NNCI takes full responsibility for the management and confidentiality of personal information. Personal information is collected, used, shared and stored in accordance with the Personal Information Protection and Electronic Documents Act and all provincial privacy laws that apply to NNCI. NNCI also respects the privacy best practice principles contained in the Canadian Standards Association Model Code for the Protection of Personal Information, CAN/CSA-Q830-96.

NNCI has appointed a Privacy Officer who oversees compliance with privacy laws and best practices and whose contact information is provided below in Section 15. The Privacy Officer’s duties include:

• Developing and, on a regular basis, reviewing NNCI privacy policies and practices to ensure consistent implementation and compliance;
• Ensuring all staff are trained on privacy best practices and are aware of the importance of safeguarding any personal information that they are privy to;
• Ensuring that all inquiries and complaints relating to privacy are appropriately handled; and
• Ensuring all third parties to whom NNCI provides access to personal information adhere to appropriate standards of care in managing that information.

‘Personal information’ is any factual or subjective information, recorded or not, that can be used, either alone or in combination with other information, to identify an individual. This includes name, contact information, age, weight, occupation, lifestyle choices and any identifiable on-line activity. Any personal health information provided to NNCI such as health history or medications is sensitive personal information that we treat with extra care.

Aggregate or anonymized information that cannot be associated with a specific individual, such as clinical trial data, is not personal information, if it is, at all times, reasonably foreseeable in the circumstances that this information irreversibly no longer allows the individual to be identified directly or indirectly.

We collect limited personal information as is reasonable to offer and deliver our products or services, to respond to any other requests you may make and for other purposes described below under Section 5 and we do so with your consent or as otherwise authorized by law. We identify when information may be provided optionally and when it is necessary to service you. Depending on your interaction with us, we may collect the following categories of personal information:

• If you are a patient, we may collect information you provide when registering for a program, participating in a study, or if you contact us to ask a question or report an adverse event. Information we collect may include your name, email address, mailing address, phone number, gender, age range.
• If you are a healthcare professional, we may collect your name, contact information (which may include your email address, mailing address and phone number), specialty, prescribing habits, affiliated institution and other information about our interactions with you.
• If you are a website visitor, we may collect information related to your online activity through the use of cookies and similar technologies as detailed below in Section 11.

Personal information can be collected in several ways, including through on-line forms when you register for an NNCI program, or verbally on the telephone, for example if you provide your information to our Customer Care Department. When it is practical to do so, we will collect the information we need directly from you. In those instances where information is collected from a third party such as a family member or your doctor, we will obtain your consent (unless otherwise permitted or required by law) and your personal information will be respected in exactly the same way as if we collected it from you personally.

We collect, use and disclose your personal information with your consent, except as required or permitted by law. Your consent to the collection, use and disclosure of personal information may be express (that is, where you were asked specifically for your consent, whether verbally or in writing) or implied for non-sensitive information, when we can reasonably conclude that you’ve given consent by some action, or when it is obvious that you would consent if directly asked.

Note that there may be instances where the law permits the collection, use or disclosure of your personal information without your consent, for example in the context of fraud investigations, and where necessary to protect our legal interests or the safety of others. For example, we may be required to collect, use, disclose or store personal information without your consent to comply with other laws, an order of a court or other legal administrative tribunal, or to respond to an authorized inquiry of a government agency. In other contexts, your consent can be withdrawn at any time, subject to legal or contractual restrictions, by providing us with written notice by email at privacyofficercanada@novonordisk.com. Upon receipt of notice of withdrawal of consent, we will inform you of the likely consequences of withdrawing your consent before we process your request, which may include the inability of NNCI to provide you with certain information, products or services.

Where an individual is not capable of consenting to the collection, use or disclosure of his or her own personal information but you wish to provide us with that information, please ensure you are legally entitled to do so on behalf of that individual.

Personal information is collected and used by NNCI for one or more of the following specific purposes:

• Respond to your questions or concerns about our products or services;
• Assess your needs and administer questionnaires, feedback forms, contests or on-line health assessment tools;
• Establish, sponsor and provide you with access to our educational programs to raise awareness of a health condition and health management practices, as well as scientific and clinical developments;
• Respond to your inquiries regarding our clinical studies approved by Health Canada, and provide clinical evaluation packages to healthcare providers for feedback;
• Develop relationships with, understand interests of, and obtain opinions from healthcare professionals about our products or services as well as research and development programs;
• Notify patients and healthcare professionals of product-related matters, including product recalls;
• Verify your identity (for example when you apply for a certain benefit such as a discount or rebate);
• Follow up on, gather more information about, and investigate reports of adverse events or complaints relating to our products or services (please visit Report a side effect (novonordisk.com) for more information about data privacy as it relates to safety information);
• Improve our products and services/programs;
• Market and promote our products and services that we believe you would benefit from knowing about. We may also tailor our offerings to you based on your demographics or other information, with the objective of meeting your specific needs;
• Assess and manage risk, including detecting and preventing fraud or error;
• For internal and external audits;
• Meet legal and regulatory processes and requirements, or bring or defend against legal actions;
• For such other purposes for which you have provided your consent, or as otherwise permitted or required by law.

Your personal information is shared only to the extent required to provide you with our products and services, and to comply with legal requirements. We may disclose your personal information in the following circumstances:

• to advise Health Canada or other regulatory agencies of adverse drug reactions and other side effects in compliance with applicable laws;
• to your healthcare provider, at your request, whether to obtain certain medical information, to provide certain product information to your healthcare provider or to otherwise assist you in participating in our program offerings;
• to a court, administrative tribunal, governmental authority or other body authorized to compel the disclosure of your personal information, for the purpose of complying with legal requirements such as a statute, regulation, search warrant, subpoena, court or administrative order, or as otherwise required or permitted by law; 
• as required to reduce the risk of harm if the personal safety of any individual may be compromised; or
• to a third party in the context of the sale or transfer of our business or other transaction. We may decide to sell or transfer all or part of our business to a third party, merge with another entity, secure our assets or proceed with any other financing or other strategic capital transactions (including insolvency or bankruptcy proceedings), restructuring, share sale or other change in corporate control. We may share your personal information when required for the purposes of such a transaction.

In addition, personal information may be transferred or made accessible to NNCI’s subsidiaries, affiliates, agents and third-party service providers who assist us in carrying out our business and providing you with our products and services. These trusted entities have agreed to comply with strict privacy and confidentiality obligations. Such transfers of personal information for processing may occur in the context of product educational program registration, delivery and evaluation; sample or product order fulfillment; IT services and record archiving; and other business outsourcing arrangements. Only personal information that is required by the third party to provide the service in question will be transferred.

Please note that in the context of any of these disclosures or transfers of data, your personal information may be processed or stored outside of Canada. As a result, such information may be subject to the law of a foreign jurisdiction, including any law permitting or requiring disclosure of the information to law enforcement or national security authorities upon request, in order to comply with foreign laws. We take reasonable steps to ensure that any such third parties who we entrust with your personal information are reputable, and have safeguards in place to protect your information in accordance with all applicable laws.

NNCI acknowledges that a data security breach could result in potential harm to individuals whose personal information is entrusted to NNCI. Thus, we have implemented critical physical, organizational and technical measures to guard against unauthorized or unlawful access to the personal information we manage and store. We have also taken steps to avoid accidental loss or destruction of, or damage to, your personal information. While no system is completely secure, the measures implemented by NNCI significantly reduce the likelihood of a data security breach.

Here are some examples of the security controls, policies and practices we have in place to safeguard your personal information:

• Secure office premises;
• Locked filing cabinets and a secure shredding practice for paper records;
• The use of encryption, firewalls, anti-virus programs and robust authentication processes, including complex passwords, for access to electronic records;
• Internal policies and procedure that limit access to personal information by employees who need the information to perform their work-related duties;
• The use of sophisticated data centers with effective physical and logical data security controls;
• Initiatives to raise awareness amongst staff of their data protection responsibilities;
• A privacy framework governing the protection of personal information through its lifecycle. This framework defines the roles and responsibilities of our personnel, provides a process for dealing with complaints regarding the protection of the information, and addresses the retention and destruction of personal information;
• A designated Privacy Officer to monitor NNCI’s compliance with applicable privacy laws; and
• Regular reviews of privacy compliance and best practice initiatives.

In addition, we recommend that you do your part in protecting yourself from unauthorized access to your personal information. For example, never share your passwords with anyone. NNCI is not liable for any unauthorized access to your personal information that is beyond our reasonable control.

We make every effort to ensure that the personal information contained in records that we control or have custody over is accurate, complete and up-to-date for the purposes for which we collect it. You can make a written request for access to your personal information at any time, and also request that it be corrected if there are any inaccuracies.  You will need to provide as much information as you can to help us process your request and locate the information you require.

If you need assistance in preparing your access or correction request, please get in touch with our Privacy Office (see contact information at Section 15). As we take your privacy seriously, we will take reasonable steps to verify your identity before granting you access or making corrections, updates or deletions to your personal information. Upon your written request, NNCI will also inform you of how your personal information has been or is being used, and who your personal information has been shared with. If we have obtained information about you from other people, we will let you know who we got it from upon your request.

NNCI responds to access requests within 30 days, unless an extension of time is required. We may charge a reasonable fee to cover any expenses related to responding to your access request. Note that there may be contexts where access is refused or only partial information is provided, for example, in the context of an on-going investigation or where another individual’s personal information or identity must be protected.

NNCI retains personal information for as long as necessary to fulfill legal or business purposes and in accordance with the retention schedules of our parent company, Novo Nordisk A/S. Personal information that has been used to make a decision about an individual shall be retained long enough to allow the individual access to the information after the decision has been made.  NNCI is subject to specific legal requirements with respect to retention periods as well, for example, as outlined in regulations regarding clinical trials and adverse events.

Once your information is no longer required by NNCI to administer products or services and meet legal or regulatory requirements, it is securely destroyed, erased or made anonymous. Keep in mind however that residual information may remain in back-ups for a period of time after its destruction date.

NNCI takes privacy complaints very seriously and has a procedure in place for escalating and managing any privacy related concerns to ensure that they are responded to in a timely and effective manner. Any suspected privacy breach must be escalated internally to NNCI’s Privacy Officer who oversees the containment, investigation and corrective actions for the breach situation.

If you have any concerns about the collection, use and disclosure of your personal information, please get in touch with our Privacy Officer (see contact information at Section 15).

A cookie is a small text file containing a unique identification number that is installed by a website on a device’s local storage. NNCI websites use cookies and other web technologies for a variety of purposes in the course of administering its websites. NNCI uses both session cookies (used only during your visit and that expire when you close your browser) and persistent cookies (stored on your device for longer than your visit to our websites). Cookies used by NNCI collect certain information from your browser or mobile platform, including the date and time of your visit, your IP address or unique device identifier, browser type and other device information (such as your operating system version and mobile network provider), but do not contain identifiers such as your name or e-mail address.

NNCI installs first party cookies on devices that access its websites unless the browser used by the device has disabled the installation of cookies. The first party cookies NNCI installs ensure the website functions as intended, and in some circumstances are essential for NNCI to provide services requested by website visitors. For example, enabling first party cookies is required to log in to an NNCI program account, as certain cookies are used to support the log-in process and keep you logged in. Non-essential cookies are also used by NNCI to analyze and improve the performance of our websites, design and layout, and your overall on-line experience. For example, NNCI uses web analytics services, including Google Analytics, to understand the interests of our visitors and analyze traffic patterns. We make no effort to personally identify you based on your visit to our sites if you are not logged into your account. If you wish, you can make use of Google’s free Google Analytics Opt-Out Browser Add-On.

You can opt out of the installation of cookies, or delete cookies that were previously installed, by updating your settings in the browser you use to visit NNCI websites. Please note, however, that cookies allow for optimal functionality of NNCI websites. You can easily adjust your browser settings to notify you when you receive a cookie so you can choose whether or not to accept it; disable your browser from receiving cookies; or delete cookies through your browser. Please consult the Help Function of your browser for more information. Be aware however that some features and services on our website may not work properly if you refuse cookies.

NNCI’s use of social media serves as an extension of our presence on the Internet and helps us build a positive brand image as well as offer our customers personalized service. NNCI social media accounts are not hosted on NNCI’s servers. Please note that when you publicly post personal information on social media, it can be viewed by anyone who visits our platforms. Users who choose to interact with NNCI via social media, such as Twitter, should read the terms of service and privacy policies of these services/platforms.

Likewise, take precautions when posting information to chat rooms or other discussion forums because once posted, the information will be made public and cannot be easily removed from the Internet. This Privacy Policy does not cover information you post to social media, chat rooms or other discussion forums and how persons receiving your information will use that information.

We may offer links from our websites to the sites of third parties (including affiliated organizations), that may be of interest to you. Since these sites are not owned or controlled by us, NNCI makes no representations as to such third parties’ privacy practices and we recommend that you review their privacy policies before providing your personal information to any such third parties.

We may change this Privacy Policy from time to time in order to better reflect our current personal information handling practices. Thus, we encourage you to review this document frequently. The “Last Updated” date at the top of this Privacy Policy indicates when changes to this policy were published and are thus in force. If we make any significant changes to the Privacy Policy, we will post a notice on our websites and mobile apps or contact you to inform you when required by law. Your continued use of NNCI products and services following the posting of any changes to this Privacy Policy means you accept such changes, subject to any additional requirements that may apply.

If you have any inquires, concerns or complaints regarding how we handle your personal information or if you want to exercise your privacy rights, please contact us at the following address:

Privacy Officer
Novo Nordisk Canada Inc.
101 – 2476 Argentia Rd.
Mississauga, Ontario
Canada L5N 6M1
Tel: 1-800-465-4334
Email: privacyofficercanada@novonordisk.com

Your concerns will receive prompt attention. Our Privacy Office can also provide you with more detailed information about NNCI’s policies and practices. Keep in mind, however, that e-mail or text messaging are not secure forms of communication, so never send confidential personal information to us this way.

Thank you for your continued trust in Novo Nordisk Canada.