Sanofi Corporate Privacy Policy for Patients and Consumers

Last updated: November 13, 2023

Our commitment

SANOFI fully understands the importance of privacy and the protection of Personal Data in the digital era and is committed to ensure an adequate level of data protection for Patients and Consumers of our products and services.

What will you find in this document?

This Privacy Policy (“Policy”) describes the activities carried out by SANOFI requiring the use of Personal Data of patients and users of our products and services with the exception of study participants in clinical trials (hereinafter referred to as the “Patients”). The objective of this Policy is to help you understand why SANOFI processes Patients and Consumers’ Personal Data and the measures it implements to protect such Personal Data.

Personal Data means any information that relates to an individual (‘Data Subject’) which directly or indirectly identifies him/her.

This Privacy Policy does not describe the cookies used in our websites. To know more, please refer to our cookies policy available in the banner of our websites.

SANOFI’s role

For the purposes of this Policy SANOFI means SANOFI and all its affiliates, acting as data controllers either independently or jointly. Please note that in order to exercise your rights or ask any question, you should reach the Affiliate in your country or use the form available here.

Each specific privacy notice shall set out which SANOFI entity determines for what reasons (i.e. the purposes) your Personal Data is processed as well as the resources (i.e. the means) allocated to such processing.

Validity and evolution of this policy

This Policy may be modified by SANOFI, from time to time, in particular to reflect changes in applicable legislations and / or in SANOFI’s practices. Changes will be available on this page. We invite you to check this Policy periodically.

This Policy is a Global Privacy Policy which explains SANOFI’s processing activities regarding Patients and Consumers. It is subject to local adaptations and translations in order to comply with any applicable law. In the event that this Privacy Policy for Patients and Consumers contradicts the Local Privacy Policy, the provisions of the Local Patients and Consumers Privacy Policy shall prevail.

List of activities requiring SANOFI to process Personal Data of Patients and Consumers

SANOFI may process your Personal Data for the various purposes set out below. 

Purpose 1:  Communicate with you

In order to comply with legal obligations, SANOFI may use your Personal Data to communicate with Patients or Consumers to answer to feedbacks, questions and concerns regarding our products. 

For this purpose, SANOFI may collect data that directly or indirectly identifies you, including identification data (e.g. name, date of birth, postal address, e-mail address, telephone number, etc.) and messages you may send us using our websites, applications and platforms. 

SANOFI collects your Personal Data directly from you when you decide to communicate with us. 

Purpose 2: Provide access to SANOFIs’ applications and platforms

SANOFI may use your Personal Data to manage your online accounts, for example to provide you access to health applications. 

In order to perform a contract or precontractual measures SANOFI may process your Personal Data. 

For this purpose, SANOFI may collect data that directly or indirectly identifies you, including: 

  • Identification data (e.g. name, date of birth, postal address, e-mail address, telephone number, etc.) 
  • Pictures and videos of you, for example when you download your picture to one of our health applications 

Based on your consent, and according to the application, sensitive data such as health data can be processed.

SANOFI collects your Personal Data either directly from you when you decide to communicate with us, or via Healthcare professionals choosing, with you, as a treatment, to use one of SANOFI accounts/applications. 

SANOFI may also process information regarding your internet connection and the equipment you use to access our websites, and usage details, such as your Internet Protocol (IP) address. SANOFI collects your Personal Data automatically as you navigate or use through SANOFI’s websites, applications and platforms.

Purpose 3: Manage your participation to our patient support and treatments programs 

In order to perform a contract or precontractual measures or based on consent, SANOFI may use Personal Data in order to improve patient’s quality of care, manage claims and provide support through healthcare support services. 

For this purpose, SANOFI may collect data that directly or indirectly identifies you, including: 

  • Identification data (e.g. name, date of birth, postal address, e-mail address, telephone number, etc.)
  • Health information that you would share to benefit from our healthcare support services

SANOFI collects your Personal Data directly from you when you decide to communicate with us. 

Purpose 4: Communicate about our products

Based on SANOFI’s legitimate interests, SANOFI may use your Personal Data to understand your needs and raise awareness about our products.

The legitimate interests at stake are the possibility to communicate with Patients and Consumers, collect feedbacks on our products in order to improve them and improve the way we communicate about them. 

For this purpose, SANOFI may collect data that directly or indirectly identifies you, including identification data (e.g. name, age, e-mail address, telephone number, etc.). 

SANOFI collects your Personal Data directly from you when you decide to share it with us or from third parties such as public sources including social media, public websites, publications. 

Purpose 5: Educate and spread awareness on specific diseases

Based on your consent, SANOFI may use your Personal Data in case you participate in our programs to spread awareness on specific diseases via multi-media channels. 

For this purpose, SANOFI may collect data that directly or indirectly identifies you, including: 

  • Identification data (e.g. name, date of birth, postal address, e-mail address, telephone number, etc.)
  • Pictures and videos of you when you participate to our interviews to spread awareness on specific diseases
  • Health information that you would share to benefit from our healthcare support services

SANOFI collects your Personal Data directly from you when you decide to share it with us. 

Purpose 6: Comply with legal obligations

SANOFI may process your Personal Data to respond to legal requests from administrative or judicial authorities, in accordance with applicable laws and regulations. 

For instance, SANOFI is required to implement pharmacovigilance procedures to monitor adverse effects of marketed products, which generally involves the collection and retention of Personal Data. 

For this purpose, SANOFI collects data that directly or indirectly identifies you and that you provided to us to fulfill the purposes outlined in this Policy. 

SANOFI collects your Personal Data:

  • Directly from you when you share it with us
  • Automatically as you navigate or use through SANOFIs’ websites, applications and platforms
  • From third parties such as providers or public sources including public websites, publications

Recipients of the data

For the purposes described above, SANOFI may need to share your Personal Data with authorized third parties. SANOFI imposes to third parties adequate contractual relations to ensure the protection of your Personal Data, according to applicable data protection Law.  

The recipients may include: 

  • SANOFI’s employees and its affiliates  
  • Potential acquirers and other stakeholders in the event of a merger, legal restructuring operation such as, acquisition, joint venture, assignment, spin-off or divestitures  
  • Our partners (e.g. service providers or vendors acting upon our instructions for website hosting, data analysis, order fulfillment, email delivery, auditing, etc.) 
  • Legal and administrative authorities, as required by applicable laws

International Transfers of Data

SANOFI is a multinational organization with affiliates, partners and subcontractors located in many countries around the world. For that reason, SANOFI may need to transfer (via access, visualization, storage..) your Personal Data in other jurisdictions, including from the European Economic Area to outside the European Economic Area, in countries which may not be regarded as providing the same level of protection as the jurisdiction you are based in.

In cases where SANOFI needs to transfer Personal Data outside the European Union, it shall ensure that adequate safeguards, as required under applicable data protection legislation, will be implemented (including, notably, the European Commission’s Standard Contractual Clauses, as applicable).

In the case of intra-group transfers of Personal Data, SANOFI shall apply its “Binding Corporate Rules” validated by the EU Data Protection Authorities. 

How long will SANOFI retain your Personal Data?

SANOFI will retain your Personal Data only for the period necessary to fulfill the purposes outlined in this Policy. 

As an exception, SANOFI may be required to retain your Personal Data for longer periods as required or permitted by law, or as necessary to protect its rights and interests. In such a case, you will be informed of the intended retention period in the applicable Privacy Notice.

Is the collection of this data mandatory or optional?

SANOFI must process your Personal Data to fulfill the purposes listed above.

The collection of some Personal Data is necessary to comply with our obligations toward you or toward administrative or judicial authorities.

Further processing

We do not intend to process Personal Data for any other purpose that is listed in this Privacy Policy.

However, should processing of Personal Data for purposes other than those for which the Personal Data was initially collected occur, we will comply with the requirements pursuant to applicable laws.

About children Personal Data

Our Websites are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13 through our Website. If you are under 13, do not use or provide any information on this Website.

In some instances, we may collect Personal Data about children with the consent of his/her parent or guardian for the provision of our services such as patient support programs.

But we generally do not otherwise knowingly solicit Personal Data from, or market to, children. If a parent or guardian becomes aware that his or her child has provided us with personal information, he or she should contact us as described in the “How to Contact Us” section below. We will take steps to delete such information from our database in accordance with applicable legal requirements.

Security measures

SANOFI has implemented a variety of technical and organizational procedures and measures to ensure the integrity and confidentiality of your Personal Data from unauthorized access, use and disclosure. These measures take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

For instance, we store your Personal Data on servers that have various types of technical and physical access controls, which may include, for instance, if appropriate, encryption. We may also aggregate, pseudonymize or anonymize Personal Data to ensure that no personally identifiable information is communicated to third parties.

Your Privacy and Data Protection rights

You may, where required by applicable law and subject to limitations which may apply by exceptions or legal requirements, be entitled: 

  • You may receive a copy of such data; unless it is directly available to you, for instance within your personal account 
  • To obtain a rectification of your Personal Data should your Personal Data be inaccurate, incomplete, or obsolete
  • To obtain the deletion of your Personal Data in the situations set forth by applicable data protection law (“right to be forgotten”)
  • To withdraw your consent, at any time, to data processing without affecting the lawfulness of processing, where your Personal Data has been collected and processed on the basis of your consent
  • To object the processing of your Personal data, where your Personal Data has been collected and processed on the basis of legitimate interests of SANOFI, in which case you will need to justify your request by explaining to us your particular situation
  • To request a limitation of the data processing in the situations set forth by applicable law
  • To request that some of the Personal Data you provided to us is brought to you, or to another data controller, in a commonly used, machine-readable format

While we suggest that you contact us beforehand, you are entitled to lodge a complaint with your local Data Protection Authority regarding the processing of your Personal Data.

If you would like to exercise any of these rights, please contact us as described in the “How to Contact Us” section below.

How to contact us?

SANOFI welcomes any questions or comments you may have regarding this Policy or its implementation. Any such questions or comments should be submitted using the contact form available here.

For US Residents

Sanofi US (Sanofi-Aventis U.S. LLC and Sanofi US Services Inc.) respects the interest that visitors to our websites have in understanding what information is collected electronically, how it is collected, to whom it is or may be disclosed and how it is used. Sanofi US has developed this online privacy policy to address those questions. 

State-Specific Privacy Policy

If you are a resident of certain U.S. states, including California, Colorado, Connecticut, Virginia, or Utah, you may be entitled to additional rights and disclosures, depending on the law of your state.