Effective: September 1, 2021
Part I – Key information
AAA Canada is processing personal information about you when you are visiting our website. Lutathera.ca is a PAAB-approved Canadian website in English and French for Canadian HCPs to access information about Lutathera, the Lutathera efficacy data and safety profile and the use of Lutathera in Clinical Practice.
Specific Personal Data to be collected
We do not collect any specific personal data about you:
Specific purposes for which we require your Personal Data
We do not collect specific personal data about you, other than data collected for standard purposes such as measuring the usage of our website as set out in Part II below, any other collection purpose would need to be imposed by law and authorities.
Specific third parties with whom we share your Personal Data
If applicable, we may disclose your personal data to a third party if we are required to do so because of applicable law, and requests from public and government authorities (including court order, subpoena, or governmental regulation).
Please note that we may also have to share your data with a number of other recipients (e.g. another entity of the Novartis Group if the entity collecting the data is not the same as the one using it) but always under strict conditions, as further explained in Part II.
Duration of storage
Cookies and other similar technologies
Please note that we rely on the usual cookies and other technologies for the standard purposes set out in Part II below (e.g. to ensure the proper functioning of our website or app).
Dedicated point of contact
Should you have any questions in relation to the processing of your personal data in the above context, please contact 2810 Matheson Boulevard East – Suite 700, Mississauga, Ontario, L4W 4X7 Canada.
Part II – General Information
1. On what basis do we use your Personal Data?
We will not process your personal data if we do not have a proper justification foreseen in the law for that purpose. Therefore, we will only process your personal data, if we have obtained your prior consent or, as permitted if the processing is necessary to comply with our legal or regulatory obligations.
2. Who has access to your Personal Data and to whom are they transferred?
- our personnel (including personnel, departments or other companies of the Novartis group);
- our other suppliers and services providers that provide products and services to us;
- our IT systems providers, cloud service providers, database providers and consultants;
- our business partners who offer products or services jointly with us;
- any third party to whom we assign or novate any of our rights or obligations;
- our advisors and external lawyers in the context of the sale or transfer of any part of our business or its assets.
The above third parties are contractually obliged to protect the confidentiality and security of your personal data, in compliance with applicable law.
Your personal data can also be accessed by or transferred to any national and/or international regulatory, enforcement, public body or court, where we are required to do so by applicable law or regulation or at their request.
The personal data we collect from you may also be processed, accessed or stored in a country outside the country where AAA Canada is located, which may not offer the same level of protection of personal information.
If we transfer your personal data to external companies in other jurisdictions, we will make sure to protect your personal data by (i) applying the level of protection required under the local data protection/privacy laws applicable to AAA Canada, (ii) acting in accordance with our policies and standards. You may request additional information in relation to international transfers of personal data and obtain a copy of the adequate safeguard put in place by exercising your rights as set out in Section 6 below.
For intra-group transfers of personal data, the Novartis Group has adopted Binding Corporate Rules, a system of principles, rules and tools, provided by European law, in an effort to ensure effective levels of data protection relating to transfers of personal data outside the EEA and Switzerland. Read more about the Novartis Binding Corporate Rules by clicking here https://www.novartis.com/privacy-policy/novartis-binding-corporate-rules-bcr.
3. How do we protect your Personal Data?
We have implemented appropriate technical and organizational measures to provide an adequate level of security and confidentiality to your personal data.
These measures take into account:
(i) the state of the art of the technology
(ii) the costs of its implementation;
(iii) the nature of the data; and
(iv) the risk of the processing.
The purpose thereof is to protect it against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and against other unlawful forms of processing.
Moreover, when handling your personal data, we comply with the following obligations:
- we only collect and process personal data which is adequate, relevant and not excessive, as required to meet the above purposes;
- we ensure that your personal data remains up to date and accurate (for the latter, we may request you to confirm the personal data we hold about you and you are also invited to spontaneously inform us whenever there is a change in your personal circumstances so we can ensure your personal data is kept up-to-date); and
- we may process any sensitive data about yourself you voluntary provide in compliance with applicable data protection rules and strictly as required for the relevant purposes listed above, the data being accessed and processed solely by the relevant personnel, under the responsibility of one of our representatives who is subject to an obligation of professional secrecy or confidentiality.
4. How long do we store your personal information?
We will only retain your personal information for as long as necessary to fulfil the purpose for which it was collected or to comply with legal or regulatory requirements.
- user interface customization cookies (i.e. cookies memorizing your preferences);
- authentication cookies (i.e. cookies allowing you to leave and return to our websites without having to re-authenticate yourself);
- video player cookies (i.e. cookies storing data needed to playback video or audio content and storing your preferences);
- first-party analytics cookies (i.e. cookies memorizing the pages you visited and providing information about your interaction with those pages); and
- third-party analytics cookies (i.e. cookies from third-party suppliers tracking our website’s statistics and vice versa).
For more information on how to manage cookies on your device, please consult the Help function of your browser or visit www.aboutcookies.org, which contains comprehensive information on how to do so on a wide variety of browsers (the link is external).
5.2 Other technologies
We may also use other technologies on our websites and apps to collect and process your personal data for the same purposes as set out above, including:
- Internet tags (such as action tags, single-pixel GIFs, clear GIFs, invisible GIFs and 1-by-1 GIFs, which are technologies allowing us to track users’ hits); and
- Adobe Flash technology (including Flash Local Shared Objects, unless you set your setting otherwise).
6. What are your rights and how can you exercise them?
You may exercise the following rights under the conditions and within the limits set forth in the law:
- the right to access your personal data as processed by us and, if you believe that any information relating to you is incorrect, obsolete or incomplete, to request its correction or updating;
- the right to withdraw your consent at any time, without affecting the lawfulness of the processing before such withdrawal;
Please note however that, in certain circumstances, your refusal to accept cookies or your browser settings may affect your browsing experience and prevent you from using certain features on our websites or apps.
If you have a question or want to exercise the above rights, you may write to Privacy Officer, Advanced Accelerator Applications Canada Inc., 2810 Matheson Boulevard East – Suite 700, Mississauga, Ontario, L4W 4X7 Canada.
7 What technical and transactional data may we collect about you?
7.1 Categories of technical and transactional data
- information regarding your browser and device (e.g. internet service provider’s domain, browser’s type and version, operating system and platform, screen resolution, device manufacturer and model);
- statistics in relation to your use of our website and our app (e.g. information regarding the pages visited, information researched, time spent on our website);
- usage data (i.e. date and time of access of our website and app, files downloaded);
- your device’s location when using our app (unless you disable this function by changing your device’s settings); and
- more generally, any information you provide to us when using our website and app.
Please note that we will not knowingly collect, use or disclose personal data from a minor without obtaining prior consent from a parent or legal guardian.
7.2 Why are we collecting technical and transactional data?
- manage our users (e.g. registration, account management, answer questions and provide technical support);
- manage and improve our website and apps (e.g. diagnose server problems, optimize traffic, integrate and optimize web pages where appropriate);
- measure the usage of our website and apps (e.g. by drawing up statistics about the traffic, by gathering information regarding the users’ behaviour and the pages they visit);
- improve and personalize your experience and better tailor content to you (e.g. by remembering your selections and preferences, by using cookies);
- send you personalized location-based services and content;
- improve the quality of our products and services and expand our business activities;
- monitor and prevent fraud, infringement and other potential misuses of our website and app;
- reply to an official request from a public or judicial authority with the necessary authorization;
- manage our IT resources, including infrastructure management and business continuity;
- preserve the company’s economic interests and ensure compliance and reporting (such as complying with our policies and local legal requirements, tax and deductions, managing alleged cases of misconduct fraud, conducting audits, defending litigation);
- archiving and record-keeping; and
- any other purposes imposed by law and authorities