Privacy Notice
Last Updated: 15-06-2026
1. Introduction
Galderma SA or any of its subsidiary or affiliated companies worldwide (“Galderma”) respects and values the privacy of all individuals with whom we interact as set out below (“you”). This Privacy Notice outlines how Galderma collects, uses, shares, stores, and otherwise processes the information that relates to an identified or identifiable individual (“personal data”) in compliance with applicable data protection laws and regulations. We may also provide supplemental or “just-in-time” privacy notices at the point where personal data is collected, where required to describe additional processing activities.
2. Scope of the Notice
This Notice covers most of our online and offline data collection activities, including personal data that we collect through our various channels such as websites, third party social networks, digital platforms, mobile applications, online forms, virtual or in-person event registrations and other electronic interactions.
With respect to the processing of personal data in healthcare professionals (HCPs), please see the HCP Privacy Notice.
With respect to the processing of personal data in the context of medical information inquiries, pharmacovigilance activities and product complaints, please see the Medical Information, Pharmacovigilance and Product Complaints Privacy Notice.
If you do not wish to provide necessary personal data to us (we will indicate to you when this is the case, for example, by making this information clear in our registration forms), we may not be able to provide you with our goods and/or services.
3. Responsible Entity - Controller
The data controller is the Galderma entity with whom the HCP interacts namely [INSERT FULL DETAILS OF THE LOCAL GALDERMA ENTITY] (“Controller” or “we”, “us”, “our”).
If you have any questions or concerns about this Privacy Notice or our processing of your personal data, please contact us via the email address included in the ‘Contact Information’ section.
4. Data We Collect
- Depending on how you interact with Galderma (online, offline, over the phone, etc.), We may collect various types of personal data about you, as described below.
Personal contact information. This includes any information you provide to us that would allow us to contact you, such as your name, postal address, e-mail address, phone number or fax number.
Professional information. This includes information about you in your professional capacity, such as biographical information, specializations, affiliations, therapeutic area, certification, medical license numbers.
Information from computer/mobile device. Any information about the computer system or other technological device that you use to access one of our Websites, such as the Internet protocol (IP) address used to connect your computer or device to the Internet, operating system type, and web browser type and version. If you access a Galderma Website via a mobile device such as a smartphone, the collected information will also include, where permitted, your phone’s unique device ID, advertising ID, geo-location, and other similar mobile device data. We may also collect device-level metadata, including hardware model, browser settings, time and duration of visits, search history, page interaction data, and similar technical information generated automatically when you use our digital services.
Websites/communication usage information. As you navigate through and interact with our Websites or newsletters, we use automatic data collection technologies to collect certain information about your actions. This includes information such as which links you click on, which pages or content you view and for how long, and other similar information and statistics about your interactions, such as content response times, download errors and length of visits to certain pages. This information is captured using automated technologies such as cookies and web beacons, and is also collected through the use of third party tracking for analytics and advertising purposes. You have the right to object to the use of such technologies, for further information please see point C below. This may also include behavioral information such as navigation patterns, interaction paths, scroll activity, and aggregated metrics used to understand user preferences and improve our services.
Consumer-generated content. Any content that you create and then share with us on third party social networks or by uploading it to one of our Websites, including the use of third party social network apps such as Instagram. Examples include photos, videos, personal stories, or other similar media or content. Where permitted, We collect and publish consumer-generated content in connection with a variety of activities, including contests and other promotions, website community features, consumer engagement, third party social networking, testimonials, interviews, recorded audio or video materials, and personal experiences that you voluntarily provide as part of patient support initiatives, disease awareness activities or other educational programmes.
Third party social network information. Any information that you share publicly on a third party social network or information that is part of your profile on a third party social network (such as Instagram) and that you allow the third party social network to share with Us. Examples include your basic account information (e.g. name, email address, gender, birthday, current city, profile picture, user ID, list of friends, social media content that you post about our products, services or brand, including for social listening and sentiment analysis etc.) and any other additional information or activities that you permit the third party social network to share. We receive your third party social network profile information (or parts of it) every time you download or interact with a Galderma web application on a third party social network such as Instagram, or every time you use a social networking feature that is integrated within a Galderma site (such as Facebook Connect) or every time you interact with us through a third party social network. This Privacy Notice does not apply to the third-party social networks. To learn more about how your information from a third party social network is obtained by Galderma, or to opt-out of sharing such social network information, please visit the website of the relevant third party social network.
Additional categories of data we may collect depending on your interaction with us:
Account and authentication information such as usernames, encrypted passwords and login credentials when you create an account on our platforms.
Transaction and purchase-related information, including order history, payment-related data and billing details where applicable.
Special categories of personal data (e.g., health data, biometric identifiers, data revealing racial or ethnic origin) only where you voluntarily provide such information, for example when participating in patient support programs or seeking product-related assistance; and where permitted by applicable law and subject to required safeguards.
Classification or profiling data generated through the analysis of your interactions with our Websites, communications or services, for the purposes described in this Notice.
Hashed identifiers (such as hashed email addresses or phone numbers) that we create from your contact information for the purpose of matching your data with social media platforms for targeted advertising and audience creation.
- Children’s Personal Data: We do not knowingly solicit or collect personal data from children below the age of 16. Our Websites and online services are not directed at children, and children should not provide personal data online without the involvement of a parent or guardian. If we discover that we have unintentionally collected personal data from a child below 16, we will remove that child’s personal data from our records promptly. However, Galderma may collect personal data about children below the age of 16 years of age from the parent or guardian directly, and with that person’s explicit consent as required by law.
- Cookies/Similar Technologies: We group cookies and similar technologies into “necessary,” “functional,” and “targeting/advertising” categories, and may use pixels, tags or web beacons for analytics, engagement measurement and personalized advertising. Please see our Cookie Policy {include link} to learn how you can manage your cookie settings and for detailed information on the cookies we use and the purposes for which we use them. The use of non-essential cookies and similar technologies (including analytics, profiling, advertising and social media tracking cookies) will only take place where you have provided your consent through our Cookie Management Platform.
- Google Fonts: We also use Google Fonts, which is a web font service provided by Google that enables the optimization of our Websites providing the correct fonts. We host Google Fonts locally without ever having to connect to a Google Server.
5. Sources Of Your Personal Data
We may collect personal data from or about you, from the following sources:
Galderma websites. Websites operated by or for Galderma, including sites that we operate under our own domains/URLs and mini-sites that we run on third party social networks such as Facebook (“Websites”).
E-mail, webforms, text and other electronic messages. Interactions with electronic communications between you and Galderma.
Data we create. In the course of our interactions with you, we may create personal data about you (e.g. records of your interactions with our Websites).
Data from other sources:
third party social networks (e.g. such as Instagram): personal contact information, professional information, consumer-generated content, third-party social network information,
market research (if feedback not provided on an anonymous basis): personal contact information, professional information, consumer-generated content,
events: personal contact information, professional information,
public sources: personal contact information, professional information,
data received when we acquire other companies: personal contact information, professional information, consumer-generated content, third-party social network information,
public social media content and publicly shared opinions relating to our products or services, collected for permitted social listening or sentiment analysis,
professional directories, publicly accessible registries, publications and association websites,
third-party data brokers, analytics providers or partners who aggregate or supply information from publicly available and proprietary sources,
lead forms and registrations hosted on third-party platforms or embedded in online advertisements where you request information or register interest,
conference, congress or tradeshow organizers, including through badge scans or digital lead capture tools,
joint marketing partners, co-sponsors or collaborators who offer services, programs or events together with Galderma.
6. Our Purposes and Legal Bases
Below, you may find a detailed overview of all the purposes for and all the legal bases under which we will process your personal data in line with the respectful activity. Please note that not all of the uses below will be relevant to every individual.
| What we use your personal data for (purposes) | Our legal bases and legitimate interests (where relevant and applicable under the applicable data protection law) | Data categories |
|---|---|---|
| Patient/Consumer service. We use your personal data for consumer service purposes, including responding to your enquiries. Responding to your inquires typically requires the use of certain personal contact information and information regarding the reason for your inquiry (e.g. responding to any questions or concerns you may have concerning your use of our products, order status, technical issue, product question/complaint, general question, etc.). We may process your feedback to improve our Website, services and/or products. We may also analyse your interactions with our Websites, communications and services to personalise our responses, improve our service quality, and optimise how we engage with you. |
|
|
Establishing and maintaining our relationship with Healthcare Professionals. We use your personal data to verify whether there is a potential business opportunity, reach out to you and inform you about our products and services, invite you to events and maintain a relationship with you. We may analyse your interactions with our content, events and communications to tailor information we provide, avoid redundant outreach and understand your professional interests. We also use your personal data to comply with our transparency related obligations regarding any Transfer of Values (ToVs) made to Healthcare Professionals Please note: information about the processing of personal data related to healthcare professionals who are interacting with a Galderma entity is included in the HCP Privacy Notice. |
|
|
Contacting you and conducting advertising on third party social networks: We use your personal data when you interact with third party social networking features, such as “Like” functions, to serve you with advertisements and engage with you on third party social networks. You can learn more about how these features work, the profile data that we obtain about you, and find out how to opt out by reviewing the privacy notices of the relevant third party social networks. |
|
|
Retargeting existing subscribers via paid social media advertising. If you have subscribed to our communications (such as email newsletters, marketing updates, or other Galderma channels), we may use your contact information (such as your email address or phone number) to create custom audiences on third-party social media platforms (including but not limited to Meta/Facebook, Instagram, LinkedIn, TikTok, and Google) to deliver targeted advertisements to you on those platforms. This involves securely hashing your contact information and uploading it to the relevant social media platform, which matches the hashed data against its user database to identify your account for advertising purposes. The social media platform acts as an independent controller for the matching process and subsequent advertising delivery. You may opt out of this activity at any time by contacting us using the details in Section 13 or by adjusting your advertising preferences directly on the relevant social media platform. |
|
|
Lookalike and similar audience modelling. We may share information about our existing customers or subscribers with social media platforms (including but not limited to Meta/Facebook, Instagram, LinkedIn, TikTok, and Google) to enable those platforms to identify and target new audiences with similar characteristics or interests (commonly known as "lookalike audiences" or "similar audiences"). This process involves securely hashing your contact information and providing it to the platform as a "seed" audience. The platform then uses its own algorithms and data to find other users who share similar attributes. The platform acts as an independent controller for the audience expansion and targeting process. We do not receive any personal data about the individuals in the expanded audience; we only use this functionality to reach new potential customers. You have the right to object to having your data used as part of a seed audience for lookalike modelling by contacting us using the details in Section 13. |
|
|
For Website usage analytics. We may also collect and process information about your visit to our Website, such as the pages you visit, the website you came from and the searches you perform. We may use such information to help improve the contents of the site and to compile aggregate statistics about people using our site for our internal usage statistics and market research purposes. Where you have provided your consent through our Cookie Management Platform, we use cookies or similar technologies to collect this information. |
| Website/ communication usage information, information from computer/mobile device |
Merger/acquisition. If Galderma or its assets are acquired by, or merged with, another company including through bankruptcy, We may share your personal data with any of our legal successors, purchasers and potentially their legal counsel. |
| Personal contact information, professional information, consumer generated content, information from computer/mobile device, website/ communication usage information, third party social network information |
Compliance with legal obligations. We may process your personal data to comply with our legal obligations (e.g., tax law and product safety obligations). We may disclose your personal data to third parties when required by applicable law. |
| Personal contact information, professional information, consumer generated content, information from computer/mobile device, website/ communication usage information, third party social network |
Safeguard rights. We may process your personal data to safeguard our rights. For example, (i) to establish or respond to legal proceedings; (ii) to response to a request from a competent law enforcement agency; (iii) to protect our rights, privacy, safety or property, or the public; or (iv) to enforce the terms of any agreement or the terms of our Website. |
| Personal contact information, professional information, consumer generated content, information from computer/mobile device, website/ communication usage information, third party social network |
Intra-group transfers. To transfer personal data to other Galderma entities as required for the purposes listed above. |
| Personal contact information, professional information, consumer generated content, information from computer/mobile device, website/ communication usage information, third party social network |
Providing access to our digital platforms, applications and online accounts. We may process your personal data to create and manage your accounts on our Websites, portals and mobile applications; to authenticate you; to provide requested functionalities; and to ensure the ongoing security and performance of our digital services. |
| Personal contact information. account and authentication data/ device and usage information and profile preferences |
Disease awareness and educational activities. We may process your personal data to plan, conduct, publish or promote disease awareness and educational initiatives, which may include testimonials, recorded interviews, images, or personal stories voluntarily provided by you.
|
| Images/audio content; health information you choose to share and consumer-generated content |
Use of artificial intelligence and automated technologies. We may use automated tools, including artificial intelligence and machine-learning technologies, to analyze data for the purposes of improving our digital services, performing analytics, supporting decisions, and personalizing user interactions, in compliance with applicable law.
|
| Website/communication usage information, information from computer/mobile device and classification/profiling data |
Market research and surveys. We may process your personal data to conduct market research, surveys and interviews in order to understand user or customer perceptions, evaluate our services or products, and improve our communications and offerings.
|
| Personal contact information, professional information, consumer-generated content |
In case we want to use your personal data for purposes unrelated to those described in this Privacy Notice, we will first notify you and, where required, offer you a choice as to whether or not We may use your personal data in this manner.
7. Data Sharing
We may share your personal data with service providers that process personal data on our behalf and subject to our instructions as so-called data processors, for the purpose of providing their professional services to us:
IT service providers (hosting services, email services, document processing software, website analytics, website operation, website development)
Tag management, cookie consent and analytics technology providers (e.g., providers enabling pixels, tags, web beacons or other tracking technologies)
Cybersecurity, fraud prevention and data protection service providers responsible for system monitoring, security and backup
Customer support and patient or consumer engagement service providers supporting educational materials or product-related information services
Event management and advertising, media and social media partners who support targeted advertising, campaign measurement and audience insights
Marketing support providers (e.g., handling and dispatch of newsletters)
Market research agencies or consultants conducting surveys, interviews and studies
Privacy and compliance management service providers (for example, OneTrust LLC)
Logistics and delivery providers assisting with shipment of materials, samples or event-related items.
Furthermore, we may share your data with the following third parties:
Other entities of the Galderma group.
Other third parties (data controllers):
Regulatory authorities (including healthcare authorities, tax authorities and law enforcement agencies) for the purpose of compliance with legal obligations (e.g., under healthcare transparency laws, tax law, drug/medical device safety laws)
Other pharmaceutical companies who are our co-marketing, co-distribution, or other license partners of Galderma if they relate to the product/activity of interest
Healthcare professionals and clinical research organizations for the purpose of collaboration
Consultants (including lawyers and auditors) for the purpose of compliance with legal obligations and/or safeguarding rights
Courts for the purpose of safeguarding our rights
Potential buyers or acquirers of all or part of our asset(s) and/or activity(ies) for the purpose of corporate transactions
Social media platforms (e.g., Facebook/Instagram), LinkedIn Corporation, TikTok) for the purposes of managing, delivering, and measuring advertising campaigns including audience targeting and retargeting, creation of similar audiences, and analysis of campaign performance
Where any such organization is located outside of your country of residence, the resulting international transfers of Personal Data are carried out in accordance with Section 8 of this Privacy Notice.
8. International Data Transfers
The storage as well as the processing of your personal data as described above may require that your personal data is ultimately transferred/transmitted to, and/or stored at, a destination outside of your country of residence. When we share your personal data with an entity located outside of your country of residence (e.g. other Galderma entities, third parties), including to countries which have different data protection standards to those which apply in your country of residence, we will put in place, in line with applicable legal requirements, appropriate safeguards to ensure that your personal data is appropriately protected. In the absence of an adequacy decision and/or any other data protection related certifications – unless applicable data protection law provides for an exception – these measures may include (i) entering into approved standard contractual clauses, as amended or replaced at any time, to protect your personal data, as well as any supplementary measures required by law or deemed necessary, to provide an adequate level of data protection and/or (ii) obtaining your consent (where permitted or required by law).
You may request further information regarding these safeguards or obtain a copy of the relevant contractual protections by contacting us using the details provided in Section 13.
9. Data Retention
We will hold your personal data on our systems for as long as is necessary to fulfil the purposes that we collected it for. By law, we are required to retain certain information for a prescribed period of time. In circumstances where there are no such legal requirements, to determine the appropriate retention period, we will consider the nature of the personal data, the purposes for which we are processing your personal data and the potential risk of harm from unauthorized use or disclosure of your personal data. Therefore, personal data may be kept for as long we reasonably determine it is required for, according to our retention policy and applicable laws.
Personal data subject to legal holds, investigations, audits or other mandatory preservation requirements may be retained for the duration of the relevant obligation or proceeding. We may also retain personal data as necessary for the establishment, exercise or defense of legal claims.
Data that is no longer needed will be securely deleted or anonymized.
10. Rights of Data Subjects
Depending on your jurisdiction, you may have the following rights, in accordance with the applicable data protection laws:
Access and to be informed: To request a copy and/or to be informed of the personal data we hold about you.
Rectification: To request correction of inaccurate or incomplete personal data.
Erasure: To request the deletion of personal data, where applicable.
Restriction: To request the restriction of processing, where applicable.
Objection: To object to processing based on our legitimate interests.
Data portability: To request a copy of your personal data, which you have provided to us, in a structured, commonly used, machine-readable format.
Withdraw consent: To withdraw consent at any time with effect for the future, where consent was provided for processing.
Automated decision-making and profiling: To request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Where applicable, you also have the right to obtain human intervention, to express your point of view, and to contest the decision
To be informed about data transfers: To request more information about the countries where your data is transferred and, where such countries have not been recognized as proving an adequate level of data protection, to request more information about the appropriate safeguards implemented such as standard data protection clauses.
Please note that the exercise of these rights may be subject to limitations and/or restrictions set out in applicable laws; they may also be subject to variations or additional rights may be available to you in your country of residence or place of work.
If you wish to exercise one of these privacy rights, you may submit a relevant request using our Data Subject Request Webform; alternatively, you may also send our Group Data Privacy Office an email at privacy.office@galderma.com, or write at the Galderma Headquarters, at Galderma SA, Zählerweg 10, 6300 Zug, Switzerland.
If we do not satisfy your request or if you consider that the processing of your personal data infringes data protection law otherwise, depending on your jurisdiction, you may also have the right to lodge a complaint with a data protection authority in your country of residence, or your place of work or of the alleged infringement. If you are based in the EEA, the competent Data Protection Authority’s contact details may be found here. If you are based in the UK, you may contact ICO here. If you are based in Switzerland, you may contact FDPIC here.
If you are based in the US, please visit our US Privacy Notice to learn how to exercise your privacy rights.
11. Data Security
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, accidental loss, or misuse, alteration or unlawful processing. Please note, however, that these protections do not apply to information you choose to share in public areas such as third-party social networks.
12. Changes to this Privacy Notice
We might change the way we process your personal data. Therefore, Galderma reserves the right to modify this Privacy Notice at any time. Please check back frequently to see any updates or changes in our Privacy Notice.
13. Contact Information
If you have any questions or concerns about this Privacy Notice or your personal data, please contact us at privacy.office@galderma.com.
Please also note that Galderma SA has designated EU and UK Representatives pursuant to Article 27 of the GDPR and UK GDPR respectively.
EU:
Q-MED AB
Seminariegaten 21, 75228, Uppsala, Sweden
Email: DataProtection.SEUPP@galderma.com
UK:
Galderma (U.K.) Limited
Evergreen House North, Grafton Place, London, England, NW1 2DX
Email: uk.privacy.office@galderma.com