1. Purpose
These Privacy principles are meant to provide you with an overview of the common principles applicable to the protection of personal data and personally identifiable information and privacy of users of mobile applications published and managed by the Sanofi Group and its affiliates (the “Application(s)”).
2. Data Controller
Specific terms of use govern the use of each Application. These terms set out the identity and contact details of the Sanofi legal entity which has published the Application. This entity is responsible for personal data collection and processing activities performed when you use the Application (the “Data Controller”). You can reach the Data Controller to exercise the rights you may have under applicable law.
3. Data, Access requests and purposes of data collection and processing
Each Application may collect or access different categories of personal data.
When you install an Application, this Application may request access (“Access request”) to specific features and data of your phone or digital tablet (“Device”). These Access requests are required for the operation of the Application and include among others:
Access to location data, in order to improve the use and user experience of the Application and associated services;
Access to Device-specific information (such as, hardware model, operating system version, unique device identifier, phone number), information about your use of the Device (system activity, settings, browser type, language etc.) and your use of the Application (such as, time spent using the Application, crash log), in order to improve the operation of the Application and generate anonymized aggregated statistics;
Access to the Device’s calendar(s), in order to create events in relation with the Application or its features (participation to an event, meeting and appointment, periodic reminders…);
Access to the accounts registered on the Device, in order to provide you with the services subject-matter of the Application and, among others, share information or events with your network;
Access to your contacts, in order to allow you to import them in the Application and facilitate predictive text within the Application;
Access to connectivity data, in order to allow the Application to connect to the internet;
Access to interactive features and storage of the Device (including reading and writing of new files), in order to allow you to take pictures, write, modify and record interactive and multimedia files from the Application.
Furthermore, and subject to your prior consent, the Data Controller may send push-notifications to your Device to notify you of updates to the Application, such as upload of new content and/or availability of a new version. These notifications can be deactivated at any time by accessing the settings of the Application or Device.
Parental or legal representatives’ prior consent is required for children aged 13 to 18.
If you decide to send a communication or an email to the Data Controller through the “Contact” feature of the Application, the Data Controller may process your contact details and any information included in your communication, in order to handle your request.
Finally, some of our Applications – and their associated Access requests – require collection and processing of personal data by the Data Controller. A list of the personal data collected and of the related processing activities is available in the terms of use of each Application. These data collection and processing activities will comply with applicable law.
4. Recipients and location of data
Your personal data will be shared with the personnel of the Data Controller and its affiliates companies.
Personal data can also be shared with partners, providers and subcontractors – including Google Analytics (for anonymized aggregated statistics). These partners, providers and subcontractors deliver specific technical or operational services to the Data Controller necessary for the processing activities described herein, within or outside of the European Economic Area.
Should personal data be transferred outside the European Economic Area, specific measures will be implemented by the Data Controller to ensure adequate security and protection of the personal data.
5. Security and confidentiality
Each Data Controller processes your personal data for the purposes set out in the terms of use of each Application and in compliance with applicable law. Each Data Controller has implemented adequate security measures in order to prevent non authorized access, modification, dissemination or destruction of your personal data.
6. Data retention
The Data Controller will keep and maintain the personal data for the time required to achieve the purpose for which the data were collected and processed, in compliance with applicable law and the rules specific to each Application.
7. Your rights
Access requests are required to install and use the Application. Access requests do not necessarily result in collection and processing of personal data by the Data Controller. If you do not wish to enable the Access Requests, you will not be able to use the Application, and should not install the Application. If you have already installed the Application and no longer want to enable the Access Requests you should uninstall the Application.
If you do not wish to receive push notifications from the Application, you can revoke your consent by accessing the settings of the Application or Device.
Furthermore, you have, at any time, the right to access, rectify, update, and delete your personal data collected and processed by the Data Controller, in the conditions set forth by applicable law. To this end, you should send a request to the Data Controller in accordance with any terms specified in the terms of use of the Application.