Privacy Notice

AstraZeneca UK Ltd, whose registered office is 1 Francis Crick Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA (“AstraZeneca”, “We”, “Us”, “Our”), is a company that belongs to the AstraZeneca group (www.astrazeneca.com), and takes the privacy and security of your personal data very seriously. This Privacy Notice outlines what personal data We may collect about you and how We may use it.

We may change this Privacy Notice from time to time. Therefore, We ask you to check this Privacy Notice occasionally to ensure that you are aware of the most recent version which will apply to your personal data. We will of course notify you of any changes where We are required to do so.

WHAT INFORMATION DO WE COLLECT?

As part of completing this form We will collect and use personal data about you. Depending on whether you are a healthcare professional, a patient, or someone completing the form on behalf of a patient (Other/Patient Representative), different personal data will be collected about you, as outlined below.

Healthcare Professional: If you are completing this form on behalf of a patient, as well as collecting details relating to the patient, We will collect the following personal data about you:

  • Name
  • Profession
  • Contact details (such as address, phone number, email address, fax)

Other/Patient Representative: If you are completing this form on behalf of a patient, as well as collecting details relating to the patient, We will collect the following personal data about you:

  • Name
  • Contact details (such as address, phone number, email address, fax)

Patient: If you are completing this form yourself, We will collect the following personal data about you:

  • Name
  • Contact details (such as address, phone number, email address, fax)
  • Date of birth
  • Gender
  • Details of the side effect(s) experienced, including the start and end date
  • Details of the AstraZeneca product you were taking, including reason for treatment with the product, details of the product taken, the start and end date of taking the product, the dose, unit and frequency of taking the product
  • Any additional information you choose to provide us.

If you are a Patient reporting adverse event, AstraZeneca may obtain sensitive personal data about you, including details about your physical or mental health, as part of the reporting process and tracking the side effect case you reported.

HOW DO WE USE YOUR PERSONAL DATA?

Such information (including sensitive personal data) will be provided by you and is used by us in accordance with applicable regulatory requirements to ensure high standards of quality and safety of health care and of medical products or devices and in particular to support AstraZeneca’s legal and regulatory obligations around reporting side effects associated with Our products.

As part of this We may contact you if we require further information about the adverse event you have reported, as well as to provide you feedback on undertaken measures if you requested such. Therefore, if you fail to provide us your personal data, We may not be able to track the adverse event you reported or provide you feedback. Note that if you are a Healthcare Professional you are encouraged to and in some countries, you may even have a legal duty to report any side effect/s you have observed or suspected, as well as to provide any additional information if requested by you in this regard.

In some cases, We may need to process such information provided by you (including sensitive personal data) in accordance with Our legitimate interests in relation to establishing, exercising or defending legal claims related to Our products locally and abroad (please also see INTERNATIONAL TRANSFER section below).

HOW DO WE STORE YOUR DATA

AstraZeneca will store your personal data in accordance with local laws and the company´s Document Retention Policy for as long as it is necessary in order to satisfy Our legal obligations, or in order to establish, exercise or defend legal claims. When your personal data is no longer necessary for these purposes, the personal data will be securely deleted. This may mean that your personal data is stored by AstraZeneca for a number of years, depending on the purpose and need for that data to be processed. For more information on AstraZeneca’s internal Document Retention policy you may go to www.astrazenecapersonaldataretention.com

WHO WILL HAVE ACCESS TO YOUR PERSONAL DATA?

Your personal data (including sensitive personal data) may be transferred to local and/or foreign regulatory bodies and other AstraZeneca group companies for the purposes set out in this notice. We may also share your personal data with certain third parties such as: auditors and consultants to verify Our compliance with external and internal requirements; statutory bodies, law enforcement agencies and litigants, as per a legal reporting requirement or claim; and a successor or business partner to AstraZeneca or to an AstraZeneca group company in the event that it sells, divests or sets up a collaboration/joint venture for all or part of its business.

During the period your data is held by AstraZeneca, personal data which identifies a patient will only be viewable by AstraZeneca’s patient safety team located in the country where the patient resides and a small number of IT service providers and system administrators who provide global support on the system where AstraZeneca holds the personal data. AstraZeneca will remove any patient identifiers (e.g. name, initial or address) prior to using or disclosing the data beyond the local safety team or system administrators. Information which is important for the medical assessment of the report, such as age and gender, may be disclosed to government or state bodies in order to comply with Our legal and regulatory obligations.

INTERNATIONAL TRANSFER:

AstraZeneca entities and third parties may be based anywhere in the world, which could include countries that may not offer the same legal protections for personal data as your country of residence. AstraZeneca will follow local data protection requirements and its internal global privacy standards and AstraZeneca will apply the necessary safeguards under the applicable law of the country transferring the data for such transfers. Irrespective of which country your personal data is transferred, We would only share your personal data under a strict ‘need to know’ basis and under appropriate controls (such as AstraZeneca’s Binding Corporate Rules (see below) and EU Standard Contract Clauses). You are entitled to receive a copy of AstraZeneca’s Binding Corporate Rules and/or the AstraZeneca’s EU Standard Contract Clauses upon request by contacting AstraZeneca on privacy@astrazeneca.com.

BINDING CORPORATE RULES:

We have ensured compliance with some of Our legal obligations in relation to personal data by implementing a set of ‘Binding Corporate Rules’ (BCRs). The BCRs set out AstraZeneca’s data privacy commitments in respect of personal data that is transferred internationally from Our affiliates in the European Economic Area (the EEA), and countries with similar restrictions on the use of personal data.

Our BCRs have been approved by a number of national privacy regulators and, in countries where they apply, require Us to:

  1. Use personal data for specified purposes only;
  2. Take steps to ensure that the personal data We hold is kept accurate and up-to-date;
  3. Take appropriate measures against the risks of unlawful use and accidental loss or destruction of, or damage to, personal data.

You can find out more about these commitments here. The BCRs and any rights arising under them do not apply to personal data originating in countries outside the EEA.

HOW WE PROTECT YOUR INFORMATION

We have in place appropriate privacy and security policies which are intended to ensure, as far as reasonably possible, the security and integrity of all Our information, including your personal data.

More information on how AstraZeneca complies with its data privacy obligations can be found in Our internal global privacy standards

DATA SUBJECT RIGHTS

You may contact AstraZeneca at https://www.astrazenecapersonaldataretention.com/ at any time to request access to the personal data we hold about you, to correct any mistakes or to request deletion of the same, or to request the restriction of processing of, or object to certain types of processing of your personal data. If such a request places AstraZeneca or its affiliates in breach of its obligations under applicable laws, regulations or codes of practice, then AstraZeneca may not be able to comply with your request but you may still be able to request that we restrict the use of your personal data for further processing.

AstraZeneca has assigned a Data Protection Officer responsible for overseeing AstraZeneca’s compliance with data protection law, which you may contact at privacy@astrazeneca.com or c/o the Chief Privacy Officer, AstraZeneca, Academy House, 136 Hills Road, Cambridge CB2 8PA, England in case of any questions or concerns regarding the processing of your personal data. If AstraZeneca’s processing of your personal data is covered by EU law you may also lodge a complaint with the corresponding Data Protection Supervisory Authority in your country of residence. You can find the relevant Supervisory Authority name and contact details under http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Last updated April 2018