Novartis Privacy Policy

Novartis International AG (in 4056 Basel, Switzerland; in this notice referred to as “Novartis”, “we” or “us”) provides the iEthics mobile application (“App”) for the purpose of providing you with instant access to Compliance resources such as the Code of Conduct or the P3 Guidelines through a mobile device. Novartis is responsible for the processing of personal information about you in connection with the use of the App (“Personal Data”), whereby Novartis is acting as the “Data Controller.” Novartis uses the platform provided by the third party Guidebook, Inc. in the USA (“Vendor”), which operates the App, and also acts as a processor of your Personal Data on behalf of Novartis. This notice describes the collection and use of your Personal Data when you are using the App. For general or related information about Novartis’ collection and use of employment related personal information of Novartis employees, access the general Privacy Notice for Associates through a link on HR Compass or at the bottom of the intranet start page http://go/pn. On the Privacy Notice for Associates you may also find additional information about the legal grounds of processing your Personal Data, about sharing Personal Data with third parties and how we protect it and about exercising privacy rights.

What Personal Data is collected when using the App and for what purposes?

For the purpose of providing you with the App, the following Personal Data is processed:

Account Information: Novartis identifiers (such as name, Novartis email address, etc.) are used to identify you and provide you with access to the App. Location Information: If you enable location services for the App, then Vendor’s map service provider will collect and process your geolocation information as necessary to provide the App. You may opt-out of this collection by changing the settings on your device. Vendor will not process or store your geolocation information.

Interactive Features: You may send messages to other users of the App or connect with them, in which case we will collect records and data reflecting your interactions with the other users. In addition, the App includes interactive features such as commenting functionalities, review forums, and social networking services. We, Vendor and other users of the App may collect the information you submit or make available through these interactive features. Any information shared on the public sections of these channels will be considered “public” and may not be subject to the privacy protections referenced herein.

Usage Data: We will collect information about how you use the App and what documents you access for statistics. Vendor will only provide de-identified and/or aggregated information to Novartis about such usage data unless you consent to our sharing of identifiable usage data with Novartis.

Automatic Data Collection: Vendor may collect additional information automatically when you use the App. This information may include your Internet protocol (IP) address, user settings, device identifiers (e.g., IDFA or Google Ad Id), mobile carrier, operating system or device type, Internet service provider, information about the links you click, and other information about how you use the App. Information we collect may be associated with your account and the devices you use.

Use of Personal Data: All Personal Data collected by the App may be used to provide the App and its related services, as described in this notice, including to directly interface with you for administrative purposes. In addition, Vendor may monitor your use of the App to create and analyse de-identified and/or aggregated summaries. These de-identified and/or aggregated summaries are not Personal Data and Vendor may use and disclose such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes.

Who will your Personal Data be disclosed to?

Service Providers: Your Personal Data may be shared with service providers who are involved with the provision of the App.

Other Users: When you use the App, the Personal Data you provide will populate a profile that is visible to other users of the Services. Vendor cannot and does not control the actions taken by other users with information they can access through the App.

Legal Disclosures: We may have to disclose your personal data to government agencies, courts, and designated third parties specified if we are required to do so by applicable law, regulations, court orders or decisions, as we, in our sole discretion, believe necessary or appropriate.

Merger, Sale or Other Asset Transfers: If Novartis or Vendor is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction as permitted by law and/or contract.

How long do we store your Personal Data on the iEthics platform?

Personal Data from the App will be retained for as long as necessary to fulfil the purpose for which it was collected, to comply with legal or regulatory requirements or to defend Novartis’ interests in a legal matter. Once Novartis stops receiving services from Vendor, all remaining Personal Data will be deleted unless still required to comply with legal or regulatory requirements.

Security of Personal Data

The App maintains reasonable technical and organizational measures designed to safeguard your Personal Data.

International Transfers of Personal Data

All information processed by the App may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We have taken appropriate safeguards to require that your Personal Data will remain protected.