GSK general privacy notice
Sri Lanka
Last Updated: August 1, 2020
This privacy notice is intended for:
- users of GSK products and services (excluding research subjects);
- visitors to GSK and GSK-owned websites;
- users of GSK systems and applications;
- members of the general public who are interested in contacting or are being contacted by GSK; and
- any individual who has received this notice and to whom the other notices in this Privacy Centre do not apply.
We understand that privacy is important to you. We are committed to treating your personal information with care and integrity.
Our privacy notice tells you what personal information we collect and how we collect it. It explains what we use your personal information for and how we protect your personal information and keep it safe. This privacy notice explains our general practices. However, where local laws or regulations require that we process information differently, or refrain from such processing, we will always comply with the applicable local law.
GlaxoSmithKline values your privacy. When we say “GSK”, “we”, “us” or “our”, this is who we are referring to.
Personal information means any information or piece of information which could identify you either directly (e.g. your name) or indirectly (e.g. a unique ID number).
In this privacy notice, we explain:
- Who is the controller of your personal information?
- Contact information and your privacy point of contact
- What personal information do we collect about you?
- How do we collect your personal information?
- How do we use your personal information?
- Why are we allowed to collect and use your personal information?
- How do we protect your personal information?
- What are your rights regarding your personal information?
- How long do we keep your personal information?
- With whom do we share your personal information?
- In what instances do we transfer your personal information outside of your home country?
- Additional information if you are in the European Economic Area (EEA)
- Cookies, Website and Application Data; Use for Analytics and Marketing
- Information about children
- How we update this privacy notice?
- Our responsibility regarding websites that we do not own or control
Who is the controller of your personal information?
GSK Services Unlimited, together with the local GSK company which has a relationship with you, are the controllers of your personal information. For more information on the relevant local GSK company, click here where you can also find the contact details of the Data Protection Officer (if applicable) for your country.
Contact information and your privacy point of contact
If you want to exercise your rights, have any questions about this privacy notice, need more information or would like to raise a concern, each local privacy point of contact’s details can be found here.
What personal information do we collect about you?
The personal information we collect, and process, may include:
- Basic information – your name, surname (including prefix or title), alias, gender, age or date of birth, as well as your preferred language. Similar information about children may also be collected in very limited circumstances, see ‘Information about children’ for more information;
- Contact information – information that enables us to contact you, e.g. your personal or business email, mailing address, telephone numbers and profile on a social media platform;
- Technical and network activity information – information about your device and your usage of our websites, apps and systems, including your IP address, device ID, hardware model and version, mobile network information, operating system and other online identifiers, type of browser, browsing history, search history, access time, pages viewed, URLs clicked on, forms submitted, and physical location;
- Financial information – your bank details, including account name, account number and sort code;
- Product use – data related to your use of our products (including feedback), your purchase history and preferences, your interactions with us, your preferred method of communications with us, and services you may use;
- Health information – your health status, health conditions you are experiencing and health information inferred from information that you have provided to us; and
- Audio visual – photos, videos and voice recordings of you.
You can choose not to give us personal information when we ask you for it. If you decide not to give us your personal information, it may restrict our relationship with you. For example, we may not be able to provide you with the services that you have requested.
How do we collect your personal information?
Directly from you when you:
- Create an account and profile on one of our websites, or apps;
- Register with us to use GSK’s authentication services;
- Use your company’s sign on or other third-party authentication service (for example Microsoft, Google log in page) to gain access to our systems or apps.
- Use our websites, apps and systems;
- Share or use your social media profile to contact GSK;
- Sign up with us to receive promotional material;
- Enter a contest or competition organised by GSK;
- Engage with one of our sales representatives;
- Get in touch for support or to provide feedback;
- Attend an online event such as a webcast;
- Respond to any surveys that you may choose to participate in;
- Share adverse events or medical information enquiries with us; and
- Attend offline meetings, such as advisory boards or conferences.
From other sources:
- Publicly accessible sources;
- Joint marketing partners;
- Marketing vendors;
- Healthcare provider directories;
- Events management agencies;
- Social media platforms; and
- When you talk about us online, like when you mention a GSK product in a Tweet.
If you connect your social media account to our websites, or apps, you will share certain personal information from your social media account with us. This may include your name, email address, photo, list of social media contacts, and any other information you make accessible to us when you connect your social media account to our websites, or apps.
We also combine information about you from various sources, including the information you provide to us and personal information, which is collected during your relationship with us.
How do we use your personal information?
We use your personal information for the purposes we have described below in this privacy notice, or for purposes which are reasonably compatible to the ones described.
To manage our relationship with you.
We will use your personal information to:
- Provide our products and services to you;
- Provide you with a prize if you enter a prize draw or competition;
- Provide online services such as webcasts, employment opportunities and financial results;
- Manage your account on our websites, and apps;
- Identify you and authenticate your access rights access to our websites, systems and apps;
- To respond to your queries and provide you with information when you request it or when we believe our products and services may be of interest to you. If we intend to share electronic marketing with you, we will ask for your consent where required and you can opt out at any time;
- Invite you to provide feedback, participate in research, surveys or attend events;
- Personalise your experience when interacting with GSK;
- Report the adverse events you notify us about; and
- Perform analytics, market research and segmentation to understand your preferences, improve our products and services and our communications to you.
To manage and improve our processes and our business operations.
We will use your personal information to:
- Manage our network and information systems security;
- Manage our workforce effectively;
- Respond to reports you make of a possible side effect associated with one of our products and to monitor the safety of our products;
- Keep records related to our relationship with healthcare professionals;
- Perform data analyses, auditing and research to help us deliver and improve our GSK digital platforms, content and services;
- Monitor and analyse trends, usage and activities in connection with our products and services to understand which parts of our products and services are of the most interest and to improve them accordingly; and
- Prepare and perform management reporting and analysis, including analytics and metrics.
To achieve other purposes.
We will use your personal information:
- To follow applicable laws and regulations;
- To respond to requests from competent public authorities;
- To tell you about changes to our terms, conditions and policies;
- To exercise or defend GSK against potential, threatened or actual litigation;
- To investigate and take action against illegal or harmful behaviour of users.
- To protect GSK, your vital interests, or those of another person;
- To gain insights and feedback on our products and services in order to correct or improve them, by analysing information from external sources such as Google, Facebook and Twitter (and others);
- To deliver services to you via your smart device and our mobile apps; and
- When we sell, assign or transfer all or part of our business.
Why are we allowed to collect and use your personal information?
We can collect and use your personal information when one of the following applies:
- To take steps before entering into a contract or perform a contract;
- To follow the law, for example:
- Record-keeping regulatory monitoring and reporting obligations, including those related to adverse events, product complaints and product safety; and
- Complying with anti-corruption and transparency obligations;
- You have specifically given us your permission when such permission is obligatory (the law calls it “consent”). You can withdraw your consent at any time. We will normally need your consent in the following circumstances:
- Placing cookies on your device to find out how you use our websites so we can personalise what you see by tailoring content and notifications to the things you are interested in;
- Certain situations where you share sensitive information about yourself, such as your health;
- Before we send you certain electronic marketing communications; and
- In any other situation where personal information processing relies upon your consent.
- We need to use your personal information for legitimate business purposes, for example, to enable us to run our business successfully. These include:
- Sending direct marketing materials to you (you will always have the right to opt out of marketing and promotional communications);
- Conducting audits and internal investigations and complying with internal policies on anti-bribery and conflict of interest;
- Managing our IT and communications systems and networks;
- Planning and improving our business activities;
- Conducting training and gathering feedback for ensuring quality control;
- Protecting our rights, privacy, safety or property, and/or that of our affiliates, you or others;
- To provide the functionality of the services we provide you, which includes arranging access to your registered account, and providing you with related customer service;
- Verifying your eligibility to access certain products, services and data that may be provided only to licensed healthcare professionals or otherwise conducting background checks to ensure we are not precluded from working with you;
- Analysing or predicting your preferences to identify aggregated trends to develop, improve or modify our products, services and business activities;
- Interacting with you through online digital advisory forums and allowing you to send messages to another person if you choose to do so;
- Responding to and handling your queries or requests, including requests for samples;
- Sending administrative information to you, such as changes to our terms, conditions and policies;
- Completing your transactions and providing you with related customer service; and
- Reaching out to you to provide information about our products or request input on surveys relating to our products or services;
- For the establishment, exercise or defence of legal claims or proceedings;
- To protect your vital interests or those of others; and
- Because it is necessary for reasons of substantial public interest, on the basis of applicable laws.
How do we protect your personal information?
We want to make sure your personal information is not shared with or used by those not allowed to see it. We use a variety of security measures and technologies to help protect your personal information.
We carefully choose service providers to work with, and check they have security measures and technologies in place to protect your personal information.
However, there are no guarantees that a data transmission or storage system is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us using the details at the ‘Contact information and your privacy point of contact’ section.
What are your rights regarding your personal information?
You have rights we need to make you aware of. The rights available to you depend on our reason for processing your personal information and the local law in your jurisdiction, and there are exceptions to some rights. Depending on this you may have the right to:
- Withdraw your consent to us processing your personal information for direct marketing purposes;
- Ask GSK about the processing of your personal information including to be provided with copies of your personal information;
- Ask us to correct information you think is inaccurate or incomplete;
- Ask us to delete your personal information;
- Ask us to restrict the processing of your information;
- Object to our processing of your personal information;
- Ask that we transfer information you have given us from one organisation to another, or to give it to you; and
- Complain to your local data protection authority.
You can find out how to get in touch with us to ask us to do any of the above by looking at the ‘Contact information and your privacy point of contact’ section.
For your protection, and to protect the privacy of others, we may need to verify your identity before completing what you have asked us to do.
Where we have relied upon your permission to use your personal information, and you later withdraw that permission, we may not be able to complete some of the activities described in ‘How do we use your personal information’.
How long do we keep your personal information?
In some jurisdictions, we are legally required to keep your personal information for certain periods. How long depends on the specific legal requirements of the jurisdiction you are in when you share your information with us.
We will always keep your personal information for the period required by law and where we need to do so in connection with legal action or an investigation involving GSK. Otherwise, we will keep your personal information for as long as we have a relationship with you, in order to respond or process a question or request from you or if we have sent you a product sample.
With whom do we share your personal information?
We share your personal information on a need to know basis, and to the extent necessary to follow laws and regulations, and in the context of managing our relationship with you.
We share your personal information only with teams in our GSK companies and affiliates who need to see it to do their jobs. Please see this link for a list of our affiliates and their locations.
In some countries, our relationship with you is managed for us by specialised service providers. We will share your personal information with their people and teams who need to see it as part of their job.
We will also share your personal information with other entities, for example:
- Event agencies;
- Marketing agencies;
- Employment and recruitment agencies;
- Technology suppliers who work with us to develop and improve our websites, digital forums and apps;
- Media services providers who work with us;
- Any entity who may acquire us or part of our business or brands;
- Suppliers managing adverse event reports;
- Local or foreign regulators, courts, governments and law enforcement authorities; and
- Professional advisors, such as auditors, accountants and lawyers.
In what instances do we transfer your personal information outside of your home country?
We work all over the world. Therefore, we may need to transfer and use your personal information outside of the country where we collect it from you. We implement appropriate measures to protect your personal information when we transfer your personal information outside of your home country such as data transfer agreements that incorporate standard data protection clauses. The data privacy laws in the countries we transfer it to may not be the same as the laws in your home country. Law enforcement agencies, regulatory agencies, security authorities or courts in the countries we transfer your personal information to may have the right to see your personal information.
Additional information if you are based in the European Economic Area (EEA)
The European Commission recognises that some countries outside the EEA have similar data protection standards. The full list of these countries is available here.
If we transfer your personal information to a country not on this list, we do so based on standard contract clauses adopted by the European Commission. These enable us to make international transfers of personal information within our group of companies and meet the data protection laws of the European Union and the General Data Protection Regulation (GDPR).
Information about children
Whilst our services are not ordinarily directed to children, occasionally we may collect your child’s data, for example, when they enter a competition with one of our brands. We will only ever do this with your consent. Please see ‘What personal information we collect about you’ for more information.
Cookies, Website and Application Data; Use for Analytics and Marketing
Our websites may use cookies and similar technologies. You can choose to accept or decline cookies. If you choose to decline cookies, not all elements of our websites, apps and services may function as intended, so your experience may be affected.
To the extent that your local laws consider the information collected by cookies and other technologies as personal information, we will treat that information to the standards set out in this privacy notice.
We collect information about your computer browser type and operating system, websites you visited before and after visiting our websites, standard server log information, Internet Protocol (IP) addresses, location data, mobile phone service provider, and mobile phone operating system. We use this information to understand how our visitors use our websites and mobile applications so that we can improve them, the services we offer, and our advertising. We may also share this information with other companies within the GSK group and with other third parties. Some of our websites use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to analyse use patterns and may collect information about your use of the website, including your IP address. More information on Google Analytics can be found here. If you would like to opt-out of having your data used by Google Analytics, you can opt out here.
We also use remarketing services offered by our advertising partners to personalise advertisements for visitors to sites of their advertising networks (i.e. websites other than GSK’s). On these pages, you may be shown advertisements that refer to your interactions with GSK previously. To turn off personalisation for advertisements served by Google click here. To turn off personalisation for advertisements served by Facebook click here. Many companies that display interest-based advertising are members of the Network Advertising Initiative ("NAI"), the Digital Advertising Alliance ("DAA") or the European Interactive Digital Advertising Alliance (“EDAA”). To opt-out of interest-based advertising by members of these initiatives, you can visit their websites at https://optout.networkadvertising.org, https://optout.aboutads.info and https://www.youronlinechoices.com.
We may use the data you share with us to make decisions about your interests and preferences so we can make the marketing materials we send you more relevant. We may also combine the information we hold about you with data about your interests or demographics that third parties have collected from you online and offline, to make your experience more personalised and further tailor our marketing materials. You have certain rights in relation to this – please see 'What are your rights regarding your personal information?' above for further information.
We use Facebook custom audience tools. This allows us to provide personalised advertising to you when you use Facebook’s platforms by matching the email address we hold for you with the email address Facebook holds for you, to show you the most relevant GSK advertisements. We only do this where you have given us consent. Sometimes we may also use information about you to build lookalike models. This allows us to generate similar audiences of prospective customers (who may have similar interests or demographics to you) through advertising platforms like Facebook or Google, based on data that the advertising platform holds about other people. Usually this means sharing your email address with our advertising partners. If you wish to opt out of similar audiences in Google, you can do so here.
How do we update this Privacy Notice
From time to time, we will update this Privacy Notice. Any changes become effective when we post the revised Privacy Notice on our Privacy Centre. This Privacy Notice was last updated as of the “Last Updated” date shown above. If changes are significant, we will provide a more prominent notice to let you know what the changes are.
Our responsibility regarding websites that we do not own or control.
Our websites and applications may contain links to websites or mobile applications we do not own or control. Our Privacy Notice does not cover them. Please read the privacy notices on those websites and mobile applications if you would like to find out how they collect, use and share your personal information.