Below you will find information on how Alcon processes your personal data within
  1. The Alcon FitSCAN application and
  2. (Linked thereto) Within our general business relationship.
 

I.  Alcon FitSCAN: APPLICATION-SPECIFIC PRIVACY POLICY


In order for you to register for Alcon FitSCAN, Alcon will need to collect, use and process the following information from you:

Your name, e-mail address, mobile Phone, registration password, your existing Alcon Customer Account with Commercial ID (account information).

Once you are registered, Alcon FitSCAN will provide the interface for you to place your order of trial lenses and trace the order status on your mobile. 

Alcon FitSCAN will help you transmit your orders to Alcon’s product order management and payment systems such as SAP. You are free to choose another method of ordering Alcon product and to discontinue at any time the usage of Alcon FitSCAN.

Your order details from the last 6 months and basket activity will be kept within Alcon FitSCAN. If you choose to take advantage of the order option to take a photo of your remaining Alcon product stock, these images will not be kept within Alcon FitSCAN and access to your camera will be only requested and activated for the time you take the picture.
 

Alcon FitSCAN does not make use of any cookies or tracking technology without your consent. If you have given us your consent, you may revoke it any time by going to the Personal Settings section.


With your consent, Alcon FitSCAN would use the following cookie/tracking technology:
Name: Localytics 
Purpose: to analyze your Alcon FitSCAN usage data in order to improve Alcon FitSCAN and to personalize your experience
Storage Duration: 2 years

For any questions on how we process your personal data or on how you can exercise your rights, please refer to our detailed HCP/ECP Privacy Information Notice below or contact privacy@alcon.com .
 

II.  PRIVACY INFORMATION NOTICE FOR:


HEALTHCARE PROFESSIONALS (HCP)/EYECARE PROFESSIONALS (ECP) included in Alcon’s CRM system, ordering Alcon product and receiving digital marketing communications

With this Privacy Notice, Alcon would like to tell you about the personal data (any information that is capable of identifying you) we collect and use as well as how we ensure we respect your rights.
For which reasons do we need to collect and use your data?

- We include your personal data in our Customer Relationship Management System (CRM) in order to communicate with you regarding the sale and promotion of our products (this is based on our legitimate interest).

- We collect your personal data to deliver you with Alcon products and manage the related payment process (this is necessary for the performance of our contract and based on Alcon’s legitimate interest to sell its products).  

- If you gave us your consent to do so (on an opt-in or an opt-out basis as required by the laws of the country where you are resident), we will use your personal data for sending you digital promotional communications as per your specific choices.
How do we ensure we respect your rights and the law?

We make sure we follow these Privacy Principles when we collect and use your personal data:
Security: We keep your personal data safe and secure from misuse or unauthorized alteration, loss, or access by using appropriate technical, physical, and organizational measures (such as multifactor password authentication, encryption, access restriction, etc.).

Limited Purpose: We collect and use your personal data only as necessary for the purpose.
Limited Data: We only collect the personal data that we need.
Data Quality: We keep your personal data up to date and ensure that it is accurate. Limited Access: We only give access to your personal data on a strict need to know basis.
Limited Retention: We only keep your personal data as long as necessary for the purpose.
Lawful Use: We make sure we have a valid and lawful reason to collect and use your personal data (for example, a legitimate interest as referenced above).

What personal data do we collect and use?

We collect and use the following personal data:
  • Your name, business contact details, and professional qualifications, (sources: directly from you, public sources such as websites or third party data providers like IQVIA/IMS/Veeva/MedPro);
  • Information specific to our professional interactions, e.g. meeting visit notes, (source: directly from you);
  • Information relevant to your Alcon product orders and the related payment process
  • The scheduling of meetings with you (source: directly from you or from your employer or place of business);
  • Information relevant to your professional interests such as promotional, medical, and educational information (source: directly from you or from a third party provider); and
  • If you have consented (on an opt-in or opt-out basis) to receiving digital communications from us: information relevant to your preferred content, preferred communication channels, your access to and interest in communication sent.
Why do we collect and use your personal data?
We collect your personal data in order to:
  • Schedule meetings with you;
  • Determine your interest in receiving information relating to Alcon products;
  • Provide Information relevant to your professional interests such as promotional, medical and educational information;
  • Provide you with Alcon product deliveries
  • Comply with voluntary or regulatory transparency reporting disclosures or other regulatory obligations.
We rely on our legitimate interest as a healthcare company to engage in business interactions with you. For the provision and delivery of Alcon product, we rely in addition on our contractual obligations.
In the case of digital marketing activities we rely on your consent either on an opt-in or opt-out basis, as required by the laws of the country where you are resident.
We may also collect and use your personal data as necessary based on our regulatory transparency reporting or other legal requirements. For any voluntary transparency reporting we will ask for your consent.
How long do we keep your data?
We keep and use your information for as long as necessary for the administration of our relationship unless you ask us to delete your data prior to that date or unless otherwise required under transparency reporting disclosures or other regulatory obligations.
Automated Decision Making and Profiling
We do not use any automated decision making or profiling.
Do you need to provide us with your personal data?
You are not obliged to provide us with any personal data.
Who do we share your personal data with?
If required your personal data can be shared by Alcon with:
  • Other companies in the worldwide Alcon Group, wherever located;
  • Third party consultants, service providers, partner companies contracted by or on behalf of Alcon or its affiliates, wherever located;
  • Healthcare professional boards, authorities, government agencies, regulators wherever located;
  • Publically online as part of voluntary transparency disclosures; and
  • Where required by institutional policy or government entity, to your employer.
Where is your personal data used or stored?
We transfer your personal data to other countries outside of the country of residence where you provided your personal data to Alcon, as follows:
We transfer your personal data:
  1. To Switzerland and Japan: Switzerland and Japan are considered as providing adequate data protection standards.
  2. Within the worldwide Alcon group of companies including to the United States: We rely on approved legal methods for such international transfers including Standard Contractual Clauses (an approved European Union legal method) or other country approved transfer contracts for non-European Union countries, for these transfers.
  3. To service providers located in countries where data protection standards may not have been determined to be adequate by the European Union (if you are located in a European Union country): these countries include the United States and India. In these cases, we will ensure that any recipients of your personal data are bound by contract to meet  applicable data protection standards.
You can reach out to our Data Protection Officer for further information. Alternatively for persons based in the European Union, you can find further details on these protections on the European Commission’s webpage on international transfers (see for example: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/rules-international-data-transfers_en)
What are your rights?
Depending on your country of residence and on where your personal data is used, you may have a number of rights.
The availability of some of these rights depends on the lawful basis for processing your personal data and your rights may also be subject to certain other legal conditions and restrictions.
You may have the right:
  • to obtain access to your personal data together with information about how and on what basis that personal data is processed;
  • to rectify inaccurate personal data (including the right to have incomplete personal data completed);
  • to erase your personal data in limited circumstances where it is no longer necessary in relation to the purposes for which it was collected or processed or where you object to or withdraw your consent. This right may also apply where the processing was unlawful;
  • to restrict processing of your personal data where:
    • the accuracy of the personal data is contested;
    • the processing may be non-compliant but you do not wish at this stage to request erasure of the personal data;
  • to challenge processing where it is justified on the basis of a legitimate interest;
  • to obtain a portable copy of your personal data, or to have a copy transferred to a third party controller;
  • to obtain more information as to safeguards under which your personal data is transferred outside of the EEA (if relevant); or,
  • to withdraw your consent
  • to lodge a complaint with the data protection/supervisory authority noted below.
We may ask you for additional information to confirm your identity and for security purposes before processing your request.
Who can you contact regarding your rights?
Data Controller: The entity that determines why and how your personal data is processed is called a Data Controller.
The Data Controller for the processing of your personal data is:
Alcon Vision LLC and its affiliates
privacy@alcon.com
For Alcon organizations or affiliates located outside of the EEA and for the purposes of the applicability of the General Data Protection Regulation 2016/679, Alcon has elected Alcon Laboratories Belgium BVBA as its legal representative.
Data Protection Officer Alcon: privacy@alcon.com
Data Protection Authority/Supervisory Authority: The Data Protection Authority/Supervisory Authority for the processing of your personal data is the authority located in the country where you live or work. For individuals resident in the European Union, more information about how to contact these authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en .