GSK healthcare professional privacy notice
Italy
Last Updated: 18 October 2021
This privacy notice is intended for healthcare professionals and other experts who work with GSK.
We understand that privacy is important to you. We are committed to treating your personal information with care and integrity.
Our privacy notice tells you what personal information we collect and how we collect it. It explains what we use your personal information for and how we protect your personal information and keep it safe. This privacy notice explains our general practices. However, where local laws or regulations require that we process information differently, or refrain from such processing, we will always comply with the applicable local law.
GlaxoSmithKline values your privacy. When we say “GSK”, “we”, “us” or “our”, this is who we are referring to.
Personal information means any information or piece of information which could identify you either directly (e.g. your name) or indirectly (e.g. a unique ID number).
In this privacy notice, we explain:
- Who is the controller of your personal information?
- Contact information and your privacy point of contact
- What personal information do we collect about you?
- How do we collect your personal information?
- How do we use your personal information?
- Why are we allowed to collect and use your personal information?
- How do we protect your personal information?
- What are your rights regarding your personal information?
- How long do we keep your personal information?
- With whom do we share your personal information?
- In what instances do we transfer your personal information outside of your home country?
- Additional information if you are in the European Economic Area (EEA)
- Information about children
- Cookies, Website and Application Data; Use for Analytics and Marketing
- How we update this privacy notice?
- Our responsibility regarding websites that we do not own or control
- Messaging Apps Supplement
Who is the controller of your personal information?
GSK Services Unlimited, together with the local GSK company which has a relationship with you, are the controllers of your personal information. For more information on the relevant local GSK company, click here where you can also find the contact details of the Data Protection Officer (if applicable) for your country.
Contact information and your privacy point of contact
If you want to exercise your rights, have any questions about this privacy notice, need more information or would like to raise a concern, each local privacy point of contact’s details can be found here.
What personal information do we collect about you?
The personal information we collect, and process, may include:
- Basic information – your name, surname (including prefix or title), alias, gender, age or date of birth, as well as your preferred language;
- Contact information – information that enables us to contact you, e.g. your personal or business email, mailing address, telephone numbers and profile on a social media platform;
- Professional information and experience – information related to your qualifications, areas of expertise, place of practice, professional registration number and medical practitioner number;
- Financial information – your bank account number, credit or debit card numbers and other financial and compensation details;
- Technical and network activity information – information about your device and your usage of our websites, apps and systems, including your IP address, device ID, hardware model and version, mobile network information, operating system and other online identifiers, type of browser, browsing history, search history, access time, pages viewed, URLs clicked on, forms submitted, and physical location;
- Conflicts – circumstances which may create a conflict of interest – including whether you or a close family member are an officer or employee of a political party, candidate for public office or hold a position in government;
- Travel-related and other identification information – including your national ID number, passport number, driving licence number, tax identification number and travel preferences;
- Professional biography and/or other information – including your CV/resume, photograph, academic information and your interests (such as any specific health care topics about which you request information from GSK); and
- Product use – data related to your use of our products, your interactions with us, your preferred method of communications with us, and services you may use.
You can choose not to give us personal information when we ask you for it. If you decide not to give us your personal information, it may restrict our relationship with you. For example, we may not be able to provide you with the services that you have requested.
How do we collect your personal information?
Directly from you when you:
- Create an account and profile in the GSK Pro Portal or other GSK websites, apps and systems;
- Share or use your social media profile to contact GSK;
- Register with us to use GSK’s authentication services;
- Use GSK Pro Portal or other GSK websites, apps and systems;
- Sign up with us to receive promotional material;
- Engage with one of our sales representatives, medical science liaisons or call centres;
- Get in touch for support or to provide feedback;
- Attend an online event such as a webcast;
- Respond to any surveys that you may choose to participate in;
- Share adverse events or medical information enquiries with us; and
- Attend offline meetings, such as advisory boards or conferences.
From other sources:
- Data companies providing information services in the healthcare sector (including aPureBase, IQVIA and Wilmington Healthcare);
- Publicly accessible sources;
- Joint marketing partners;
- Marketing vendors;
- Healthcare provider directories;
- Your patients (where they have told us that you are their healthcare provider);
- Patient organisations;
- Events management agencies;
- Travel agents;
- Professional social media platforms such as LinkedIn; and
- When you talk about us online, like when you mention a GSK product in a Tweet.
If you connect your social media account to your GSK Pro Portal or other GSK portal account, you will share certain personal information from your social media account with us. This may include your name, email address, photo, list of social media contacts, and any other information you make accessible to us when you connect your social media account to your GSK Pro Portal or other GSK portal account.
We also combine information about you from various sources, including the information you provide to us and personal information, which is collected during your relationship with us.
How do we use your personal information?
We use your personal information for the purposes we have described below in this privacy notice, or for purposes which are reasonably compatible to the ones described.
To manage our relationship with you.
We will use your personal information to:
- Provide our products and services to you;
- Provide online services such as webcasts, employment opportunities and financial results;
- Manage your account on the GSK Pro Portal or any other GSK portals, and to validate your professional registration;
- Respond to your queries and provide you with information when you request it or when we believe our products and services may be of interest to you. If we intend to share electronic marketing with you, we will ask for your consent where required and you can opt out at any time;
- Reimburse you for expenses or pay you for services you provide;
- Invite you to provide feedback, participate in research, surveys or attend events;
- Personalise your experience when interacting with GSK;
- Plan engagements with sales representatives or medical science liaisons;
- Report the adverse events you notify us about; and
- Perform analytics, market research and segmentation to understand your preferences, improve our products and services and our communications to you.
To manage and improve our processes and our business operations.
We will use your personal information to:
- Manage our network and information systems security;
- Manage our workforce effectively;
- Respond to reports you make of a possible side effect associated with one of our products and to monitor the safety of our products;
- Keep records related to our relationship with healthcare professionals;
- Perform data analyses, auditing and research to help us deliver and improve our GSK digital platforms, content and services;
- Monitor and analyse trends, usage and activities in connection with our products and services to understand which parts of our digital platforms and services are of the most interest and to improve the design and content of our platforms; and
- Prepare and perform management reporting and analysis, including analytics and metrics.
To achieve other purposes.
We will use your personal information:
- To follow applicable laws and regulations;
- To respond to requests from competent public authorities;
- To tell you about changes to our terms, conditions and policies;
- To exercise or defend GSK against potential, threatened or actual litigation;
- To investigate and take action against illegal or harmful behaviour of users;
- To protect GSK, your vital interests, or those of another person;
- To disclose any transfers of value made to you in relation to expert services that you provide to us;
- For the purpose of authorship of a scientific publication;
- To gain insights and feedback on our products and services in order to correct or improve them, by analysing information from external sources such as Google, Facebook and Twitter (and others); and
- When we sell, assign or transfer all or part of our business.
Why are we allowed to collect and use your personal information?
We can collect and use your personal information when one of the following applies:
- To take steps before entering into a contract or perform a contract;
- To follow the law, for example:
- Record-keeping regulatory monitoring and reporting obligations, including those related to adverse events, product complaints and product safety; and
- Complying with anti-corruption and transparency obligations;
- You have specifically given us your permission when such permission is obligatory (the law calls it “consent”). You can withdraw your consent at any time. We will normally need your consent in the following circumstances:
- Placing cookies on your device to find out how you use our websites so we can personalise what you see by tailoring content and notifications to the things you are interested in;
- Certain situations where you share sensitive information about yourself, such as your health;
- Before we send you certain electronic marketing communications; and
- In any other situations where personal information processing relies upon your consent.
- We need to use your personal information for legitimate business purposes, for example, to enable us to run our business successfully. These include:
- Sending direct marketing materials to you (you will always have the right to opt out of marketing and promotional communications);
- Conducting audits and internal investigations and complying with internal policies on anti-bribery and conflict of interest;
- Managing our IT and communications systems and networks;
- Planning and improving our business activities;
- Conducting training and gathering feedback for ensuring quality control;
- Protecting our rights, privacy, safety or property, and/or that of our affiliates, you or others;
- To provide the functionality of the services we provide you, which includes arranging access to your registered account, and providing you with related customer service;
- Verifying your eligibility to access certain products, services and data that may be provided only to licensed healthcare professionals or otherwise conducting background checks to ensure we are not precluded from working with you;
- Analysing or predicting your preferences to identify aggregated trends to develop, improve or modify our products, services and business activities;
- Interacting with you through online digital advisory forums and allowing you to send messages to another person if you choose to do so;
- Responding to and handling your queries or requests, including requests for samples;
- Sending administrative information to you, such as changes to our terms, conditions and policies;
- Completing your transactions and providing you with related customer service;
- Meeting our transparency obligations;
- Creating and maintaining a database in order to identify and engage with you based on your professional expertise and opinions, and where applicable, our past interactions; and
- Reaching out to you to provide information about our products or request input on surveys relating to our products or services;
- For the establishment, exercise or defence of legal claims or proceedings;
- To protect your vital interests or those of others; and
- Because it is necessary for reasons of substantial public interest, on the basis of applicable laws.
How do we protect your personal information?
We want to make sure your personal information is not shared with or used by those not allowed to see it. We use a variety of security measures and technologies to help protect your personal information.
We carefully choose service providers to work with, and check they have security measures and technologies in place to protect your personal information.
However, there are no guarantees that a data transmission or storage system is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us using the details at the ‘Contact information and your privacy point of contact’ section.
What are your rights regarding your personal information?
You have rights we need to make you aware of. The rights available to you depend on our reason for processing your personal information and the local law in your jurisdiction, and there are exceptions to some rights. Depending on this you may have the right to:
- Withdraw your consent to us processing your personal information for direct marketing purposes;
- Ask GSK about the processing of your personal information including to be provided with copies of your personal information;
- Ask us to correct information you think is inaccurate or incomplete;
- Ask us to delete your personal information;
- Ask us to restrict the processing of your information;
- Object to our processing of your personal information;
- Ask that we transfer information you have given us from one organisation to another, or to give it to you; and
- Complain to your local data protection authority.
You can find out how to get in touch with us to ask us to do any of the above by looking at the ‘Contact information and your privacy point of contact’ section.
For your protection, and to protect the privacy of others, we may need to verify your identity before completing what you have asked us to do.
Where we have relied upon your permission to use your personal information, and you later withdraw that permission, we may not be able to complete some of the activities described in ‘How do we use your personal information’.
How long do we keep your personal information?
In some jurisdictions, we are legally required to keep your personal information for certain periods. How long depends on the specific legal requirements of the jurisdiction you are in when you share your information with us.
We will always keep your personal information for the period required by law and where we need to do so in connection with legal action or an investigation involving GSK. Otherwise, we will keep your personal information for as long as we have a relationship with you, in order to respond or process a question or request from you or if we have sent you a product sample.
With whom do we share your personal information?
We share your personal information on a need to know basis, and to the extent necessary to follow laws and regulations, and in the context of managing our relationship with you.
We share your personal information only with teams in our GSK companies and affiliates who need to see it to do their jobs. Please see this link for a list of our affiliates and their locations.
In some countries, our relationship with you is managed for us by specialised service providers. We will share your personal information with their people and teams who need to see it as part of their job.
We will also share your personal information with other entities, for example
- Event agencies;
- Marketing agencies;
- Technology suppliers who work with us to develop and improve our websites, digital forums and apps;
- Media services providers who work with us;
- Healthcare service providers who work with us;
- Any entity who may acquire us or part of our business or brands;
- Suppliers managing adverse event reports;
- Industry trade associations;
- Local or foreign regulators, courts, governments and law enforcement authorities; and
- Professional advisors, such as auditors, accountants and lawyers.
In what instances do we transfer your personal information outside of your home country?
We work all over the world. Therefore, we may need to transfer and use your personal information outside of the country where we collect it from you. These countries may include: United States, United Kingdom and India, as well as countries within the European Union. We implement appropriate measures to protect your personal information when we transfer your personal information outside of your home country such as data transfer agreements that incorporate standard data protection clauses. The data privacy laws in the countries we transfer it to may not be the same as the laws in your home country. Law enforcement agencies, regulatory agencies, security authorities or courts in the countries we transfer your personal information to may have the right to see your personal information.
Additional information if you are based in the European Economic Area (EEA)
The European Commission recognises that some countries outside the EEA have similar data protection standards. The full list of these countries is available here.
If we transfer your personal information to a country not on this list, we do so based on our Binding Corporate Rules and standard contract clauses adopted by the European Commission. These enable us to make international transfers of personal information within our group of companies and meet the data protection laws of the European Union and the General Data Protection Regulation (GDPR).
Information about children
Our services are not directed to children and we do not knowingly collect any personal information from children except as permitted by or required by applicable law.
Cookies, Website and Application Data; Use for Analytics and Marketing
Our websites may use cookies and similar technologies. You can choose to accept or decline cookies. If you choose to decline cookies, not all elements of our websites, apps and services may function as intended, so your experience may be affected.
To the extent that your local laws consider the information collected by cookies and other technologies as personal information, we will treat that information to the standards set out in this privacy notice.
We collect information about your computer browser type and operating system, websites you visited before and after visiting our websites, standard server log information, Internet Protocol (IP) addresses, location data, mobile phone service provider, and mobile phone operating system. We use this information to understand how our visitors use our websites and mobile applications so that we can improve them, the services we offer, and our advertising. We may also share this information with other companies within the GSK group and with other third parties. Some of our websites use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to analyse use patterns and may collect information about your use of the website, including your IP address. More information on Google Analytics can be found here. If you would like to opt-out of having your data used by Google Analytics, you can opt out here.
We also use remarketing services offered by our advertising partners to personalise advertisements for visitors to sites of their advertising networks (i.e. websites other than GSK’s). On these pages, you may be shown advertisements that refer to your interactions with GSK previously. To turn off personalisation for advertisements served by Google click here. To turn off personalisation for advertisements served by Facebook click here. Many companies that display interest-based advertising are members of the Network Advertising Initiative ("NAI"), the Digital Advertising Alliance ("DAA") or the European Interactive Digital Advertising Alliance (“EDAA”). To opt-out of interest-based advertising by members of these initiatives, you can visit their websites at https://optout.networkadvertising.org, https://optout.aboutads.info and https://www.youronlinechoices.com.
We may use the data you share with us to make decisions about your interests and preferences so we can make the marketing materials we send you more relevant. We may also combine the information we hold about you with data about your interests or demographics that third parties have collected from you online and offline, to make your experience more personalised and further tailor our marketing materials. You have certain rights in relation to this – please see 'What are your rights regarding your personal information?' above for further information.
We use Facebook custom audience tools. This allows us to provide personalised advertising to you when you use Facebook’s platforms by matching the email address we hold for you with the email address Facebook holds for you, to show you the most relevant GSK advertisements. We only do this where you have given us consent. Sometimes we may also use information about you to build lookalike models. This allows us to generate similar audiences of prospective customers (who may have similar interests or demographics to you) through advertising platforms like Facebook or Google, based on data that the advertising platform holds about other people. Usually this means sharing your email address with our advertising partners. If you wish to opt out of similar audiences in Google, you can do so here.
How we update this privacy notice?
From time to time, we will update this privacy notice. Any changes become effective when we post the revised privacy notice on our Privacy Centre. This privacy notice was last updated as of the “Last updated” date shown above. If changes are significant, we will provide a more prominent notice to let you know what the changes are.
Our responsibility regarding websites that we do not own or control
Our GSK Pro Portal and other GSK portals and websites may contain links to websites or mobile applications we do not own or control. This privacy notice does not cover them. Please read the privacy notices on those websites and mobile applications if you would like to find out how they collect, use and share your personal information.
Messaging Apps Supplement
GSK has enabled messaging apps in Italy as an authorized corporate channel to expand the communication channels, to keep a close relationship with our HCPs and keep you informed and in contact with GSK, in an easier and friendly way. In making possible the operation of the messaging apps, we require to process the personal information that you have provided us before, in accordance with this Supplement, that explains what personal information we require and how we process it for using Messaging Apps.
What personal information do we collect/process about you when using Messaging App?
To operate a Messaging app as an official corporate communication platform, GSK requires to process:
- Your name (first name, last name);
- Mobile phone number;
- Business details and specialty;
- Your comments or reactions to the content or conversations, when you communicate with our Representatives using Instant Messaging app.
How do we obtain your personal information?
Directly from you when activating and using the instant messaging app, in particular when: (i) You created an account in GSKPro; or (ii) When you were visited by one of our Representatives and you accepted to share your information with us; or (iii) when you shared your contact details in our registration and engagements forms.
How do we use your personal information?
We use your personal information for the following purposes:
- Keeping interactions and managing the relationship between you and GSK, like coordinating face to face visits from our Representatives, or virtual interactions (visits/calls).
- Directing communications based on your specialty and interest.
- Monitoring the interactions between you and our Representatives for compliance purposes, in order to keep our communications and interactions with you under the limit of our principles and values (quality), and the regulatory obligations.
- Any other purpose set in the GSK HCP privacy notice, that is compatible with these purposes and achievable using a messaging app.
- Responding to and dealing with your queries or requests.
- Complying with any legal obligations, including the exercise and defence of GSK in case of a legal action or an investigation involving GSK.
- Creating and maintaining backups and copies of the information generated using the messaging app in the interactions with have with you, for preservation, compliance, internal management and security purposes.
On what basis do we use your personal information?
GSK uses your personal information on the basis of your consent. By using this instant messaging app to communicate or receive communications with us, you expressly ratify your consent to process your personal information for the purposes described above, including any transfer of your personal information outside of your country, as described below.
How long will we keep your personal information?
We will keep your personal information, no longer than required to fulfil the purposes described above. Communications will be retained, generally, no longer than 30 days.
With whom do we share your personal information?
We share your personal information, following the administrative and technical controls set by GSK, with the following third parties: (i) Our tech providers in charge of providing the technical infrastructure that help us to manage the messaging app channel. It includes our tech provider of the platform that supports the retention and monitoring of the conversations between you and our Representative, for compliance and regulatory purposes, and the messaging app by itself; (ii) our professional advisors and auditors, when required by a business necessity or in compliance with internal procedures (including audits) or regulations applicable to GSK; and (iii) regulators, governments and law enforcement authorities, when required.
Your rights in relation to the messaging app channel
For exercising your rights, including the withdrawal of your consent to be contacted by GSK using the messaging app, please let us know by sending a message in the messaging app to our Representative.
Messaging Apps: WhatsApp
WhatsApp is a messaging and communication application that is solely controlled by WhatsApp Inc.. GSK has no responsibility in relation to the terms of use or conditions set by WhatsApp Inc. in relation to the use of the messaging app or how WhatsApp Inc. processes your personal information collected with the use of the messaging app. We encourage you to carefully read WhatsApp Inc. policies and terms of use for WhatsApp.