Chat Bot Privacy Notice

The information collected from you may include a unique Facebook identifier, your first name, Facebook profile image, location, your inputted DLQI score, your requested reminder preferences, the conversation history you have with the chatbot, including any manually inputted text and responses to bot question, and the timestamp of your interaction. This information will be used by Novartis Pharma AG and its affiliates (“Novartis”) for the purpose of providing the most relevant experience to you: by remembering your selections to tailor answers, by remembering your preferences to send you appropriate reminders, to track your inputted DLQI scores over time, or to provide location-specific resources. Novartis may, if necessary, store additional information to ensure compliance with all adverse event and product testing complaint regulatory requirements, but only if you manually type in text to Facebook Messenger.

Your information will be stored in two formats. Specific information provided by Facebook for the duration of your session (interaction with the chatbot), which includes a unique identifier, first name, location, and Facebook profile image, will not be stored outside of the specific session. That is, once you have ended the chatbot session, data will be automatically deleted and Novartis will have no access to this information. Other information, which includes your inputted DLQI score, your requested reminder preferences, your conversation history, any manually inputted text, and conversation timestamp, will be stored into a database by agents acting on behalf of Novartis. If a user submits any manually inputted text, that text will be automatically forwarded to appropriate Novartis contacts, which may be required by regulation to follow up either in Facebook messenger or through another communication channel, such as email if provided, only if the text contains an adverse event or a product testing complaint. In these instances, additional information about you must be stored until all appropriate communication has occurred, which may include mandatory reporting to regulatory agencies. Information will also include a Facebook created user identification, your name, a timestamp of the event, and all of the text that was inputted. This information will only be used in connection to the event it was collected, and will be encrypted and deleted once allowed by regulatory bodies. This information will be encrypted and stored in a dedicated document database, and will only be accessed for the specific purpose of responding to or otherwise resolving an adverse event or product testing complaint.

Your personal information will be processed by third parties who act for or on Novartis’ behalf, in accordance with the purposes described in this notice. These third parties may be located in countries or territories that may not offer the same level of data protection as the country in which you reside. Where the processing of your Personal Data is delegated to such a third party, Novartis will ensure that such third party provides sufficient guarantees with respect to the technical and organizational security measures governing the processing of your Personal Data.

Novartis will not access directly your personal data and only receive aggregated and anonymized information from third parties acting on its behalf, unless Novartis is required to do so because of an applicable law, court order or governmental regulation, or if such disclosure is otherwise necessary in support of any criminal or other legal investigation or proceeding here or abroad.

Novartis has adopted Binding Corporate Rules, a system of principles, rules and tools, provided by European law, in an effort to ensure effective levels of data protection for sharing personal information within Novartis, in particular relating to transfers of personal information outside the EEA and Switzerland.

Novartis will not share your information with anyone who is not directly connected with this purpose.

You may request information about your personal data and exercise related access data, including deletion and withdrawal of the consent by contacting:

Weber Shandwick / Flipside
2 Waterhouse Square, 
140 Holborn, EC1N 2AE