GSK Group of Companies ("GSK") Privacy Notice

Last Updated: 15-June 2020

We understand that privacy is important to you. We are committed to treating your personal information with care and integrity.

This Privacy Notice tells you what personal information we collect, how we collect it and what we use it for when you register with us and use GSK's authentication services to access and use GSK or third party systems and applications (the "Systems") and when you use your companies' sign on or other third party authentication service (for example Microsoft, Google log in page) to gain access to the Systems. With respect to third party systems please refer to 'Our responsibility regarding third party Systems'.

We also explain how we protect your personal information and keep it safe.

GlaxoSmithKline values your privacy. When we say "GSK", "we", "us" or "our", this is who we are referring to.

Personal information means any information or piece of information which could identify you either directly (e.g. your name) or indirectly (e.g. a unique ID number).

If you are an employee of GSK, this privacy notice does not apply to you. Please refer to your GSK Employee Notice. Contact your local HR representative in case you have doubts of where to find it.

In this Privacy Notice, we explain:

What personal information do we collect about you?

The personal information we collect and process may include the following:

    Basic information - Your name, country;
    Contact information - Your address, telephone number, e-mail address;
    GSK-issued identifiers - Information generated by GSK to enable the use of the Systems, networks and communication channels, such as MUDID or other unique identifiers; and
    Information generated during your use of the Systems - information about your device and your usage of our websites, apps and systems, including your IP address, device ID, hardware model and version, mobile network information, operating system and other online identifiers, type of browser, browsing history, search history, access time, pages viewed, URLs clicked on, forms submitted, and physical location;

You can choose not to give us different types of personal information when we ask you for them. If you decide not to give us your personal information, we may not be able to authenticate who you are and provide you access to the Systems.

How do we collect your personal information

We collect your personal information when you register with us to use GSK's authentication services, use the Systems, and otherwise give it to us like when you respond to surveys. We also collect your personal information in order to identify you and provide appropriate access when you use your companies' sign on or other third party authentication service (for example Microsoft, Google log in page) to gain access to the Systems.

How we use your personal information

We will only use your personal information for the purposes we describe below or for purposes which are reasonably compatible to the ones described. We cannot, and will not, use it for other purposes without your permission, unless we have a legal right or obligation to do so.

Communications

We will use your personal information:

  • to communicate with you;
  • to respond to your requests;
  • to provide you with tips, helpful information, product news and updates;
  • to notify you of our new products and services and
  • for other purposes that may be detailed in the System.
Managing the Systems

We will use your personal information to:

  • Provide secure access to the Systems;
  • Operate and manage the Systems;
  • Authenticate your status and access rights into the Systems;
  • Prevent use of the Systems for illegal purposes or contrary to GSK policies;
  • Protect the Systems and other property including intellectual property rights;
  • Create and maintain backups;
  • Create and use reports regarding your use of the Systems;
  • Gather statistical data, analytics, trends and other high-level aggregated data derived from your use of the Systems
  • Personalize your System experience; and
  • Improve the Systems.
Compliance

We will use your personal information to:

  • Comply with record-keeping and reporting obligations;
  • Conduct audits and risk management business process monitoring reviews;
  • Comply with government inspections and other requests from government or other public authorities;
  • Respond to legal process such as subpoenas, pursue legal rights and remedies, defend litigation and manage any internal complaints or claims;
  • Conduct internal investigations
  • Comply with the law and internal policies and procedures;
  • Monitor your activities as permitted and/or required by local law and/or regulation;
  • To enforce compliance with the Systems terms of use, or to protect our services, the Systems or other users; and
  • To audit the use of the Systems.
On what basis we use your personal information

We can collect and use your personal information when one of the following applies:

  • To take steps before entering into a contract or perform a contract;
  • To follow the law, for example:
    • record-keeping regulatory monitoring and reporting obligations;
  • You have specifically given us your permission when such permission is obligatory (the law calls it "consent"). You can withdraw your consent at any time. We will normally need your consent in the following circumstances:
    • Placing cookies on your device to find out how you use our Systems so we can personalise what you see by tailoring content and notifications to the things you are interested in;
  • For the legitimate interests of GSK, including those described above in "How do we use your Personal Information?" This does not apply if our legitimate interest is overridden by your interests or fundamental rights and freedoms;
  • For the establishment, exercise or defence of legal claims or proceedings;
  • To protect your vital interests or those of others; and
  • Because it is necessary for reasons of substantial public interest, on the basis of applicable laws.
How long we keep your personal information

In some jurisdictions, we are legally required to keep your personal information for certain period. How long depends on the specific legal requirements of the jurisdiction you are in when you share your information with us.
We will always keep your personal information for the period required by law and where we need to do so in connection with legal action or an investigation involving GSK. Otherwise, we will keep your personal information for as long as we have a relationship with you or in order to respond or process a question or request from you.

With whom do we share your personal information?

We share your personal information on a need to know basis, and to the extent necessary to follow laws and regulations, and in the context of managing our relationship with you.

We share your personal information only with teams in our GSK companies and affiliates who need to see it to do their jobs. Please see this link for a list of our affiliates and their locations.

From time to time, we may also need to make your personal information available to other entities, such as:

  • Technology suppliers who work with us to develop and improve our Systems, including websites, digital forums and apps;
  • third parties that provide or manage the Systems;
  • third parties that provide technical support, and others that are engaged to assist GSK in carrying out its business activities
  • Professional advisors, such as auditors, accountants and lawyers;
  • Local or foreign regulators, courts, governments and law enforcement authorities; and
  • Any entity who may acquire us or part of our business or brands;
In what instances do we transfer your personal information outside of your home country?

We work all over the world. Therefore, we may need to transfer and use your personal information outside of the country where we collect it from you. These countries may include: United States, United Kingdom and India, as well as countries within the European Union. We implement appropriate measures to protect your personal information when we transfer your personal information outside of your home country such as data transfer agreements that incorporate standard data protection clauses. The data privacy laws in the countries we transfer it to may not be the same as the laws in your home country. Law enforcement agencies, regulatory agencies, security authorities or courts in the countries we transfer your personal information to may have the right to see your personal information.

Additional information if you are in the European Economic Area (EEA)

The European Commission recognises that some countries outside the EEA have similar data protection standards. The full list of these countries is available here.
If we transfer your personal information to a country not on this list, we do so based on standard contract clauses adopted by the European Commission. These enable us to make international transfers of personal information within our group of companies and meet the data protection laws of the European Union and the General Data Protection Regulation (GDPR).

How do we protect your personal information?

We want to make sure your personal information is not shared with or used by those not allowed to see it. We use a variety of security measures and technologies to help protect your personal information.
We carefully choose service providers to work with, and check they have security measures and technologies in place to protect your personal information.

What are your rights regarding your personal information?

You have rights we need to make you aware of. The rights available to you depend on our reason for processing your personal information and the local law in your jurisdiction. Depending on this you may have the right to:

  • Request information about the processing of your personal information and ask us for copies of your personal information;
  • Ask us to correct information you think is inaccurate or incomplete;
  • Ask us to delete your personal information;
  • Ask us to restrict the processing of your information;
  • Object to our processing of your personal information;
  • Ask that we transfer information you have given us from one organization to another, or to give it to you; and
  • Complain to your data protection authority.

You can find out how to get in touch with us to ask us to do any of the above by looking at the Contact Information and Privacy point of contact section.

For your protection, and to protect the privacy of others, we may need to verify your identity before completing what you have asked us to do.

Where we have relied upon your permission to use your personal information, and you later withdraw that permission, we may not be able to complete some of the activities described in the How do we use your personal information.

Our responsibility regarding third party Systems

You should be aware that some third party systems or applications you access may have a specific terms of use, privacy notice or cookie policy. Please read those terms of use, privacy notices or cookie policy posted on each System to understand their practices with respect to your personal information.

Information about children

Our services are not directed to children and we do not knowingly collect any personal information from children except as permitted by or required by applicable law.

Cookies

Our websites and applications may use technology called "cookies" and similar technologies. A cookie is a small text file that is placed on your hard disk by a server. Cookies and similar technologies allow our websites and mobile applications to respond to you and provide a more personalized experience. The website or mobile application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. For instance, our server may set a cookie that keeps you from having to enter a password more than once during a visit to a website. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or receive a warning before a cookie is stored if you prefer. Please refer to your Internet browser's instructions or help screen to learn more about these functions and to specify your cookie preferences, and note that your browser controls might not control other types of technologies. You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html. If you choose to decline cookies, you may not be able to fully experience the interactive features of our websites or any other websites that you visit. To the extent that your local laws consider the information collected by cookies and other technologies as personal information, we will treat that information to the standards set out in this privacy notice. For more information on our use of cookies, please visit the Cookie Policy on the System you are browsing. You can usually find the link at the bottom of each page. This policy explains what cookies and similar technologies are, and how we use them. With respect to third party systems please refer to Our responsibility regarding third party Systems.

How we update this Privacy Notice?

From time to time, we will update this Privacy Notice. Any changes become effective when we post the revised Privacy Notice on our privacy portal. This Privacy Notice was last updated as of the Last Updated date shown above. If changes are significant, we will provide a more prominent notice to let you know what the changes are.

Who is the controller of your personal information?

GSK LLC, with domicile at Philadelphia Navy Yard, 5 Crescent Drive, Philadelphia, PA 19112, United States, and GSK Services Unlimited, 980 Great West Road, Brentford Middlesex TW8, United Kingdom, together with the local GSK company which has a relationship with you, are the controllers of your personal information. Here is a list of the locations where we operate, along with relevant contact details: GSK's worldwide contacts.

Contact Information and Privacy point of contact

If you want to exercise your rights, have any questions about this privacy notice, need more information or would like to raise a concern, each local privacy point of contact's details can be found here.

©2022 GSK plc. All Rights Reserved - Updated June 15, 2020

Terms of Use

Close