GlaxoSmithKline Inc. (“GSK”) is committed to the protection of the personal information of individuals with whom it comes into contact. Accordingly, GSK adheres to the principles set out below (the “Privacy Principles”). The Privacy Principles are based on the principles set out in Schedule 1 of the Personal Information Protection and Electronic Documents Act (Canada). “Personal Information”, as used in this Code, means information about an identifiable individual, but does not include the name, title or business address or telephone of an employee of an organization.
GSK is responsible for the personal information under its control and has designated an individual as its Privacy Officer who shall be accountable for the organization's compliance with the following principles
- Maintaining a record of medical queries, requests for information, complaints and adverse event reports relating to GSK products and reporting these to relevant regulatory bodies, related companies or other companies which market the same product as may be required or prudent;
- Administering disease awareness/management programs or other similar programs organized by GSK;
- Notifying you of matters that GSK may be required by law to notify you of (eg., product recalls);
- Developing, implementing, marketing and managing GSK's products;
- In the case of Healthcare Professionals:
- Sending you material on and contacting you regarding GSK's activities and products or developments in pharmaceutical treatments which may be of interest to you and tailoring marketing services to suit your needs;
- Supplying you with clinical evaluation packages of GSK products;
- Administering clinical trials or other research organized by GSK and which you agree to participate in or be involved with;
- Identifying, developing and administering continuing education programs, conferences, symposia, expert panels, seminars or other meetings or events organized by GSK;
- Establishing and maintaining customer relationships, including: managing, planning and arranging meetings between you and GSK sales representatives;
- Monitoring and reviewing GSK's compliance with relevant codes of conduct in its dealings with you.
- Third parties we use in the ordinary course of our business, such as for conference organizing, marketing, data processing and associated printing and mailing;
- Companies related to GSK for the same kinds of purposes as listed above;
- Such third parties as otherwise permitted or required by law.
Accountability rests with the Legal Counsel, Compliance and Chief Privacy Officer of GSK, even though other individuals with the organization may be responsible for the day-to-day collection and processing of personal information. In addition, other individuals may be delegated to act on behalf of the designated individual.1.2
GSK shall make known, upon request, the identity, title and contact information of the person designated to oversee GSK's compliance with its policy.1.3
GSK is responsible for personal information in its possession or control. As such, GSK will use appropriate means to ensure that all existing and future contracts ensure a level of privacy protection equal to GSK's policies when information is being processed by third parties.1.4
GSK shall implement policies and practices to give effect to these principles, including:(a)
the implementation of procedures to protect personal information;(b)
the establishment of procedures to quickly receive and respond to complaints and inquiries;(c)
training and communicating to staff about GSK's policies and practices; and(d)
developing information to explain GSK's policies and practices.
Accountability rests with the Legal Counsel, Compliance and Chief Privacy Officer of GSK, even though other individuals with the organization may be responsible for the day-to-day collection and processing of personal information. In addition, other individuals may be delegated to act on behalf of the designated individual.
If we plan to use Personal Information we have collected for a purpose not previously identified, we will identify and document this purpose before such use.2.3
GSK will make reasonable efforts to specify the identified purpose, orally or in writing, to the individual from whom the information is collected either at the time of collection or after collection but before use.
The way in which we seek consent, including whether it is express or implied consent, may vary depending on the sensitivity of the information and the reasonable expectations of the individual. An individual may withdraw consent at any time, subject to legal and contractual restrictions and reasonable notice.3.2
GSK will typically seek consent for the use or disclosure of personal information at the time of collection, but in certain circumstances consent may be sought after collection but before use.3.3
GSK will only ask individuals to consent to the collection, use or disclosure of personal information as a condition of the supply or purchase of a product, if such use, collection or disclosure is required to fulfil an identified purpose.3.4
In certain circumstances, as permitted or required by law, we may collect, use or disclose personal information without the knowledge and consent of the individual. These circumstances include: Personal Information which is subject to solicitor-client privilege or is publicly available as defined by regulation; where collection or use is clearly in the interests of the individual and consent cannot be obtained in a time way; to investigate a breach of agreement of a contravention of the law; to act in respect to an emergency that threatens the life, health or security of an individual; for debt collection; or to comply with a subpoena, warrant or court order.
GSK will not disclose personal information about you to any person except in the following circumstances, and then only that information which is necessary.
GSK shall retain personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. In some circumstances where personal information has been utilized to make a decision about an individual, GSK shall retain that personal information for a period of time that is reasonably sufficient to allow for access by the individual.5.3
Personal information that is no longer required to fulfil an identified purpose shall be erased, destroyed or made anonymous.
Personal information used by GSK shall be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about an individual.6.2
GSK shall not routinely update personal information about individuals, but only as and when necessary to fulfil identified purposes.
GSK shall protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. GSK shall protect personal information regardless of the format in which it was held.7.2
Nature of the safeguards taken:(a)
physical measures - building security, lock boxes, etc.;(b)
organizational measures - “need to know” basis; and(c)
technological measures - use of encryption and passwords7.3
GSK shall make its employees aware of the importance of maintaining the confidentiality of personal information by signing a Secrecy Document as a precondition of employment.
GSK shall make information regarding its policies and practices available in a form that is generally understandable, including:(a)
how to gain access to personal information held by GSK;(b)
the type of personal information held by GSK, including a general account of its use;(c)
personal information available to related organizations (affiliates).; and(d)
how to contact our Privacy Officer.
GSK will respond to an individual's written request for information within a reasonable period of time. We may require an individual to provide sufficient information to permit us to provide an account of the existence, use and disclosure of Personal Information. This information shall be provided in an understandable, timely and low-cost manner from the perspective of the individual.9.2
Should an individual successfully demonstrate any inaccuracy or incompleteness in the records, GSK will make the appropriate amendments to the information. When a challenge is not resolved to the satisfaction of the individual, a statement of disagreement shall be attached to the individual's records. When appropriate, the existence of the unresolved challenge shall be transmitted to third parties having access to the information in question.9.3
In certain situations, GSK may not be able to provide access to all the personal information it holds about an individual. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege. The reasons for denying access shall be provided by GSK upon request.
GSK will investigate all complaints. If a complaint is found to be justified, GSK will take appropriate measures, including, if necessary, amending its policies and practices.
How to contact the Privacy Officer:
Access request, inquiries or complaints should be addressed in writing to:
7333 Mississauga Road