GSK US Privacy Notice
This Privacy Notice sets out how GSK uses and protects any information that you give to us. We respect your privacy and are committed to protecting your personal information. This Privacy Notice explains how we collect, transfer, process, use and disclose your data and sets out our security practices.
GlaxoSmithKline is responsible for the personal information you share with us. When we say “GSK”, “we”, “us” or “our”, this is who we are referring to.
If anything in this Privacy Notice conflicts with local law in your jurisdiction, local law prevails.
We may change this Privacy Notice from time to time. We encourage you to review this Privacy Notice periodically.
We do not sell personal information and have not done so in the preceding 12 months.
California Residents. For questions specific to California residents, please follow the link below ”Choice and Access to personal information (including California residents)”
In this Privacy Notice, we explain:
· What personal information we collect about you;
· How we collect your personal information;
· How we use your personal information;
· How long we keep your personal information;
· With whom we share your personal information;
· In what instances we transfer your personal information outside of your home country;
· How we process information for individuals in the European Economic Area (EEA);
· How we protect your personal information;
· Choice and Access to personal information (including California residents) ;
· Our responsibility regarding websites that we do not own or control;
· How we update this Privacy Notice; and
What personal information do we collect about you?
The personal information that we collect, and process/or disclose may include, both currently and in the preceding 12 months:
Categories of PI Collected |
Applicable Categories of Individuals |
Name, Contact information and Unique Identifiers: Identifiers, such as a real name, alias, postal address, telephone number, unique personal identifier, online identifier, device ID, internet protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers as well as demographic information such as date of birth, place of birth, country of residence, income, family size etc. An individual’s written or digital signature.
|
Employees Candidates for employment Contractors Health Care Providers Clinical Trial Investigators, Site Staff and Participants Patients Customers Website Visitors Caregiver Authorized Representative |
Financial Information: Bank account number, credit or debit card number, credit reports, background checks or other financial information.
|
Employees Candidates for employment Contractors Health Care Providers Clinical Trial Investigators |
Medical Information: Any information in possession of or derived from yourself, a healthcare provider, healthcare insurer, healthcare service plan, pharmaceutical company, or contractor regarding an individual’s medical history, mental or physical condition, or treatment. This includes an individual’s insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in the individual’s application and claims history (including prescription information). |
Employees Candidates for employment Contractors Clinical Trial Participants Patients Customers Caregiver Authorized Representative |
Protected Characteristics: Characteristics of legally protected classifications such as race, gender, age, nationality, physical or mental disability, and religion.
|
Employees Candidates for employment Clinical Trial Participants Patients |
Purchase History and Tendencies: Information regarding products or services purchased, obtained, or considered.
|
Health Care Providers Patients Customers Website Visitors Caregiver Authorized Representative |
Biometric Information: Physiological, biological, or behavioral characteristics that can establish an individual’s identity, including DNA, face, iris or retina imagery, fingerprint, voice recordings and sleep, health, or exercise data that contain identifying information.
|
Employees Candidates for employment Contractors Clinical Trial Participants Patients Customers Website Visitors Caregiver Authorized Representative |
Network Activity: Internet or other electronic network activity information, such as browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement. Includes analytics evaluation, cookies. |
Employees Candidates for employment Contractors Health Care Providers Clinical Trial Investigators and Site Staff Patients Customers Website Visitors Caregiver Authorized Representative |
Geolocation Data: Precise geographic location information about a particular individual or device. |
Employees Candidates for employment Contractors Health Care Providers Patients Customers Website Visitors Caregiver Authorized Representative |
Electronic and Sensory Data: Audio, electronic, visual, or similar information (e.g., a recording of a customer service call or profile photograph).
|
Employees Candidates for employment Contractors Health Care Providers Clinical Trial Investigators, Site Staff and Participants Patients Customers Website Visitors Caregiver Authorized Representative |
Education and Professional Information: An individual’s academic information and records, licenses, professional or employment-related information and professional interactions with GSK
|
Employees Candidates for employment Contractors Health Care Providers Clinical Trial Investigators and Site Staff Website Visitors |
Inferences: Inferences drawn from any of the information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
|
Employees Candidates for employment Contractors Health Care Providers Clinical Trial Investigators, Site Staff and Participants Patients Customers Website Visitors Caregiver Authorized Representative Households |
How do we collect your personal information?
We and our service providers collect personal information in a variety of ways, including from:
- directly from you or an authorised representative;
- government entities;
- public records;
- research partners;
- data resellers;
- marketing vendors; and
- business service providers.
How do we use your personal information?
We use your personal information for the purposes we have described below in this Privacy Notice, or for purposes which are reasonably compatible with the ones described. We will not, use it for other purposes without your permission, unless we have a legal right or obligation to do so.
To manage our relationship with you.
We will use your personal information:
- To respond to your requests;
- To improve our level of service;
- To provide our products and services to you;
- To promote our products and services;
- To manage your account, if necessary;
- To provide you with information when you request it, or when we believe it may be of interest to you;
- To invite you to provide your views on our products and services, participate in research or attend events;
- To report any product adverse events that you notify us about;
- To consider your application for employment;
- To perform analytics and understand your preferences;
- To provide access where required to our sites and facilities.
- To gain insights and feedback on our products and services in order to correct or improve them, by analysing information from external sources such as Google, Facebook and Twitter (and others);
- For our own administrative and quality assurance purposes; and
- For other purposes that may be detailed on a website or mobile application which will be described at the time the information is collected.
To manage and improve our processes and our business operations.
We will use your personal information to:
- Manage our network and information systems security;
- Manage our workforce effectively; and
- Prepare and perform management reporting and analysis, including analytics and metrics.
To achieve other purposes.
We will use your personal information:To follow applicable laws and regulations;
- To respond to lawful requests from competent public authorities;
- To tell you about changes to our terms, conditions and policies;
- To exercise or defend GSK against potential, threatened or actual litigation;
- To protect GSK’s or your vital interests, or those of another person;
- To respond to and handle your queries or requests; and
- When we sell, assign or transfer all or part of our business.
Website and mobile application usage information
We also collect information about your computer browser type and operating system, websites you visited before and after visiting our websites, standard server log information, Internet Protocol (IP) addresses, location data, mobile phone service provider, and mobile phone operating system.
We use this information to understand how our visitors use our websites and mobile applications so that we can improve them, the services we offer, and our advertising. We may also share this information with other companies within the GSK group and with other third parties. Some of our websites use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to analyze use patterns and may collect information about your use of the website, including your IP address. More information on Google Analytics can be found here: www.google.com/policies/privacy/partners/. If you would like to opt-out of having your data used by Google Analytics, please use the Google Analytics opt-out available here: https://tools.google.com/dlpage/gaoptout/
Use of IP addresses
An IP address is a set of numbers that is automatically assigned to your computer whenever you log on to your Internet service provider or through your organization’s local area network (LAN) or wide area network (WAN). Web servers automatically identify your computer by the IP address assigned to it during your session online.
GSK, or third-party companies acting on our behalf, may collect IP addresses for the purposes of systems administration and to audit the use of our websites. We also may use IP addresses to identify users of our websites when we feel it is necessary to enforce compliance with the websites’ terms of use or to protect our service, websites or other users.
Cookies and Similar Technologies
Our websites and mobile applications may use technology called "cookies" and similar technologies. A cookie is a small text file that is placed on your hard disk by a server. Cookies and similar technologies allow our websites and mobile applications to respond to you and provide a more personalized experience.
The website or mobile application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. For instance, our server may set a cookie that keeps you from having to enter a password more than once during a visit to a website.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or receive a warning before a cookie is stored if you prefer. Please refer to your Internet browser’s instructions or help screen to learn more about these functions and to specify your cookie preferences, and note that your browser controls might not control other types of technologies. You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html.
If you choose to decline cookies, you may not be able to fully experience the interactive features of our websites or any other websites that you visit.
Do-Not-Track Signals and Similar Mechanisms
Some web browsers transmit "do-not-track" signals to websites. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.
Third-party advertising, links, and content
Our websites and mobile applications may from time to time provide links to or embed third party websites or content. Our advertising partners may collect information about your use of our websites and apps through cookies, web beacons, and similar technologies to display advertisements that are tailored to your interests on other websites and services. Some of these advertising partners may participate in an industry organization that offers users an opportunity to opt out of ad targeting. To learn more, including about how to opt out from interest-based advertising, please visit About Our Ads. You may download the AppChoices app at www.aboutads.info/appchoices to opt out in mobile apps. Due to the differences between using apps and websites on mobile devices, you also should check the settings for your apps and device to opt out.
We are not responsible for the privacy practices of these advertising partners, we do not exchange information with them for money or anything of value and this Privacy Policy does not apply to those websites. You agree that we are not responsible for the availability of such websites and do not review or endorse and shall not be liable, directly or indirectly, for:
- How these websites treat your personal information;
- The content of such websites; and
- The use that others make of these websites.
How long do we keep your personal information?
We will always keep your personal information for the period required by law and where we need to do so in connection with legal action or an investigation involving GSK. Otherwise, we keep your personal information:
We keep your personal information for as long as needed or permitted for the purpose(s) for which it was obtained and consistent with applicable law.
With whom do we share your personal information?
We share your personal information on a need to know basis, to the extent necessary to follow laws and regulations, and to manage the activities related to our relationship with you.
We share your personal information with teams in our GSK companies and affiliates who need to see it to do their jobs. Please see link for a list of our affiliates and their locations.
In some cases, our relationship with you is supported by specialized service providers working on our behalf. These service providers are contractually-required to protect your personal information and not to use it for their own purposes.
These specialized service providers include:
- advertising networks;
- internet service providers;
- data analytics providers;
- operating systems and platforms;
- social networks;
- joint marketing partners; and
- research partners.
We will also share your personal information with local or foreign regulators, or government and law enforcement authorities as necessary or appropriate, in particular when we have a legal obligation to do so. These may be in or outside your country of residence. We may also disclose your personal information for other legal reasons, such as to enforce our terms and conditions; and protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
We may share your personal information in connection with a sale or business transaction, such as a reorganization,
merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
In what instances do we transfer your personal information outside of your home country?
This website and Privacy Notice are intended only for individuals within the United States. However, GSK works all over the world. Therefore, we may need to transfer and use your personal information outside of the United States. We implement appropriate measures to protect your personal information when we transfer your personal information outside of your home country such as data transfer agreements that incorporate standard data protection clauses. The data privacy laws in the countries we transfer it to may not be the same as the laws in the United States. Law enforcement agencies, regulatory agencies, security authorities or courts in the countries we transfer your personal information to may have the right to see your personal information.
Additional information if you travel to the European Economic Area (EEA)
The European Commission recognizes that some countries outside the EEA have similar data protection standards. The full list of these countries is available here.
If we transfer your personal information to a country not on this list, we do so based on our Binding Corporate Rules (BCRs) and standard contract clauses adopted by the European Commission. These enable us to make international transfers of personal information within our group of companies and meet the data protection laws of the European Union and the General Data Protection Regulation (GDPR).
How do we protect your personal information?
GSK will take appropriate legal, organizational, and technical measures to protect your personal information consistent with applicable privacy and data security laws.
Unfortunately, the transmission of information via the Internet or a mobile phone network connection is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of the personal information you transmit to our websites or mobile applications: any transmission is at your own risk. While we cannot guarantee that loss, misuse or alteration to data will not occur, once we have received your information, we will employ appropriate technical security measures to help prevent such unfortunate occurrences.
What are your rights regarding your personal information?
If personal information you have provided us in the past is no longer correct, we have a process for working with you to update that information.
Also, some California residents have the right, or their authorized agent may request, at no charge, up to twice every 12 months that we:
- That we provide copies of your personal information directly to you. There are some exceptions, which means you may not always receive all the information we process;
- Correct information that is is inaccurate or incomplete; and
- Delete your personal information, subject to some exceptions.
You can find out how to get in touch with us to ask us to do any of the above, or to express a privacy concern, by looking at the ”Contact Information and Privacy point of contact” section. An authorized agent can also contact us regarding these rights. To designate an authorized agent to exercise your rights and choices on your behalf, please complete the webform below. You have a right not to receive discriminatory treatment from us for exercising applicable rights.
We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the personal information subject to the request. For your protection, and to protect the privacy of others, we may need to verify your identity before completing what you have asked us to do. We may need to request additional personal information from you, such as home address, email address and government issued ID, in order to protect against fraudulent or spoofed requests. If you want to make a request as an authorized agent on behalf of a California resident, you may use the submission methods noted in the ”Contact Information and Privacy point of contact” section. As part of our verification process, we may request that you provide us with proof that you have been authorized by the California resident on whose behalf you are making the request, which may include signed permission provided by such California resident.
In some circumstances if you ask for your personal information to be deleted, we may need to confirm which personal information you wish to be deleted if such deletion might impact your enrollment in any elligible patient assistance programs,
If you object to us using your personal information or withdraw permission for us to use your personal information, after initially giving it to us, we will respect your choice in line with applicable law. However, by objecting or withdrawing your permission, we may not be able to complete the activities described in the ‘How do we use your personal information’.
In the calendar year prior to the effective date of this Privacy Policy, we received 0 requests from eligible consumers for access or information about our information practices.
Our responsibility regarding websites that we do not own or control
From time to time, we may provide links to websites or mobile applications that are not allowed or controlled by us. Our Privacy Notice does not cover them. Please read the privacy notices on those websites and mobile applications if you would like to find out how they collect, use and share your personal information.
Information about children
Our services are not directed to children and we do not knowingly collect any personal information from minors under 16 years of age.
How we update this Privacy Notice?
From time to time, we will update this Privacy Notice. Any changes become effective when we post the revised Privacy Notice. This Privacy Notice was last updated as of the ”Last Updated” date shown above. If changes are significant, we will provide a more prominent notice to let you know what the changes are.
Contact Information and Privacy point of contact
If you have any questions about this Privacy Notice, need more information or would like to raise a privacy concern, please contact us at US.CPA@gsk.com.
If you want to correct the personal information we may have about you, or if you are a California resident and want to exercise applicable rights regarding your personal information, please contact us at:
Online:
Use our online webform available at: https://contactus.gsk.com/callback/irr.html
Telephone:
GSK Pharmaceutical and Vaccine products: 1.888.825.5249
GSK Consumer Healthcare Products: 1.800.245.1040