At Novo Nordisk Canada Inc. (“NNCI”), your privacy is of great importance to us. NNCI is dedicated to the protection of the personal information of patients, participants in clinical studies, customers, visitors to our websites, healthcare professionals and other individuals with whom we interact.
NNCI takes full responsibility for the management and confidentiality of personal information. Personal information is collected, used, shared and stored in accordance with the Personal Information Protection and Electronic Documents Act and all provincial privacy laws that apply to NNCI. NNCI also respects the privacy best practice principles contained in the Canadian Standards Association Model Code for the Protection of Personal Information, CAN/CSA-Q830-96.
NNCI has appointed a Privacy Officer who oversees compliance with privacy laws and best practices and whose contact information is provided below in Section 15. The Privacy Officer’s duties include:
‘Personal information’ is any factual or subjective information, recorded or not, that can be used, either alone or in combination with other information, to identify an individual. This includes name, contact information, age, weight, occupation, lifestyle choices and any identifiable on-line activity. Any personal health information provided to NNCI such as health history or medications is sensitive personal information that we treat with extra care.
Aggregate or anonymized information that cannot be associated with a specific individual, such as clinical trial data, is not personal information, if it is, at all times, reasonably foreseeable in the circumstances that this information irreversibly no longer allows the individual to be identified directly or indirectly.
We collect limited personal information as is reasonable to offer and deliver our products or services, to respond to any other requests you may make and for other purposes described below under Section 5 and we do so with your consent or as otherwise authorized by law. We identify when information may be provided optionally and when it is necessary to service you. Depending on your interaction with us, we may collect the following categories of personal information:
Personal information can be collected in several ways, including through on-line forms when you register for an NNCI program, or verbally on the telephone, for example if you provide your information to our Customer Care Department. When it is practical to do so, we will collect the information we need directly from you. In those instances where information is collected from a third party such as a family member or your doctor, we will obtain your consent (unless otherwise permitted or required by law) and your personal information will be respected in exactly the same way as if we collected it from you personally.
We collect, use and disclose your personal information with your consent, except as required or permitted by law. Your consent to the collection, use and disclosure of personal information may be express (that is, where you were asked specifically for your consent, whether verbally or in writing) or implied for non-sensitive information, when we can reasonably conclude that you’ve given consent by some action, or when it is obvious that you would consent if directly asked.
Note that there may be instances where the law permits the collection, use or disclosure of your personal information without your consent, for example in the context of fraud investigations, and where necessary to protect our legal interests or the safety of others. For example, we may be required to collect, use, disclose or store personal information without your consent to comply with other laws, an order of a court or other legal administrative tribunal, or to respond to an authorized inquiry of a government agency. In other contexts, your consent can be withdrawn at any time, subject to legal or contractual restrictions, by providing us with written notice by email at privacyofficercanada@novonordisk.com. Upon receipt of notice of withdrawal of consent, we will inform you of the likely consequences of withdrawing your consent before we process your request, which may include the inability of NNCI to provide you with certain information, products or services.
Where an individual is not capable of consenting to the collection, use or disclosure of his or her own personal information but you wish to provide us with that information, please ensure you are legally entitled to do so on behalf of that individual.
Personal information is collected and used by NNCI for one or more of the following specific purposes:
Your personal information is shared only to the extent required to provide you with our products and services, and to comply with legal requirements. We may disclose your personal information in the following circumstances:
In addition, personal information may be transferred or made accessible to NNCI’s subsidiaries, affiliates, agents and third-party service providers who assist us in carrying out our business and providing you with our products and services. These trusted entities have agreed to comply with strict privacy and confidentiality obligations. Such transfers of personal information for processing may occur in the context of product educational program registration, delivery and evaluation; sample or product order fulfillment; IT services and record archiving; and other business outsourcing arrangements. Only personal information that is required by the third party to provide the service in question will be transferred.
Please note that in the context of any of these disclosures or transfers of data, your personal information may be processed or stored outside of Canada. As a result, such information may be subject to the law of a foreign jurisdiction, including any law permitting or requiring disclosure of the information to law enforcement or national security authorities upon request, in order to comply with foreign laws. We take reasonable steps to ensure that any such third parties who we entrust with your personal information are reputable, and have safeguards in place to protect your information in accordance with all applicable laws.
NNCI acknowledges that a data security breach could result in potential harm to individuals whose personal information is entrusted to NNCI. Thus, we have implemented critical physical, organizational and technical measures to guard against unauthorized or unlawful access to the personal information we manage and store. We have also taken steps to avoid accidental loss or destruction of, or damage to, your personal information. While no system is completely secure, the measures implemented by NNCI significantly reduce the likelihood of a data security breach.
Here are some examples of the security controls, policies and practices we have in place to safeguard your personal information:
In addition, we recommend that you do your part in protecting yourself from unauthorized access to your personal information. For example, never share your passwords with anyone. NNCI is not liable for any unauthorized access to your personal information that is beyond our reasonable control.
We make every effort to ensure that the personal information contained in records that we control or have custody over is accurate, complete and up-to-date for the purposes for which we collect it. You can make a written request for access to your personal information at any time, and also request that it be corrected if there are any inaccuracies. You will need to provide as much information as you can to help us process your request and locate the information you require.
If you need assistance in preparing your access or correction request, please get in touch with our Privacy Office (see contact information at Section 15). As we take your privacy seriously, we will take reasonable steps to verify your identity before granting you access or making corrections, updates or deletions to your personal information. Upon your written request, NNCI will also inform you of how your personal information has been or is being used, and who your personal information has been shared with. If we have obtained information about you from other people, we will let you know who we got it from upon your request.
NNCI responds to access requests within 30 days, unless an extension of time is required. We may charge a reasonable fee to cover any expenses related to responding to your access request. Note that there may be contexts where access is refused or only partial information is provided, for example, in the context of an on-going investigation or where another individual’s personal information or identity must be protected.
NNCI retains personal information for as long as necessary to fulfill legal or business purposes and in accordance with the retention schedules of our parent company, Novo Nordisk A/S. Personal information that has been used to make a decision about an individual shall be retained long enough to allow the individual access to the information after the decision has been made. NNCI is subject to specific legal requirements with respect to retention periods as well, for example, as outlined in regulations regarding clinical trials and adverse events.
Once your information is no longer required by NNCI to administer products or services and meet legal or regulatory requirements, it is securely destroyed, erased or made anonymous. Keep in mind however that residual information may remain in back-ups for a period of time after its destruction date.
NNCI takes privacy complaints very seriously and has a procedure in place for escalating and managing any privacy related concerns to ensure that they are responded to in a timely and effective manner. Any suspected privacy breach must be escalated internally to NNCI’s Privacy Officer who oversees the containment, investigation and corrective actions for the breach situation.
If you have any concerns about the collection, use and disclosure of your personal information, please get in touch with our Privacy Officer (see contact information at Section 15).
A cookie is a small text file containing a unique identification number that is installed by a website on a device’s local storage. NNCI websites use cookies and other web technologies for a variety of purposes in the course of administering its websites. NNCI uses both session cookies (used only during your visit and that expire when you close your browser) and persistent cookies (stored on your device for longer than your visit to our websites). Cookies used by NNCI collect certain information from your browser or mobile platform, including the date and time of your visit, your IP address or unique device identifier, browser type and other device information (such as your operating system version and mobile network provider), but do not contain identifiers such as your name or e-mail address.
NNCI installs first party cookies on devices that access its websites unless the browser used by the device has disabled the installation of cookies. The first party cookies NNCI installs ensure the website functions as intended, and in some circumstances are essential for NNCI to provide services requested by website visitors. For example, enabling first party cookies is required to log in to an NNCI program account, as certain cookies are used to support the log-in process and keep you logged in. Non-essential cookies are also used by NNCI to analyze and improve the performance of our websites, design and layout, and your overall on-line experience. For example, NNCI uses web analytics services, including Google Analytics, to understand the interests of our visitors and analyze traffic patterns. We make no effort to personally identify you based on your visit to our sites if you are not logged into your account. If you wish, you can make use of Google’s free Google Analytics Opt-Out Browser Add-On.
You can opt out of the installation of cookies, or delete cookies that were previously installed, by updating your settings in the browser you use to visit NNCI websites. Please note, however, that cookies allow for optimal functionality of NNCI websites. You can easily adjust your browser settings to notify you when you receive a cookie so you can choose whether or not to accept it; disable your browser from receiving cookies; or delete cookies through your browser. Please consult the Help Function of your browser for more information. Be aware however that some features and services on our website may not work properly if you refuse cookies.
NNCI’s use of social media serves as an extension of our presence on the Internet and helps us build a positive brand image as well as offer our customers personalized service. NNCI social media accounts are not hosted on NNCI’s servers. Please note that when you publicly post personal information on social media, it can be viewed by anyone who visits our platforms. Users who choose to interact with NNCI via social media, such as Twitter, should read the terms of service and privacy policies of these services/platforms.
Likewise, take precautions when posting information to chat rooms or other discussion forums because once posted, the information will be made public and cannot be easily removed from the Internet. This Privacy Policy does not cover information you post to social media, chat rooms or other discussion forums and how persons receiving your information will use that information.
We may offer links from our websites to the sites of third parties (including affiliated organizations), that may be of interest to you. Since these sites are not owned or controlled by us, NNCI makes no representations as to such third parties’ privacy practices and we recommend that you review their privacy policies before providing your personal information to any such third parties.
We may change this Privacy Policy from time to time in order to better reflect our current personal information handling practices. Thus, we encourage you to review this document frequently. The “Last Updated” date at the top of this Privacy Policy indicates when changes to this policy were published and are thus in force. If we make any significant changes to the Privacy Policy, we will post a notice on our websites and mobile apps or contact you to inform you when required by law. Your continued use of NNCI products and services following the posting of any changes to this Privacy Policy means you accept such changes, subject to any additional requirements that may apply.
If you have any inquires, concerns or complaints regarding how we handle your personal information or if you want to exercise your privacy rights, please contact us at the following address:
Privacy Officer
Novo Nordisk Canada Inc.
101 – 2476 Argentia Rd.
Mississauga, Ontario
Canada L5N 6M1
Tel: 1-800-465-4334
Email: privacyofficercanada@novonordisk.com
Your concerns will receive prompt attention. Our Privacy Office can also provide you with more detailed information about NNCI’s policies and practices. Keep in mind, however, that e-mail or text messaging are not secure forms of communication, so never send confidential personal information to us this way.
Thank you for your continued trust in Novo Nordisk Canada.