ViiV HEALTHCARE GENERAL PRIVACY NOTICE
This privacy notice is intended for:
- users of ViiV Healthcare products and services (excluding research subjects);
- visitors to ViiV Healthcare and ViiV Healthcare-owned websites;
- users of ViiV Healthcare systems and applications; and members of the general public who are interested in contacting or are being contacted by ViiV Healthcare.
Your trust is important to us. We are committed to treating your personal information with care and integrity. We want to make sure you understand what personal information we may collect about you when you interact with us, how we use your personal information, and how we keep it safe. When we refer to “ViiV Healthcare,”, “ViiV”, “we,” “us” and “our”, we are referring to the ViiV Healthcare group of companies.
Personal information means any information or piece of information which could identify you either directly (e.g. your name) or indirectly (e.g. a unique ID number).
This privacy notice explains our general practices. However, where local laws or regulations require that we process information diﬀerently, or refrain from such processing, we will always comply with the applicable local law.
In this privacy notice, we explain:
1. Who is the controller of your personal information?
ViiV Healthcare UK Ltd together with ViiV Healthcare Australia Pty Ltd (ABN 46 138 687 448) which has a relationship with you is the controller of your personal information.
In some instances, the local company which has a relationship with you will be a ViiV Healthcare company. In other instances, as ViiV Healthcare is part of the GlaxoSmithKline (GSK) group of companies, the local company which has a relationship with you will be a GSK company; the GSK group of companies privacy notice can be found here.
For more information on the relevant local company, click here where you can also ﬁnd the contact details of the Data Protection Oﬃcer (if applicable) for your country.
2. Contact information and your privacy point of contact
If you want to exercise your rights, have any questions about this privacy notice, need more information or would like to raise a concern, each local privacy point of contact’s details can be found here.
3. What personal information do we collect about you?
VHCA collects personal information at diﬀerent times which may be used for one or more of a variety of purposes, to allow us to perform our business activities and functions and to provide best possible quality of customer service. These purposes include:
The personal information we collect process and store may include:
- Basic information – your name, surname (including preﬁx or title), alias, gender, age or date of birth, as well as your preferred language. Similar information about children may also be collected in very limited circumstances, see ‘Information about children' for more information;
- Contact information – information that enables us to contact you, e.g. your personal or business email, mailing address, telephone numbers and proﬁle on a social media platform;
- Technical and network activity information – information about your device and your usage of our websites, apps and systems, including your IP address, device ID, hardware model and version, mobile network information, operating system and other online identiﬁers, type of browser, browsing history, search history, access time, pages viewed, URLs clicked on, forms submitted, and physical location;
- Financial information – your bank details, including account name, account number and sort code;
- Product use – data related to your use of our products (including feedback), and preferences, your interactions with us, your preferred method of communications with us, and services you may use;
- Health information – your health status, health conditions you are experiencing and health information inferred from information that you have provided to us; and
- Audio visual – photos, videos and voice recordings of you.
You can choose not to give us personal information when we ask you for it. If you decide not to give us your personal information, it may restrict our relationship with you. For example, we may not be able to provide you with the services that you have requested.
4. How do we collect your personal information?
Directly from you when you:
- Create an account and proﬁle on one of our websites or apps;
- Register with us to use ViiV Healthcare’s authentication services;
- Use our websites, apps and systems;
- Share or use your social media proﬁle to contact ViiV Healthcare;
- Sign up with us to receive promotional material;
- Enter a contest or competition organised by ViiV Healthcare;
- Get in touch for support or to provide feedback;
- Attend an online event such as a webcast;
- Respond to any surveys that you may choose to participate in;
- Share adverse events or medical information enquiries with us; and/or
- Attend oﬄine meetings, such as advisory boards or conferences.
From other sources:
- Publicly accessible sources;
- Joint marketing partners;
- Marketing vendors;
- Events management agencies;
- Social media platforms; and/or
- When you talk about us online, like when you mention a ViiV Healthcare product in a Tweet.
If you connect your social media account to our websites or apps, you will share certain personal information from your social media account with us. This may include your name, email address, photo, list of social media contacts, and any other information you make accessible to us when you connect your social media account to our websites or apps.
We also combine information about you from various sources, including the information you provide to us and personal information, which is collected during your relationship with us.
5. How do we use your personal information?
We use your personal information for the purposes we have described below in this privacy notice, or for purposes which are reasonably compatible to the ones described.
To manage our relationship with you.
We will use your personal information to:
- Provide our products and services to you;
- Provide you with a prize if you enter a prize draw or competition;
- Provide online services such as webcasts, employment opportunities and ﬁnancial results; Manage your account on our websites and apps;
- Respond to your queries and provide you with information when you request it or when we believe our products and services may be of interest to you. If we intend to share electronic marketing with you, we will ask for your consent where required and you can opt out at any time;
- Invite you to provide feedback, participate in research, surveys or attend events; Personalise your experience when interacting with ViiV Healthcare;
- Report the adverse events you notify us about; and/or
- Perform analytics, market research and segmentation to understand your preferences, improve our products and services and our communications to you.
To manage and improve our processes and our business operations.
We will use your personal information to:
- Manage our network and information systems security; Manage our workforce eﬀectively;
- Respond to reports you make of a possible side eﬀect associated with one of our products and to monitor the safety of our products;
- Keep records related to our relationship with healthcare professionals;
- Perform data analyses, auditing and research to help us deliver and improve our ViiV Healthcare digital platforms, content and services;
- Monitor and analyse trends, usage and activities in connection with our products and services to understand which parts of our products and services are of the most interest and to improve them accordingly; and/or
- Prepare and perform management reporting and analysis, including analytics and metrics.
To achieve other purposes.
We will use your personal information:
- To follow applicable laws and regulations;
- To respond to requests from competent public authorities;
- To tell you about changes to our terms, conditions and policies;
- To exercise or defend ViiV Healthcare against potential, threatened or actual litigation; To investigate and take action against illegal or harmful behaviour of users;
- To protect ViiV Healthcare, your vital interests, or those of another person;
- To gain insights and feedback on our products and services in order to correct or improve them, by analysing information from external sources such as Google, Facebook and Twitter (and others);
- To deliver services to you via your smart device and our mobile apps; and/or
- When we sell, assign or transfer all or part of our business.
6. Why are we allowed to collect and use your personal information?
We can collect and use your personal information when one of the following applies:
- To take steps before entering into a contract or perform a contract;
- To follow the law, for example:
- Record-keeping regulatory monitoring and reporting obligations, including those related to adverse events, product complaints and product safety; and
- Complying with anti-corruption and transparency obligations;
- You have speciﬁcally given us your permission when such permission is obligatory (the law calls it “consent”). You can withdraw your consent at any time. We will normally need your consent in the following circumstances:
- Placing cookies on your device to ﬁnd out how you use our websites so we can personalise what you see by tailoring content and notiﬁcations to the things you are interested in;
- Certain situations where you share sensitive information about yourself, such as your health;
- Before we send you certain electronic marketing communications; and
- In any other situation where the processing of personal information relies upon your consent.
- We need to use your personal information for legitimate business purposes, for example, to enable us to run our business successfully. These include:
- Sending direct marketing materials to you (you will always have the right to opt out of marketing and promotional communications);
- Conducting audits and internal investigations and complying with internal policies on anti-bribery and conﬂict of interest;
- Managing our IT and communications systems and networks;
- Planning and improving our business activities;
- Conducting training and gathering feedback for ensuring quality control;
- Protecting our rights, privacy, safety or property, and/or that of our aﬃliates, you or others;
- To provide the functionality of the services we provide you, which includes arranging access to your registered account, and providing you with related customer service;
- Verifying your eligibility to access certain products, services and data that may be provided only to licensed healthcare professionals or otherwise conducting background checks to ensure we are not precluded from working with you;
- Analysing or predicting your preferences to identify aggregated trends to develop, improve or modify our products, services and business activities;
- Interacting with you through online digital advisory forums and allowing you to send messages to another person if you choose to do so;
- Responding to and handling your queries or requests, including requests for samples;
- Sending administrative information to you, such as changes to our terms, conditions and policies;
- Completing your transactions and providing you with related customer service; and/or
- Reaching out to you to provide information about our products or request input on surveys relating to our products or services;
- For the establishment, exercise or defence of legal claims or proceedings;
- To protect your vital interests or those of others; and
- Because it is necessary for reasons of substantial public interest, on the basis of applicable laws.
- To take steps before entering into a contract or perform a contract;
7. How do we protect your personal information?
We want to make sure your personal information is not shared with or used by those not allowed to see it. We use a variety of security measures and technologies to help protect your personal information.
We carefully choose service providers to work with, and check they have security measures and technologies in place to protect your personal information.
However, there are no guarantees that a data transmission or storage system is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us using the details at the ‘Contact information and your privacy point of contact’ section.
8. What are your rights regarding your personal information?
You have rights we need to make you aware of. The rights available to you depend on our reason for processing your personal information and the local law in your jurisdiction, and there are exceptions to some rights. Depending on this you may have the right to:
- Withdraw your consent to us processing your personal information for direct marketing purposes;
- Ask ViiV Healthcare about the processing of your personal information including to be provided with copies of your personal information;
- Ask us to correct information you think is inaccurate or incomplete;
- Ask us to delete your personal information;
- Ask us to restrict the processing of your information;
- Object to our processing of your personal information;
- Ask that we transfer information you have given us from one organisation to another, or to give it to you; and
- Complain to your local data protection authority.
You can find out how to get in touch with us to ask us to do any of the above by looking at the ‘Contact information and your privacy point of contact’ section.
Where you wish to object to our handling of your personal information, we will attempt to confirm as appropriate with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. After we have completed our enquiries , we will contact you, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint.
For your protection, and to protect the privacy of others, we may need to verify your identity before completing what you have asked us to do.
Where we have relied upon your permission to use your personal information, and you later withdraw that permission, we may not be able to complete some of the activities described in ‘How do we use your personal information’.
9. How long do we keep your personal information?
In some jurisdictions, we are legally required to keep your personal information for a certain period of time. How long depends on the specific legal requirements of the jurisdiction you are in when you share your information with us.
We will always keep your personal information for the period required by law and where we need to do so in connection with legal action or an investigation involving ViiV Healthcare. Otherwise, we will keep your personal information for as long as we have a relationship with you, in order to respond or process a question or request from you or if we have sent you a product sample.
10. With whom do we share your personal information?
We share your personal information on a need-to-know basis, and to the extent necessary to follow laws and regulations, and in the context of managing our relationship with you.
We share your personal information only with teams in the ViiV Healthcare and GSK group of companies) who need to see it to do their jobs. Please see this “link” for contact details and locations of our ViiV Healthcare aﬃliates and this “link” for contact details of and locations of our GSK aﬃliates. In some countries, our relationship with you is managed for us by specialised service providers. We will share your personal information with their people and teams who need to see it as part of their job.
We will also share your personal information with other entities, for example:
- Event agencies;
- Marketing agencies;
- Employment and recruitment agencies;
- Technology suppliers who work with us to develop and improve our websites, digital forums and apps;
- Media services providers who work with us;
- Any entity who may acquire us or part of our business or brands;
- Suppliers managing adverse event reports;
- Local or foreign regulators, courts, governments and law enforcement authorities; and
- Professional advisors, such as auditors, accountants and lawyers.
11. In what instances do we transfer your personal information outside of your home country?
We work all over the world. Therefore, we may need to transfer, use and store your personal information in any other country in which ViiV Healthcare or its aﬃliates worldwide, or its or their subcontractors or agents maintain facilities. These countries may include: United States, United Kingdom and India, as well as countries within the European Union. We implement appropriate measures to protect your personal information when we transfer your personal information outside of your home country such as data transfer agreements that incorporate standard data protection clauses. The data privacy laws in the countries we transfer it to may not be the same as the laws in your home country. Law enforcement agencies, regulatory agencies, security authorities or courts in the countries we transfer your personal information to may have the right to see your personal information.
12. Additional information if you are in the European Economic Area (EEA)
The European Commission recognises that some countries outside the EEA have similar data protection standards. The full list of these countries is available here.
If we transfer your personal information to a country not on this list, we do so based on standard contract clauses adopted by the European Commission. These enable us to make international transfers of personal information within our group of companies and meet the data protection laws of the European Union and the General Data Protection Regulation (GDPR).
13. Information about children
Whilst our services are not ordinarily directed to children, occasionally we may collect child’s data, for example, when we receive adverse event reports. Please see ‘What personal information we collect about you' for more information.
14. Cookies, Website and Application Data; Use for Analytics and Marketing
To the extent that your local laws consider the information collected by cookies and other technologies as personal information, we will treat that information to the standards set out in this privacy notice.
We also use remarketing services oﬀered by our advertising partners to personalise advertisements for visitors to sites of their advertising networks (i.e. websites other than ViiV Healthcare’s). On these pages, you may be shown advertisements that refer to your interactions with ViiV Healthcare previously. To turn oﬀ personalisation for advertisements served by Google click here. To turn oﬀ personalisation for advertisements served by Facebook click here. Many companies that display interest-based advertising are members of the Network Advertising Initiative ("NAI"), the Digital Advertising Alliance ("DAA") or the European Interactive Digital Advertising Alliance (“EDAA”). To opt-out of interest-based advertising by members of these initiatives, you can visit their websites at https://optout.networkadvertising.org/, https://optout.aboutads.info/ and https://www.youronlinechoices.com/.
We may use the data you share with us to make decisions about your interests and preferences so we can make the marketing materials we send you more relevant. We may also combine the information we hold about you with data about your interests or demographics that third parties have collected from you online and oﬄine, to make your experience more personalised and further tailor our marketing materials. You have certain rights in relation to this – please see 'What are your rights regarding your personal information?' above for further information.
We use Facebook custom audience tools. This allows us to provide personalised advertising to you when you use Facebook’s platforms by matching the email address we hold for you with the email address Facebook holds for you, to show you the most relevant ViiV Healthcare advertisements. We only do this where you have given us consent. Sometimes we may also use information about you to build lookalike models. This allows us to generate similar audiences of prospective customers (who may have similar interests or demographics to you) through advertising platforms like Facebook or Google, based on data that the advertising platform holds about other people. Usually this means sharing your email address with our advertising partners. If you wish to opt out of similar audiences in Google, you can do so here.
15. How we update this privacy notice?
From time to time, we will update this privacy notice. Any changes become eﬀective when we post the revised privacy notice on your local ViiV Healthcare website. This privacy notice was last updated as of the “Last updated” date shown above. If changes are significant, we will provide a more prominent notice to let you know what the changes are.
16. Our responsibility regarding websites that we do not own or control
Our websites and apps may contain links to websites or mobile applications we do not own or control. This privacy notice does not cover them. Please read the privacy notices on those websites and mobile applications if you would like to find out how they collect, use and share your personal information.
PM-AU-HVX-WCNT-220008. Date of preparation: January 2023.