Healthcare Professional (HCP) Privacy Notice
Last Updated: 15-06-2026
1. Introduction
2. Scope of the Policy
3. Responsible Entity - Controller
4. Data We Collect
5. Sources Of Your Personal Data
6. Our Purposes and Legal Bases
7. Data Sharing
8. International Data Transfers
9. Data Retention
10. Rights of Healthcare Professionals
11. Data Security
12. Changes to the Policy
13. Contact Information
1. Introduction
Galderma SA or any of its subsidiary or affiliated companies worldwide (“Galderma”) respects and values the privacy of the healthcare professionals including doctors, specialists, consultants, speakers, and other healthcare professionals and business partners (“HCPs”) with whom Galderma collaborates. This Privacy Notice outlines how Galderma collects, uses, shares, stores, and otherwise processes the information that relates to an identified or identifiable HCPs (“personal data”) in compliance with applicable data protection laws and regulations.
2. Scope of the Policy
This Privacy Notice applies to the processing of personal data of HCPs with whom Galderma interacts. In this Privacy Notice, “you” refers to the HCPs described above.
Information on processing activities by Galderma regarding personal data in the context of Galderma websites can be found in the Global Privacy Notice.
With respect to the processing of personal data in the context of medical information inquiries, pharmacovigilance activities and product complaints, please see the Medical Information, Pharmacovigilance and Product Complaints Privacy Notice.
3. Responsible Entity - Controller
The data controller is the Galderma entity with whom the HCP interacts namely [INSERT FULL DETAILS OF THE LOCAL GALDERMA ENTITY] (“Controller” or “we”, “us”, “our”).
If you have any questions or concerns about this Privacy Notice or our processing of your personal data, please contact us via the email address included in the ‘Contact Information’ section.
4. Data We Collect
Depending on how you interact with Galderma (online, offline, over the phone, etc.), We may collect various types of personal data about you, as described below:
Personal identification data: Name, job title, professional qualifications, gender, date of birth.
Contact details: Email address, phone number, postal address, health care employer, workplace location.
Profile Data: Including your username and password, online user ID, viewing data, information regarding your interaction with our website, marketing preferences, feedback and survey responses.
Professional data: Biographical information (CV), Specializations, affiliations, therapeutic area, certifications, medical license numbers.
Event data: Photos, videos, and testimonials collected during events, conferences, and professional engagements.
Financial data: Bank account information for payment of honoraria, fees, or reimbursements, order history.
Interaction data: Records of communications, participation in events, clinical trials, advisory boards, and collaborations.
Please note that if you choose not to provide certain personal data, some of our services or features may not be available to you and we may not be able to provide you with personalized content. We only request personal data that is necessary to deliver our services effectively.
5. Sources Of Your Personal Data
We usually collect information directly from you, e.g., in the context of events, conferences, interviews, collaborations, clinical trials and other professional engagements.
We may also collect personal data from publicly available sources such as professional directories (e.g., Medical Societies, Medical Associations), social professional networks (LinkedIn, Twitter), online scientific publications, (e.g., Medical Journals) or professional subscription dataset/databank owned by third-party service providers (such as Veeva, IQVIA).
6. Our Purposes and Legal Bases
Below, you may find a detailed overview of all the purposes for and all the legal bases under which we will process your personal data in line with the respectful activity. Please note that not all of the uses below will be relevant to every individual.
Purpose | Legal basis (including pursued legitimate interests, where applicable under the applicable data protection law) | Data categories |
|---|---|---|
Professional collaboration: To manage and facilitate the collaboration between Controller and HCPs (e.g., regarding services, products, projects, research, events), including to assess your suitability for professional collaboration, and to communicate with you about professional collaboration. | (i) Performance of a contract if the HCP is the (future) contractual partner, or (ii) if your employer / commissioner concluded the contract or intends to do so, legitimate interests in effectively and productively carrying out the contract with your employer / commissioner. | Personal identification data, contact details, profile data (excluding interaction with website, marketing preferences), professional data, event data, financial data, interaction data |
Identify and contact HCPs for potential professional collaboration To identify and contact HCPs suitable for professional collaboration with us based on their qualification and interaction with us. | Legitimate interests in identifying HCPs for potential professional collaboration based on their suitability for our project, research, events, etc. Consent (where required)
| Personal identification data, contact details, professional data, interaction data |
Payments and reimbursements: To pay honoraria, fees, and other financial obligations. | (i) Performance of a contract, or (ii) if payment derives from legal obligation to which Controller is subject. | Personal identification data, contact details financial data, interaction data |
Event management: To organize and promote events, conferences, and other professional engagements, including the use of photos and videos. | (i) Performance of a contract related to the relevant event if the HCP is the (future) contractual partner, or (ii) if your employer / commissioner concluded the contract related to the relevant event or intends to do so, legitimate interests in effectively and productively carrying out the contract with your employer / commissioner, and/or (iii) consent (e.g., regarding the use of photos and videos) if consent was obtained from you. | Personal identification data, contact details, professional data, event data interaction data photos and videos |
Analytics and profiling To combine the personal data categories listed in the ‘Data We Collect’ section to understand your preferences and/or interests and to better understand the HCPs who we aim to engage. This helps us anticipate your needs and market trends, improve how we interact with you, and tailor the content of our website, emails and communications channels to your interests. | (i) Consent, or (ii) where your consent is not required, legitimate interest in understanding your preferences / interests and tailoring our content accordingly, improving how we interact with you, improving our products/services, and understanding market trends. | Personal identification data, contact details, profile data, professional data, event data, financial data, interaction data |
Marketing communication To send invitations to events, updates on products, services, and initiatives.
| (i) Consent, or (ii) where lawful under applicable national direct marketing rules, our legitimate interests in marketing our events, products, services, and initiatives. | Personal identification data, contact details, profile data, interaction data. |
Other communication To communicate with you where communication is neither related to professional collaboration nor carried out for marketing purposes, e.g., if you reach out to us with criticism, suggestions or input unrelated to any professional collaboration. | Legitimate interests in responding to communication addressed to us, or Consent | Personal identification data, contact details |
Corporate transactions To enable corporate transactions (including sale of all or part of our asset(s) and/or activity(ies)). | Legitimate interests in disclosing information to (potential) buyers or acquirers and their external counsels in certain scenarios, or Consent | Personal identification data, contact details, profile data, professional data, event data financial data, interaction data |
Compliance with legal obligations: To fulfill transparency requirements, deriving from healthcare transparency, product safety, and/or tax obligations. | (i) Compliance with legal obligations, or (ii) Legitimate interest to meet soft law requirements such as requirements deriving from industrial codes of conduct. | Personal identification data, contact details, profile data, professional data, event data financial data, interaction data |
Safeguard rights To safeguard our rights. | Legitimate interests When the processing is necessary to establish, exercise and defense any legal claims or when the processing is in connection with judicial or security proceedings. | Personal identification data, contact details, profile data, professional data, event data financial data, interaction data |
Intra-group transfers To transfer personal data to other Galderma entities as required for the purposes listed above. | (i) Consent where the relevant processing activity listed above relies on consent, or (ii) legitimate interests in transferring personal data within the Galderma group of companies for internal administrative purposes. | The data categories correspond to those listed with respect to the relevant purpose for processing. |
In case we want to use your personal data for purposes unrelated to those described in the table above, we will appropriately notify you and, where required, obtain your consent or offer you a choice as to whether or not we may use your personal data in this manner.
7. Data Sharing
We may share your personal data with service providers that process personal data on our behalf and subject to our instructions as so-called data processors, for the purpose of providing their professional services to us:
IT service providers (hosting services, email services, document processing software, website analytics, website operation, website development)
Tag management, cookie consent and analytics technology providers (e.g., providers enabling pixels, tags, web beacons or other tracking technologies)
Cybersecurity, fraud prevention and data protection service providers responsible for system monitoring, security and backup
Customer support and patient or consumer engagement service providers supporting educational materials or product-related information services
Event management and advertising, media and social media partners who support targeted advertising, campaign measurement and audience insights
Marketing support providers (e.g., handling and dispatch of newsletters)
Market research agencies or consultants conducting surveys, interviews and studies
Privacy and compliance management service providers (for example, OneTrust LLC)
Logistics and delivery providers assisting with shipment of materials, samples or event-related items.
Furthermore, we may share your data with the following third parties:
Other entities of the Galderma group.
Other third parties (data controllers):
Regulatory authorities (including healthcare authorities, tax authorities and law enforcement agencies) for the purpose of compliance with legal obligations (e.g., under healthcare transparency laws, tax law, drug/medical device safety laws)
Other pharmaceutical companies who are our co-marketing, co-distribution, or other license partners of Galderma if they relate to the product/activity of interest
Healthcare professionals and clinical research organizations for the purpose of collaboration
Consultants (including lawyers and auditors) for the purpose of compliance with legal obligations and/or safeguarding rights
Courts for the purpose of safeguarding our rights
Potential buyers or acquirers of all or part of our asset(s) and/or activity(ies) for the purpose of corporate transactions
Where any such organization is located outside of your country of residence, the resulting international transfers of Personal Data are carried out in accordance with Section 8 of this Privacy Notice.
8. International Data Transfers
The storage as well as the processing of your personal data as described above may require that your personal data is ultimately transferred/transmitted to, and/or stored at, a destination outside of your country of residence. When we share your personal data with an entity located outside of your country of residence (e.g. other Galderma entities, third parties), including to countries which have different data protection standards to those which apply in your country of residence, we will put in place, in line with applicable legal requirements, appropriate safeguards to ensure that your personal data is appropriately protected. In the absence of an adequacy decision and/or any other data protection related certifications – unless applicable data protection law provides for an exception – these measures may include (i) entering into approved standard contractual clauses, as amended or replaced at any time, to protect your personal data, as well as any supplementary measures required by law or deemed necessary, to provide an adequate level of data protection and/or (ii) obtaining your consent (where permitted or required by law).
You may request further information regarding these safeguards or obtain a copy of the relevant contractual protections by contacting us using the details provided in Section 13.
9. Data Retention
We will hold your personal data on our systems for as long as is necessary to fulfil the purposes that we collected it for. By law, we are required to retain certain information for a prescribed period of time. In circumstances where there are no such legal requirements, to determine the appropriate retention period, we will consider the nature of the personal data, the purposes for which we are processing your personal data and the potential risk of harm from unauthorized use or disclosure of your personal data. Therefore, personal data may be kept for as long we reasonably determine it is required for, according to our retention policy and applicable laws.
Personal data subject to legal holds, investigations, audits or other mandatory preservation requirements may be retained for the duration of the relevant obligation or proceeding. We may also retain personal data as necessary for the establishment, exercise or defense of legal claims.
Data that is no longer needed will be securely deleted or anonymized.
10. Rights of Healthcare Professionals
HCPs have the following rights concerning their personal data:
Access and to be informed: To request a copy and/or to be informed of the personal data we hold about you.
Rectification: To request correction of inaccurate or incomplete personal data.
Erasure: To request the deletion of personal data, where applicable.
Restriction: To request the restriction of processing, where applicable.
Objection: To object to processing, where applicable.
Data portability: To request a copy of your personal data, which you have provided to us, in a structured, commonly used, machine-readable format.
Withdraw consent: To withdraw consent at any time with effect for the future, where consent was provided for processing.
Automated decision-making and profiling: To request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Where applicable, you also have the right to obtain human intervention, to express your point of view, and to contest the decision.
To be informed about data transfers: To request more information about the countries where your data is transferred and, where such countries have not been recognized as proving an adequate level of data protection, to request more information about the appropriate safeguards implemented such as standard data protection clauses.
Please note that the exercise of these rights may be subject to limitations and/or restrictions set out in applicable laws; they may also be subject to variations or additional rights may be available to you in your country of residence or place of work.
If you wish to exercise one of these privacy rights, you may submit a relevant request using our Data Subject Request Webform; alternatively, you may also send our Group Data Privacy Office an email at privacy.office@galderma.com, or write at the Galderma Headquarters, at Galderma SA, Zählerweg 10, 6300 Zug, Switzerland.
If we do not satisfy your request or if you consider that the processing of your personal data infringes data protection law otherwise, depending on your jurisdiction, you may also have the right to lodge a complaint with a data protection authority in your country of residence, or your place of work or of the alleged infringement. If you are based in the EEA, the competent Data Protection Authority’s contact details may be found here. If you are based in the UK, you may contact ICO here. If you are based in Switzerland, you may contact FDPIC here.
If you are based in the US, please visit our US Privacy Notice to learn how to exercise your privacy rights.
11. Data Security
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, accidental loss, or misuse, alteration or unlawful processing. Please note, however, that these protections do not apply to information you choose to share in public areas such as third-party social networks.
12. Changes to the Policy
We might change the way we process your personal data. Therefore, Galderma reserves the right to modify this Privacy Notice at any time. Please check back frequently to see any updates or changes in our Privacy Notice.
13. Contact Information
If you have any questions or concerns about this Privacy Notice or your personal data, please contact us at privacy.office@galderma.com.
Please also note that Galderma SA has designated EU and UK Representatives pursuant to Article 27 of the GDPR and UK GDPR respectively.
EU:
Q-MED AB
Seminariegaten 21, 75228, Uppsala, Sweden
Email: DataProtection.SEUPP@galderma.com
UK:
Galderma (U.K.) Limited
Evergreen House North, Grafton Place, London, England, NW1 2DX
Email: uk.privacy.office@galderma.com