Please enter password to
access this website
Please enter password to access this website
Privacy Notice +
Who is responsible for your personal data?
The local AstraZeneca company that contacts or communicates with you, or with which you otherwise have a relationship, is responsible for your personal data. This entity is the "controller", "responsible person" or other equivalent term under applicable privacy and data protection law.
Find here a list of AstraZeneca companies, including their business contact information, such as their email address, mailing address, and telephone number(s), as applicable.
What personal data do we collect and how do we use it?
We collect personal data about you from a range of sources depending on the circumstances, including:
| ■ |
From you directly, such as when you: |
| – |
use our websites, attend a virtual event or webcast, or complete an online survey; |
| – |
attend one of our live meetings, such as advisory boards, congresses, or conferences; |
| – |
create or maintain an account on one of our websites, platforms, applications, or systems; |
| – |
register to receive promotional materials from us; |
| – |
share adverse events or medical information enquiries with us (in the event you report an adverse event related to an AstraZeneca product, please review the adverse event reporting notice for your relevant country, to get further information on how we process your personal data in that context); |
| – |
write to us or contact us with questions or comments; |
| ■ |
Automatically from your device when you use one of our platforms, websites, applications, or systems, or when you open an email from us for which we collect email open rate metrics; |
| ■ |
From other sources (where permitted by and in accordance with applicable law) including: |
| – |
public sources such as official registers, hospital websites, healthcare provider directories and social media; |
| – |
joint marketing partners or partners in joint scientific projects; |
| – |
third parties providing services to the healthcare sector, including third-party providers of demographic data and directories; |
| – |
patient organizations; |
| – |
career social networking sites; and |
| – |
social media platforms when you publicly share opinions about AstraZeneca or mention an AstraZeneca product in a comment. |
The table below lists the purposes for which we may collect and use your personal data, the categories of personal data we may collect and use, and, for those jurisdictions that require a “legal basis”, the legal basis we rely on.
Regarding legal basis, some countries do not allow us to rely on legitimate interest to use your personal data, in which case we may rely on another legal basis such as your consent. We will ask for your consent to collect and use your personal data where required by and in accordance with applicable law. We do not typically collect or process personal data from healthcare professionals that is considered sensitive under applicable privacy and data protection laws. If we do so, or if you provide such information to us voluntarily, we will handle such information to fulfill the limited purpose(s) for which it was collected or provided in accordance with applicable laws.
We may use artificial intelligence when processing your personal data. When artificial intelligence is used, we adhere to applicable laws, including obtaining and your consent to use artificial intelligence where required by applicable law.
You are free to choose not to provide us with your personal data when we ask for it. However, if you choose not to provide us with your personal data, it may limit or prevent us from assisting you, responding to your request(s), providing you with the services you have requested, or entering into a collaboration with you, among other things.
We may process your personal data for other purposes not listed above where such processing is at your direction or with your consent.
Who do we share your personal data with and how do we transfer it?
Depending on the purposes for which we use your personal data, we may share your personal data with the following entities for the purposes listed above:
| ■ |
Other AstraZeneca group companies, including our affiliates and subsidiaries. You can find a list of AstraZeneca companies here. |
| ■ |
Service providers, such as: |
| – |
IT providers for the purposes of system management and maintenance, system security and improvement, development, testing, technical support, and data hosting. |
| – |
Web analytics service providers using cookies to analyze patterns and information about your use of our websites, as further explained in the cookie notice (and/or cookie consent interface) on the AstraZeneca website you are visiting. Some of our websites may use Google Analytics, provided by Google, Inc. (“Google”). More information on Google Analytics. You may choose to opt-out of having your data used by Google Analytics. |
| – |
Event agencies that help us organize conferences and other events, for example, send out invitations, prepare participant lists, and select speakers. |
| – |
Market research companies to include you in our surveys or other scientific opportunities to obtain insights about your experience with our products or services. |
| – |
Marketing consultants that help us send you materials about our products by mail, email, or other channels. |
| – |
Advertising companies to serve you ads online. |
| ■ |
Healthcare service providers and other pharmaceutical companies who partner with us to conduct research into diseases and develop products to treat them, including participation in scientific events, clinical studies, and advisory bodies. |
| ■ |
Auditors and consultants to verify our compliance with internal and external requirements. |
| ■ |
Statutory bodies, law enforcement agencies, legal advisors and litigants. |
| ■ |
A successor or business partner to AstraZeneca or to an AstraZeneca group company in the event that it sells, divests or sets up a collaboration or joint venture for all or part of its business, or in the context of some other type of corporate transaction. |
| ■ |
Other third parties providing services on our behalf. |
| ■ |
To other third parties at your direction or with your consent. |
The entities with whom we share personal data may be located in different jurisdictions globally. When we transfer your personal data across borders, we do so in compliance with applicable privacy and data protection laws.
Where required by law, we rely on contracts to ensure that the entity receiving your personal data complies with applicable data protection laws. Such contractual arrangements include, for example, AstraZeneca's Binding Corporate Rules and Standard Contract Clauses, or equivalent instruments approved by a competent supervisory authority. You can request information and a copy of the Standard Contract Clauses used by AstraZeneca by contacting us at Privacy@astrazeneca.com.
Where required by applicable privacy and data protection laws, we will ask for your consent before transferring your personal data to another jurisdiction.
Law enforcement, regulatory and security authorities or courts in the jurisdictions to which we transfer your personal data may have a right to access your personal data in accordance with applicable laws.
How long do we keep your personal data and how do we protect it?
We keep your personal data for as long as we need it for the purposes set out above, or where local law imposes a retention period, in accordance with such law. When your personal data is no longer needed for these purposes, it will be deleted.
We have implemented a variety of privacy and security policies, measures, and technologies to help protect your personal data from a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. In particular, AstraZeneca has implemented physical security controls and developed and implemented robust data transmission and storage systems designed to ensure an appropriate level of security and protection of personal data.
We have a dedicated process for carefully selecting the service providers and partners we work with, which includes verifying that they have appropriate technical and organizational security measures in place to protect your personal data. We also confirm that these service providers and partners are able to comply with the obligations they have undertaken in the data processing and sharing agreements we sign with them.
If you suspect or believe that your interactions with us are no longer secure, please contact us as soon as possible. See the “contact us” section below.
What are your data protection rights?
Generally, your rights in relation to your personal data will depend on: (i) the data protection law (if any) that applies to how we collect and use your personal data; and (ii) in some jurisdictions, the lawful basis on which we collect and use your personal data. Some laws also apply conditions or exceptions to the exercise of these rights.
You may have the following rights in relation to your personal data:
| ■ |
Right to obtain information on how we use your personal data, including the purposes for which we use it, with whom we share it, how long we retain it, and so forth; |
| ■ |
Right to access to the personal data we hold about you, including receive a copy of your personal data; |
| ■ |
Right to have us correct any inaccuracies in the personal data we hold about you (for example, because it is incomplete or out of date); |
| ■ |
Right to have us delete (erase) your personal data; |
| ■ |
Right to have us transmit the personal data you have provided to us about yourself to a third party; |
| ■ |
Right to object to our use of your personal data (for example, for direct marketing); |
| ■ |
Right to receive meaningful information about the logic involved in any automated decisions we take about you, and the right to be informed of the significance and the envisaged consequences of that decision; |
| ■ |
Right to withdraw any consent you may have given to the collection or use of your personal data; and |
| ■ |
Any other right recognized by applicable data protection law. |
If you want to exercise these rights, please use AstraZeneca’s dedicated online platform. When doing so, please note the following:
| ■ |
We may ask you to provide proof that you are who you say you are if we have any doubts about your identity. For example, we may ask you to verify certain data we have about you or, in some cases, to show us your ID. |
| ■ |
If you are making the request on behalf of someone else, we may ask you to provide proof that you have been authorized by that other person to make the request on their behalf. |
| ■ |
We will delete any proof of your identity as soon as we are satisfied that you are who you say you are, or that you are in fact representing someone else. |
In addition to the above rights, you may also have the right to complain to your local data protection authority, depending on the applicable law.
Contact us
You can contact us using the business contact information – such as the email address, mailing address, or telephone number(s) – of the AstraZeneca entity responsible for your personal data, which you can find on this website.
You can also contact our Data Protection officer at Privacy@astrazeneca.com or by mail at: Global Data Protection Officer, AstraZeneca 1 Francis Crick Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA, United Kingdom.
If you want to exercise your rights, please use our dedicated online platform.
How do we let you know of updates to this privacy notice?
We will post the latest version of our privacy notice on our website. The privacy notice lets you know when it was last updated. If we make material updates to the privacy notice, we will, where possible and in accordance with applicable law, provide you with an additional notice (for example, by sending it to the contact information we have on file for you).
SG-10319_ONC_202601