At Novo Nordisk Canada Inc. (“NNCI”), your privacy is of great importance to us. NNCI is dedicated to the protection of the personal information of patients, participants in clinical studies, customers, visitors to our websites, healthcare professionals and other individuals with whom we interact.
NNCI takes full responsibility for the management and confidentiality of personal information. Personal information is collected, used, shared and stored in accordance with the Personal Information Protection and Electronic Documents Act, S.C. 2000, c.5 and all applicable provincial privacy laws that apply to NNCI. NNCI also respects the privacy best practice principles contained in the Canadian Standards Association Model Code for the Protection of Personal Information, CAN/CSA-Q830-96.
NNCI has appointed a Privacy Officer who oversees compliance with privacy laws and best practice. The Privacy Officer’s duties include:
‘Personal information’ is any factual or subjective information, recorded or not, about an identifiable individual. This includes name, contact information, age, weight, occupation, lifestyle choices and any identifiable on-line activity. Any personal health information provided to NNCI such as health history or medications is sensitive personal information that we treat with extra care.
Aggregate or de-identified information that cannot be associated with a specific individual, such as clinical trial data, is not personal information.
Personal information can be collected in several ways, including through on-line forms when you register for an NNCI program, or verbally on the telephone, for example if you provide your information to our Customer Care Department. We collect limited personal information as is reasonable to offer and deliver our products or services, and we do so with your consent or as otherwise authorized by law. We identify when information may be provided optionally and when it is necessary in order to service you.
When it is practical to do so, we will collect the information we
need directly from you. In those instanced where information is
collected from a third party such as a family member or your doctor,
your personal information will be respected in exactly the same way as
if we collected it from you personally.
We collect, use and disclose your personal information with your consent, except as required or permitted by law. Your consent to the collection, use and disclosure of personal information may be express (that is, where you were asked specifically for your consent, whether verbally or in writing) or implied for non-sensitive information, when we can reasonably conclude that you’ve given consent by some action, or when it is obvious that you would consent if directly asked.
Note that there may be instances where the law permits the collection, use or disclosure of your personal information without your consent, for example in the context of fraud investigations, and where necessary to protect our legal interests or the safety of others. For example, we may be required to collect, use, disclosure or store personal information without your consent to comply with other laws, an order of a court or other legal administrative tribunal, or to respond to an authorized inquiry of a government agency. In other contexts, your consent can be withdrawn at any time, subject to legal or contractual restrictions, by providing us with written notice. Upon receipt of notice of withdrawal of consent, we will inform you of the likely consequences of withdrawing your consent before we process your request, which may include the inability of NNCI to provide you with certain information, products or services.
Where an individual is not capable of consenting to the collection,
use or disclosure of his or her own personal information but you wish
to provide us with that information, please ensure you are legally
entitled to do so on behalf of that individual.
Personal information is collected and used by NNCI for one or more of the following specific purposes:
Your personal information is shared only to the extent required to provide you with our products and services, and to comply with legal requirements. We may disclose your personal information in the following circumstances:
In addition, personal information may be transferred or made
accessible to NNCI’s subsidiaries, affiliates, agents and third-party
service providers who assist us in carrying out our business and
providing you with our products and services. These trusted entities
have agreed to comply with strict privacy and confidentiality
obligations. Such transfers of data for processing may occur in the
context of product educational program registration, delivery and
evaluation; sample or product order fulfillment; IT services and
record archiving; and other business outsourcing arrangements. Only
personal information that is required by the third party to provide
the service in question will be transferred.
Please note that in the context of any of these disclosures or
transfers of data, your personal information may be processed or
stored outside of Canada. Such information may be provided to law
enforcement or national security authorities of the foreign
jurisdiction upon request, in order to comply with foreign laws. We
take reasonable steps to ensure that any such third parties who we
entrust with your personal information are reputable, and have
safeguards in place to protect your information.
NNCI acknowledges that a data security breach could result in potential harm to individuals whose personal information is entrusted to NNCI. Thus, we have implemented critical physical, organizational and technical measures to guard against unauthorized or unlawful access to the personal information we manage and store. We have also taken steps to avoid accidental loss or destruction of, or damage to, your personal information. While no system is completely secure, the measures implemented by NNCI significantly reduce the likelihood of a data security breach.
Here are some examples of the security controls we have in place:
In addition, we recommend that you do your part in protecting
yourself from unauthorized access to your personal information. For
example, never share your passwords with anyone. NNCI is not liable
for any unauthorized access to your personal information that is
beyond our reasonable control.
We make every effort to ensure that the personal information contained in records that we control or have custody over is accurate, complete and up-to-date for the purposes for which we collect it. You can make a written request for access to your personal information at any time, and also request that it be corrected if there are any inaccuracies. You will need to provide as much information as you can to help us process your request and locate the information you require.
If you need assistance in preparing your access request, please get in touch with our Privacy Office (see contact information at the end of this policy). As we take your privacy seriously, we will take reasonable steps to verify your identity before granting you access or making corrections, updates or deletions to your personal information. Upon your written request, NNCI will also inform you of how your personal information has been or is being used, and who your personal information has been shared with. If we have obtained information about you from other people, we will let you know who we got it from upon your request.
NNCI responds to access requests within 30 days, unless an extension
of time is required. We may charge a fee to cover any expenses related
to responding to your access request. Note that there may be contexts
where access is refused or only partial information is provided, for
example, in the context of an on-going investigation or where another
individual’s personal information or identity must be protected.
NNCI retains personal information for as long as necessary to fulfill legal or business purposes and in accordance with the retention schedules of our parent company, Novo Nordisk A/S. Personal information that has been used to make a decision about an individual shall be retained long enough to allow the individual access to the information after the decision has been made. NNCI is subject to specific legal requirements with respect to retention periods as well, for example, as outlined in regulations regarding clinical trials and adverse events.
Once your information is no longer required by NNCI to administer products or services and meet legal or regulatory requirements, it is securely destroyed, erased or made anonymous. Keep in mind however that residual information may remain in back-ups for a period of time after its destruction date.
NNCI takes privacy complaints very seriously and has a procedure in place for escalating and managing any privacy related concerns to ensure that they are responded to in a timely and effective manner. Any suspected privacy breach must be escalated internally to NNCI’s Privacy Officer who oversees the containment, investigation and corrective actions for the breach situation.
In the event that you are not satisfied with NNCI’s resolution of a
complaint or privacy breach, you may contact the Office of the Privacy
Commissioner of Canada: www.priv.gc.ca
NNCI installs first party cookies on devices that access its
websites unless the browser used by the device has disabled the
installation of cookies. The first party cookies NNCI installs ensure
the website functions as intended, and in some circumstances are
essential for NNCI to provide services requested by website visitors.
For example, enabling first party cookies is required to log in to an
NNCI program account, as certain cookies are used to support the
log-in process and keep you logged in. Non-essential cookies are also
used by NNCI to analyze and improve the performance of our websites,
design and layout, and your overall on-line experience. For example,
NNCI uses web analytics services, including Google Analytics, to
understand the interests of our visitors and analyze traffic patterns.
We make no effort to personally identify you based on your visit to
our sites if you are not logged into your account. If you wish, you
can make use of Google’s free Google
Analytics Opt-Out Browser Add-On.
NNCI’s use of social media serves as an extension of our presence on
the Internet and helps us build a positive brand image as well as
offer our customers personalized service. NNCI social media accounts
are not hosted on NNCI’s servers. Please note that when you publicly
post personal information on social media, it can be viewed by anyone
who visits our platforms. Users who choose to interact with NNCI via
social media, such as Twitter, should read the terms of service and
privacy policies of these services/platforms.
We may offer links from our websites to the sites of third parties (including affiliated organizations), that may be of interest to you. Since these sites are not owned or controlled by us, NNCI makes no representations as to such third parties’ privacy practices and we recommend that you review their privacy policies before providing your personal information to any such third parties.
better reflect our current personal information handling practices.
Thus, we encourage you to review this document frequently. The “Last
to this policy were published and are thus in force. Your continued
use of NNCI products and services following the posting of any changes
Any inquires, concerns or complaints regarding privacy should be
Novo Nordisk Canada Inc.
101 – 2476 Argentia Rd.
Canada L5N 6M1
Your concerns will receive prompt attention. Our Privacy Office can also provide you with more detailed information about NNCI’s policies and practices. Keep in mind however that e-mail or text messaging are not secure forms of communication, so never send confidential personal information to us this way.
Thank you for your continued trust in Novo Nordisk Canada.