SANOFI Corporate Privacy Policy for Other Data Subjects

Last updated: November 13, 2023

Our commitment

SANOFI fully understands the importance of privacy and the protection of Personal Data in the digital era and is committed to ensure an adequate level of data protection for all persons with whom SANOFI has dealings, including contractors, business partners, advocacy groups and public stakeholders such as the medias and public authorities.

What will you find in this document?

This Privacy Policy (“Policy”) describes the activities carried out by SANOFI requiring the use of your Personal Data. The objective of this Policy is to help you understand why SANOFI processes Personal Data and the measures it implements to protect such Personal Data.

Personal Data means any information that relates to an individual (‘Data Subject’) which directly or indirectly identifies him/her.

This Privacy Policy does not describe the cookies used in our websites. To know more, please refer to our cookies policy available in the banner of our websites.

This Policy applies to you if you do not fall into the scope of other privacy policies (Patients & Consumers; Health Care Professionals; External Candidates).

SANOFI’s role

For the purposes of this Policy SANOFI means SANOFI and all its affiliates, acting as data controllers either independently or jointly. Please note that in order to exercise your rights or ask any question, you should reach the Affiliate in your country or use the form available here.

Each specific privacy notice shall set out which SANOFI entity determines for what reasons (i.e. the purposes) your Personal Data is processed as well as the resources (i.e. the means) allocated to such processing.

Validity and evolution of this policy

This Policy may be modified by SANOFI, from time to time, in particular to adapt its terms to evolutions or changes of applicable legislations and/or to SANOFI’s practices. Changes will be available on this page. We invite you to check this Policy periodically.

This Policy is a Global Privacy Policy which explains SANOFI’s processing activities. It is subject to local adaptations and translations in order to comply with any applicable law. In the event that this Privacy Policy contradicts the Local Privacy Policy, the provisions of the Local Privacy Policy shall prevail.

List of activities requiring SANOFI to process Personal Data

SANOFI may process your Personal Data for the various purposes set out below. 

Purpose 1:  Communicate with you

In order to perform a contract or precontractual measures and/or based on legitimate interest, SANOFI may use your Personal Data to send you general information about the industry, our products and invite you to professional events. 

SANOFI may also use your Personal Data in order to manage public and media relationships. SANOFI will retain your Personal Data only for the period necessary to fulfill the purposes outlined in this Policy.

The legitimate interest refers to our business interest, which is here to be able to communicate with you as part of our business operations.

For this purpose, SANOFI collects data that directly or indirectly identifies you, including: 

  • Identification data (e.g. name, e-mail address, telephone number, etc.)  
  • Data related to your professional life (e.g. your job title, your business e-mail address, the identity of your employer, etc.) 

SANOFI collects your Personal Data directly from you when you provide it to us and from third parties such as public sources. 

Purpose 2: Provide you access to online services, applications, and platforms

In order to perform a contract or precontractual measures, SANOFI may use your Personal Data to manage your online accounts on our online services, applications, and platforms. For instance, SANOFI may use your Personal Data to identify you and authenticate your access rights to our online services, applications, and platforms. 

For this purpose, SANOFI collects data that directly or indirectly identifies you, including:

  • Identification data (e.g. name, e-mail address, etc.) 
  • Data related to your professional life (e.g. your job title, your business e-mail, the identity of your employer, etc.)

SANOFI may also process information regarding your internet connection and the equipment you use to access our websites, and usage details, such as your Internet Protocol (IP) address, account credentials (username & password).  

SANOFI collects your Personal Data directly from you when you provide it to us and automatically as you navigate through SANOFIs’ online services, applications and platforms. 

Purpose 3: Manage your orders and payments 

In order to perform a contract or precontractual measures, SANOFI may use your Personal Data to perform its own obligations in light of the agreements it has entered into with you. This will notably include, where relevant, the verification of your financial data to facilitate further payments. Your Personal Data may be also used to manage the order follow-up and more specifically your deliveries.

For this purpose, SANOFI collects data that directly or indirectly identifies you, including:

  • Identification data (e.g. name, government-issued ID, e-mail address, etc.) 
  • Data related to your professional life (e.g. your job title, your business e-mail, the identity of your employer, and your professional financial data etc.)

SANOFI collects your Personal Data directly from you when you provide it to us.

Purpose 4: Protect our rights, interests and to comply with applicable law

Based on legitimate interests, SANOFI may process your Personal Data to carry out internal audits, manage business administration (finance and accounting, fraud monitoring and prevention, due diligence of third parties) and maintain the security of our services and operations. Your Personal Data may be processed to protect ourselves against possible fraudulent actions.

SANOFI may process your Personal Data to comply with applicable law, and notably to comply with the legislation regarding corruption, fraud, conflict of interest and transparency obligations. 

SANOFI maintains clear boundaries between personal and business interactions. Therefore, regarding contractual relationships SANOFI has with an employee relative, no preferential treatments are afforded.

For this purpose, SANOFI collects data that directly or indirectly identify you, including:

  • Identification data (e.g. name, date of birth, postal address, e-mail address, telephone number, etc.) 
  • Data related to your professional life (e.g. your job title, your business e-mail address, the identity of your employer, etc.) 

SANOFI may also process information regarding your internet connection and the equipment you use to access our websites, and usage details, such as your Internet Protocol (IP) address, account credentials (username & password). 

SANOFI collects your Personal Data:

  • Directly from you when you provide it to us
  • Automatically as you navigate through SANOFIs’ websites, applications and platforms
  • From third parties such as business partners or public sources

Purpose 5: Manage your request regarding donations, or facilitate sponsorships

Based on a contractual or a precontractual relationship, SANOFI may process your Personal Data to manage requests regarding donations or sponsorships. 

SANOFI collects data that directly or indirectly identify you, including:

  • Identification data (e.g. name, date of birth, postal address, e-mail address, telephone number, etc.) 
  • Data related to your professional life (e.g. your job title, your business e-mail address, the identity of your employer, etc.) 

SANOFI may also process information regarding your internet connection and the equipment you use to access our websites, and usage details, such as your Internet Protocol (IP) address, account credentials (username & password). 

SANOFI collects your Personal Data:

  • Directly from you when you provide it to us
  • Automatically as you navigate through SANOFIs’ websites, applications and platforms
  • From third parties such as business partners or public sources

Purpose 6: Comply with legal obligations 

In order to comply with its legal obligations, SANOFI may process your Personal Data to respond to legal requests from administrative or judicial authorities, in accordance with applicable laws and regulations. 

For this purpose, SANOFI collects data that directly or indirectly identifies you and that you provide to us to fulfill the purposes outlined in this Policy. 

SANOFI collects your Personal Data:

  • Directly from you when you provide it to us
  • Automatically as you navigate through SANOFIs’ websites, applications and platforms
  • From third parties such as business partners or public sources

Recipients of the data

For the purposes described above, SANOFI may need to share your Personal Data with authorized third parties. SANOFI imposes to third parties adequate contractual relations to ensure the protection of your Personal Data, according to applicable data protection Law.  

The recipients may include: 

  • SANOFI’s employees and its affiliates  
  • Potential acquirers and other stakeholders in the event of a merger, legal restructuring operation such as, acquisition, joint venture, assignment, spin-off or divestitures  
  • Our partners (e.g. service providers or vendors acting upon our instructions for website hosting, data analysis, order fulfillment, email delivery, auditing, etc.) 
  • Legal and administrative authorities, as required by applicable laws   

International Transfers of Data

SANOFI is a multinational organization with affiliates, partners and subcontractors located in many countries around the world. For that reason, SANOFI may need to transfer (via access, visualization, storage..) your Personal Data in other jurisdictions, including from the European Economic Area to outside the European Economic Area, in countries which may not be regarded as providing the same level of protection as the jurisdiction you are based in.

In cases where SANOFI needs to transfer Personal Data outside the European Union, it shall ensure that adequate safeguards, as required under applicable data protection legislation, will be implemented (including, notably, the European Commission’s Standard Contractual Clauses, as applicable).

In the case of intra-group transfers of Personal Data, SANOFI shall apply its “Binding Corporate Rules” validated by the EU Data Protection Authorities. 

How long will SANOFI retain your Personal Data?

SANOFI will retain your Personal Data only for the period necessary to fulfill the purposes outlined in this Policy. 

As an exception, SANOFI may be required to retain your Personal Data for longer periods as required or permitted by law, or as necessary to protect its rights and interests. 

Is the collection of this data mandatory or optional?

SANOFI must process your Personal Data to fulfill the purposes listed above.

The collection of some Personal Data is necessary to comply with our obligations toward you or toward administrative or judicial authorities.

Further processing

We do not intend to process Personal Data for any other purpose that is listed in this Privacy Policy. However, should processing of Personal Data for purposes other than those for which the Personal Data was initially collected occur, we will comply with the requirements pursuant to applicable laws.

Security measures

SANOFI has implemented a variety of technical and organizational procedures and measures to ensure the integrity and confidentiality of your Personal Data from unauthorized access, use and disclosure. These measures take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

For instance, we store your Personal Data on servers that have various types of technical and physical access controls, which may include, for instance, if appropriate, encryption. We may also aggregate, pseudonymize or anonymize Personal Data to ensure that no personally identifiable information is communicated to third parties.

Your Privacy and Data Protection rights

You may, where required by applicable law and subject to limitations which may apply by exceptions or legal requirements, be entitled: 

  • To have access upon simple request to your Personal Data. In that case you may receive a copy of such data unless it is directly available to you, for instance within your personal account
  • To obtain a rectification of your Personal Data should your Personal Data be inaccurate, incomplete, or obsolete
  • To obtain the deletion of your Personal Data in the situations set forth by applicable data protection law (“right to be forgotten”)
  • To withdraw your consent, at any time, to data processing without affecting the lawfulness of processing, where your Personal Data has been collected and processed on the basis of your consent
  • To object the processing of your Personal data, where your Personal Data has been collected and processed on the basis of legitimate interests of SANOFI, in which case you will need to justify your request by explaining to us your particular situation
  • To request a limitation of the data processing in the situations set forth by applicable law
  • To request that some of the Personal Data you provided to us is brought to you, or to another data controller, in a commonly used, machine-readable format

While we suggest that you contact us beforehand, you are entitled to lodge a complaint with your local Data Protection Authority regarding the processing of your Personal Data.

If you would like to exercise any of these rights, please contact us as described in the “How to Contact Us” section below.

How to contact us?

SANOFI welcomes any questions or comments you may have regarding this Policy or its implementation. Any such questions or comments should be submitted using the contact form available here.

For US Residents

Sanofi US (Sanofi-Aventis U.S. LLC and Sanofi US Services Inc.) respects the interest that visitors to our websites have in understanding what information is collected electronically, how it is collected, to whom it is or may be disclosed and how it is used. Sanofi US has developed this online privacy policy to address those questions. 

State-Specific Privacy Policy

If you are a resident of certain U.S. states, including California, Colorado, Connecticut, Virginia, or Utah, you may be entitled to additional rights and disclosures, depending on the law of your state.