You may have the right to:
- opt out from processing of your personal information for direct marketing purposes;
- ask GSK about the processing of your personal information, including to be provided with a copy of your personal information;
- request the correction and/or deletion of your personal information;
- request the restriction of the processing of your personal information, or object to that processing;
- withdraw your consent to the processing of your personal information (where GSK is processing your personal information based on your consent);
- request receipt or transmission to another organisation, in a machine-readable form, of the personal information that you have provided to GSK; and
- complain to your local supervisory authority if your privacy rights are violated, or if you have suffered as a result of unlawful processing of your personal information.
If you would like to exercise your rights, please let us know by getting in touch via UK.Ireland-CPA@gsk.com.
Where you are given the option to share your personal information with us, you can always choose not to do so.
If you choose not to provide us with your personal information, you object to our processing of your personal information, or you choose to withdraw any consent that you may have provided to processing, we will respect that choice in accordance with our legal obligations. This may mean, however, that we are unable to perform the actions necessary to achieve the purposes described (see ‘How we use your personal information’), or that you are unable to make use of the services and products offered by us.
GSK may be required or entitled to retain your information to comply with legal and regulatory obligations and to protect and exercise our legal rights and interests.
GlaxoSmithKline Consumer Healthcare (UK) Trading Limited, 980 Great West Road, Brentford, TW8 9GS is the controller of your personal information.
If you have questions or requests about the processing of your personal information, or need additional information, you can contact GSK’s Data Protection Officer at: UK.Ireland-CPA@gsk.com.