The information collected from you by the chatbot may include a unique Web customer identifier code, a unique Facebook identifier code (if you are accessing the chatbot via Facebook), your first and last names, location, your recorded DLQI score, your reminder preferences, your patient type, the topics in which you have expressed interest during the conversation with the chatbot, the timestamp of your interactions and your acceptance of these terms and conditions. Additionally, Novartis Pharma AG may record your conversation history, including any manually inputted text and responses to questions from the chatbot, feedback ratings and comments you have made in the chat.
Based on your consent, this information will be used by Novartis Pharma AG and its affiliates (“Novartis”) for the purpose of providing the most relevant experience to you. Novartis will remember your selections to tailor answers, remember your preferences to send you appropriate reminders, provide location-specific resources and will record your DLQI scores over time and prompt you to take the test intermittently if you have chosen to be reminded. Novartis may, if necessary, store additional information to ensure compliance with all adverse event and product testing complaint regulatory requirements, but only if you manually type in text to the Facebook Messenger or Web channels.
Information stored by Facebook:
Specific information related to your Facebook profile will be shared by Facebook with the chatbot for the duration of your session (i.e. your interaction with the chatbot), in order to personalise the chat. The information that Facebook will share is: a unique identifier code; your first name; location; and Facebook profile image. This information will not be stored outside of the specific chatbot session. Once you have ended the chatbot session, the information will be deleted automatically, and Novartis will have no further access.
Information stored by Novartis:
Information related to inputs you make into the chat and the personal preferences you record will be stored in a database by agents acting on behalf of Novartis. The information that Novartis will record is: your inputted DLQI score; your requested reminder preferences; your conversation history; any manually inputted text; and conversation timestamp.
If a user submits any manually inputted text, that text will be automatically forwarded to appropriate Novartis contacts, which may be required by regulation to follow up either in Facebook Messenger, the Web channel or through another communication channel, such as email if provided - and only if the text contains an adverse event or a product testing complaint. In these instances, additional information about you must be stored until all appropriate communication has occurred, which may include mandatory reporting to regulatory agencies. Information will also include a Facebook or Web channel-created user identification, your name, a timestamp of the event, and all of the text that was inputted into the chat. This information will only be used in connection with the related event and will be encrypted and deleted once allowed by regulatory bodies. This information will be encrypted and stored in a dedicated document database and will only be accessed for the specific purpose of responding to, or otherwise resolving, an adverse event or product testing complaint.
Your personal information will be processed by third parties who act for or on Novartis’ behalf, in accordance with the purposes described in this notice. These third parties may be located in countries or territories that may not offer the same level of data protection as the country in which you reside. Where the processing of your Personal Data is delegated to such a third party, Novartis will ensure that such third party provides sufficient guarantees with respect to the technical and organizational security measures governing the processing of your Personal Data.
Novartis will not access directly your personal data and only receive aggregated and anonymized information from third parties acting on its behalf, unless Novartis is required to do so because of an applicable law, court order or governmental regulation, or if such disclosure is otherwise necessary in support of any criminal or other legal investigation or proceeding here or abroad.
Novartis has adopted Binding Corporate Rules, a system of principles, rules and tools, provided by European law, in an effort to ensure effective levels of data protection for sharing personal information within Novartis, in particular relating to transfers of personal information outside the EEA and Switzerland.
Novartis will not share your information with anyone who is not directly connected with this purpose.
Your data will be deleted automatically if you are not active within the chatbot for 365 days. As soon as the threshold of 365 days has been reached all data related to your use of the chatbot will be deleted from the Novartis database.
There may be cases when your personal information or part of it may be stored for a longer time period if Novartis is required to do so because of an applicable law, court order or governmental regulation or if such retention is otherwise necessary in support of any criminal or other legal investigation or proceeding here or abroad.
Novartis has implemented appropriate technical and organizational measures to provide an adequate level of security and confidentiality to your personal data, taking into account the nature of the data and the risk of processing such data. The purpose thereof is to protect it against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and against other unlawful forms of processing. Moreover, when handling your personal data, Novartis complies with the following obligations:
You may exercise the following rights under the conditions and within the limits set forth in the law:
the right to access your personal data as processed by us and, if you believe that any information relating to you is incorrect, obsolete or incomplete, to request its correction or updating;
If you wish to query the data that is held on you at any time, you can do so by selecting the menu item in the Facebook Messenger or Web Channel that is labelled “Manage my data”. This will present you with options to:
If you have a question, if you are not satisfied with how Novartis processes your personal data, or if you want to exercise the above rights, you may send an email to [email protected] When contacting Novartis, please add a description of your relationship and/or your interactions with us. If you wish to receive information related to your personal data, please also add a scan of your identity card for identification purpose, it being understood that we shall only use such data to verify your identity. When sending such a scan, please make sure to redact your picture and national registry number or equivalent from the image.