AstraZeneca UK Ltd, whose registered office is 1 Francis Crick Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA (“AstraZeneca”, “We”, “Us”, “Our”), is a company that belongs to the AstraZeneca group (www.astrazeneca.com), and takes the privacy and security of your personal data very seriously. This Privacy Notice outlines what personal data We may collect about you and how We may use it.
We may change this Privacy Notice from time to time. Therefore, We ask you to check this Privacy Notice occasionally to ensure that you are aware of the most recent version which will apply to your personal data. We will of course notify you of any changes where We are required to do so.
As part of completing this form We will collect and use personal data about you. Depending on whether you are a healthcare professional, a patient, or someone completing the form on behalf of a patient (Other/Patient Representative), different personal data will be collected about you, as outlined below.
Healthcare Professional: If you are completing this form on behalf of a patient, as well as collecting details relating to the patient, We will collect the following personal data about you:
Other/Patient Representative: If you are completing this form on behalf of a patient, as well as collecting details relating to the patient, We will collect the following personal data about you:
Patient: If you are completing this form yourself, We will collect the following personal data about you:
If you are a Patient reporting adverse event, AstraZeneca may obtain sensitive personal data about you, including details about your physical or mental health, as part of the reporting process and tracking the side effect case you reported.
Such information (including sensitive personal data) will be provided by you and is used by us in accordance with applicable regulatory requirements to ensure high standards of quality and safety of health care and of medical products or devices and in particular to support AstraZeneca’s legal and regulatory obligations around reporting side effects associated with Our products.
As part of this We may contact you if we require further information about the adverse event you have reported, as well as to provide you feedback on undertaken measures if you requested such. Therefore, if you fail to provide us your personal data, We may not be able to track the adverse event you reported or provide you feedback. Note that if you are a Healthcare Professional you are encouraged to and in some countries, you may even have a legal duty to report any side effect/s you have observed or suspected, as well as to provide any additional information if requested by you in this regard.
In some cases, We may need to process such information provided by you (including sensitive personal data) in accordance with Our legitimate interests in relation to establishing, exercising or defending legal claims related to Our products locally and abroad (please also see INTERNATIONAL TRANSFER section below).
AstraZeneca will store your personal data in accordance with local laws and the company´s Document Retention Policy for as long as it is necessary in order to satisfy Our legal obligations, or in order to establish, exercise or defend legal claims. When your personal data is no longer necessary for these purposes, the personal data will be securely deleted. This may mean that your personal data is stored by AstraZeneca for a number of years, depending on the purpose and need for that data to be processed. For more information on AstraZeneca’s internal Document Retention policy you may go to www.astrazenecapersonaldataretention.com
Your personal data (including sensitive personal data) may be transferred to local and/or foreign regulatory bodies and other AstraZeneca group companies for the purposes set out in this notice. We may also share your personal data with certain third parties such as: auditors and consultants to verify Our compliance with external and internal requirements; statutory bodies, law enforcement agencies and litigants, as per a legal reporting requirement or claim; and a successor or business partner to AstraZeneca or to an AstraZeneca group company in the event that it sells, divests or sets up a collaboration/joint venture for all or part of its business.
During the period your data is held by AstraZeneca, personal data which identifies a patient will only be viewable by AstraZeneca’s patient safety team located in the country where the patient resides and a small number of IT service providers and system administrators who provide global support on the system where AstraZeneca holds the personal data. AstraZeneca will remove any patient identifiers (e.g. name, initial or address) prior to using or disclosing the data beyond the local safety team or system administrators. Information which is important for the medical assessment of the report, such as age and gender, may be disclosed to government or state bodies in order to comply with Our legal and regulatory obligations.
AstraZeneca entities and third parties may be based anywhere in the world, which could include countries that may not offer the same legal protections for personal data as your country of residence. AstraZeneca will follow local data protection requirements and its internal global privacy standards and AstraZeneca will apply the necessary safeguards under the applicable law of the country transferring the data for such transfers. Irrespective of which country your personal data is transferred, We would only share your personal data under a strict ‘need to know’ basis and under appropriate controls (such as AstraZeneca’s Binding Corporate Rules (see below) and EU Standard Contract Clauses). You are entitled to receive a copy of AstraZeneca’s Binding Corporate Rules and/or the AstraZeneca’s EU Standard Contract Clauses upon request by contacting AstraZeneca on email@example.com.
We have ensured compliance with some of Our legal obligations in relation to personal data by implementing a set of ‘Binding Corporate Rules’ (BCRs). The BCRs set out AstraZeneca’s data privacy commitments in respect of personal data that is transferred internationally from Our affiliates in the European Economic Area (the EEA), and countries with similar restrictions on the use of personal data.
Our BCRs have been approved by a number of national privacy regulators and, in countries where they apply, require Us to:
You can find out more about these commitments here. The BCRs and any rights arising under them do not apply to personal data originating in countries outside the EEA.
We have in place appropriate privacy and security policies which are intended to ensure, as far as reasonably possible, the security and integrity of all Our information, including your personal data.
More information on how AstraZeneca complies with its data privacy obligations can be found in Our internal global privacy standards
You may contact AstraZeneca at https://www.astrazenecapersonaldataretention.com/ at any time to request access to the personal data we hold about you, to correct any mistakes or to request deletion of the same, or to request the restriction of processing of, or object to certain types of processing of your personal data. If such a request places AstraZeneca or its affiliates in breach of its obligations under applicable laws, regulations or codes of practice, then AstraZeneca may not be able to comply with your request but you may still be able to request that we restrict the use of your personal data for further processing.
AstraZeneca has assigned a Data Protection Officer responsible for overseeing AstraZeneca’s compliance with data protection law, which you may contact at firstname.lastname@example.org or c/o the Chief Privacy Officer, AstraZeneca, Academy House, 136 Hills Road, Cambridge CB2 8PA, England in case of any questions or concerns regarding the processing of your personal data. If AstraZeneca’s processing of your personal data is covered by EU law you may also lodge a complaint with the corresponding Data Protection Supervisory Authority in your country of residence. You can find the relevant Supervisory Authority name and contact details under http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Last updated April 2018