Privacy Notices

Select the privacy notice that best corresponds to your relationship with AstraZeneca

Healthcare Professionals and other External Experts

Who is this notice intended for?

This privacy notice explains how AstraZeneca (“we,” “us,” “our”) collects and uses personal data about healthcare professionals, such as nurses, laboratory technicians, physicians, and pharmacists, and other professionals with whom we wish to collaborate or who already work with us. 

Personal data means any information which could reasonably be used to identify you either directly (e.g., your name) or indirectly (e.g., a unique ID number) (and as defined under applicable data protection laws). It includes information about your professional activity. 

This privacy notice is in line with AstraZeneca's Global Privacy Standard and aims to comply with privacy and data protection laws around the world. If a particular jurisdiction requires AstraZeneca to collect or use your personal data differently, we will comply with applicable law. If you are a resident of the United States, please read this notice in conjunction with our US Supplemental Notice, which includes additional information relevant for individuals residing in certain US jurisdictions. 

Who is responsible for your personal data?

The local AstraZeneca company that contacts or communicates with you, or with which you otherwise have a relationship, is responsible for your personal data. This entity is the "controller", "responsible person" or other equivalent term under applicable privacy and data protection law.

Find here a list of AstraZeneca companies, including their business contact information, such as their email address, mailing address, and telephone number(s), as applicable.

What personal data do we collect and how do we use it?

We collect personal data about you from a range of sources depending on the circumstances, including: 

  • From you directly, such as when you:
    • use our websites, attend a virtual event or webcast, or complete an online survey;
    • attend one of our live meetings, such as advisory boards, congresses, or conferences;
    • create or maintain an account on one of our websites, platforms, applications, or systems;
    • register to receive promotional materials from us;
    • share adverse events or medical information enquiries with us (in the event you report an adverse event related to an AstraZeneca product, please review the adverse event reporting notice for your relevant country, to get further information on how we process your personal data in that context);
    • write to us or contact us with questions or comments; including when we record calls to our call centers after providing you notice;
  • Automatically from your device when you use one of our platforms, websites, applications, or systems, or when you open an email from us for which we collect email open rate metrics;
  • From other sources (where permitted by and in accordance with applicable law) including:
    • public sources such as official registers, hospital websites, healthcare provider directories and social media;
    • joint marketing partners or partners in joint scientific projects;
    • third parties providing services to the healthcare sector, including third-party providers of demographic data and directories;
    • patient organizations;
    • career social networking sites; and
    • social media platforms when you publicly share opinions about AstraZeneca or mention an AstraZeneca product in a comment. 

The table below lists the purposes for which we may collect and use your personal data, the categories of personal data we may collect and use, and, for those jurisdictions that require a “legal basis”, the legal basis we rely on. 

Regarding legal basis, some countries do not allow us to rely on legitimate interest to use your personal data, in which case we may rely on another legal basis such as your consent. We will ask for your consent to collect and use your personal data where required by and in accordance with applicable law. We do not typically collect or process personal data from healthcare professionals that is considered sensitive under applicable privacy and data protection laws. If we do so, or if you provide such information to us voluntarily, we will handle such information to fulfill the limited purpose(s) for which it was collected or provided in accordance with applicable laws. 

We may use artificial intelligence when processing your personal data. When artificial intelligence is used, we adhere to applicable laws, including obtaining and your consent to use artificial intelligence where required by applicable law.

You are free to choose not to provide us with your personal data when we ask for it. However, if you choose not to provide us with your personal data, it may limit or prevent us from assisting you, responding to your request(s), providing you with the services you have requested, or entering into a collaboration with you, among other things.

Processing Purposes Categories of Personal Data Legal Basis 
 (where applicable) 
A. Provision of services and products  

Provide our services and products to you, including: 

  • Providing online services such as virtual events, webcasts, and surveys.
  • Managing your account(s) on our platforms, portals, websites and applications, and verifying your professional credentials. 
  • Your name and business contact information (such as your email address, mailing address, telephone number(s), and/or other mobile messaging app IDs), gender, age, and preferred language.
  • Your login details and related account information.
  • Professional information and experience, such as: information related to your medical specialty; qualifications, skills and areas of expertise; area(s) of interest or focus; and/or place of practice.
  • Information about services and products you have requested.
  • Technical information about devices from which you access AstraZeneca websites and other services and network activity information, such as your IP address, device ID, hardware model and version, browser type and version, browsing history, search history, access time, pages viewed, physical location, and other standard server log information and online identifiers. Please consult the cookie notice (and/or cookie consent interface) on the AstraZeneca website you are visiting for more information about the technical information we collect.

Necessary for the performance of a contract with you, such as when you purchase a product from us or to fulfill our online terms and conditions. 

 

Compliance with legal obligations, such as to verify professional credentials (e.g., prescriber control number).   

Communicate with you, including: 

  • Inform you of updates to our policies, terms, and conditions.
  • Respond to your queries.
  • Send you invites or offers to participate in meetings, events, and surveys, and obtain insights into your experience with our products and services.
  • Evaluate the effectiveness of our information channels. 
  • Your name and business contact information (such as your email address, mailing address, telephone number(s), and/or other mobile messaging app IDs), gender, age, and preferred language.
  • Professional information and experience, such as: information related to your medical specialty; qualifications, skills and areas of expertise; area(s) of interest or focus; and/or place of practice.
  • Information about your experience with our products and services, including browsing history, your interactions and other network activity on our portals, websites, applications and social media platforms.
  • Preferred method of communications with us. 

 

Our legitimate interest to establish and maintain a business relationship with you; keep you up to date on our policies, terms, and conditions; and improve our information channels.  

 

Compliance with legal obligations, such as to provide disclosures required by law. 

Consent, where required by applicable law. 

To understand your preferences and personalize your experience when interacting with us and to improve the content and functionality of our products, services, and websites. 
  • Your name and business contact information (such as your email address, mailing address, telephone number(s), and/or other mobile messaging app IDs), gender, age, and preferred language.
  • Professional information and experience, such as: information related to your medical specialty; qualifications, skills and areas of expertise; area(s) of interest or focus; and/or place of practice.
  • Information about your experience with our products and services, including browsing history, your interactions and other network activity on our portals, websites, applications and social media platforms. 

Our legitimate interest to establish or maintain a business relationship with you, and to provide information that is relevant to your needs and interests. 

Consent, where required by applicable law.

 

Ensure the safety of our products, services, and customers by investigating incidents and taking action against illegal or harmful behavior, as well as assist law enforcement and regulatory bodies. 
  • Technical information about devices from which you access AstraZeneca websites and other services and network activity information, such as your IP address, device ID, hardware model and version, browser type and version, browsing history, search history, access time, pages viewed, physical location, and other standard server log information and online identifiers. Please consult the cookie notice (and/or cookie consent interface) on the AstraZeneca website you are visiting for more information about the technical information we collect.
  • Other information relevant to protecting the safety of our products, services, and customers. 
Our legitimate interest to protect our business and ensure the safety of our products, services, and customers. 
B. Marketing & Promotional Communications 

Send you marketing and promotional information, including: 

  • Provide you with information about our products, services, news, and the latest scientific developments.
  • Provide you with medical samples and related information.
  • Send you invitations or offers to participate in scientific meetings, events, and surveys. 
  • Your name and business contact information (such as your email address, mailing address, telephone number(s), and/or other mobile messaging app IDs), gender, age, and preferred language.
  • Professional information and experience, such as: information related to your medical specialty; qualifications, skills and areas of expertise; area(s) of interest or focus; place of practice; professional registration number and/or medical certificate number (including any ID photos associated with them).
  • Information about your experience with our products and services, including browsing history, your interactions and other network activity on our portals, websites, applications and social media platforms.
  • Preferred method of communications with us. 

Our legitimate interest to establish and maintain a business relationship with you, and to provide information that is relevant to you. 

If we intend to share electronic marketing with you, we will ask for your consent, where required. You can opt out of receiving marketing materials from us at any time. 

Coordinate visits to your facility by our representatives, such as sales representatives, medical science liaisons, or other personnel that interact with you. 
  • Professional information and experience, such as information related to your medical specialty, qualifications, skills and areas of expertise, place of practice, professional registration number and medical certificate number (including any ID photos associated with them).
  • Information about your experience with our products and services, including browsing history, your interactions and other network activity on our portals, websites, applications and social media platforms. 
Our legitimate interest to establish or maintain a business relationship with you. 
Perform data analyses, market research and segmentation (including by producing metrics using mathematical or statistical procedures, artificial intelligence and/or machine learning) to understand your preferences in order to build profiles to predict your preferences and to identify which products, services, and offers may be relevant for you or of interest to you. 
  • Professional information and experience, such as information related to your medical specialty, qualifications, skills and areas of expertise, place of practice, professional registration number and medical certificate number (including any ID photos associated with them).
  • Information about your experience with our products and services, including browsing history, your interactions and other network activity on our portals, websites, applications and social media platforms.
  • Your professional opinion about scientific and health-related topics. 

Our legitimate interest to establish and maintain a business relationship with you, and to provide information that is relevant to you. 

Consent, where required by applicable law.

 

C. Collaborations 
Identify and maintain information about professionals with whom we want to collaborate on scientific initiatives such as clinical trials, advisory boards, and educational activities. 
  • Your name and business contact information (such as your email address, mailing address, telephone number(s), and/or other mobile messaging app IDs), gender, age, and preferred language.
  • Professional information and experience (including where posted on social media), such as information related to your medical specialty, qualifications, skills and areas of expertise, place of practice, professional registration number and medical certificate number (including any ID photos associated with them).
  • Information about your publications, participation in meetings, seminars, advisory boards and conferences; information about your relationship with other institutions; and information about your participation in clinical trials and non-interventional studies.
  • Information about your engagements with us.
  • Information about your interest in our products, services, and content.
  • Your opinion about scientific and health-related topics, including where posted publicly on social media. 
Our legitimate interest to establish and maintain a business relationship with you, and to collaborate with healthcare professions on scientific initiatives. 
Perform data analyses, market research and segmentation (including by producing metrics using mathematical or statistical procedures, artificial intelligence and/or machine learning) in order to identify, evaluate, classify and combine information from different sources about your scientific expertise and professional skills, in order to improve the quality of our visits to your facility and identify opportunities for scientific collaboration with you. 
  • Your name and business contact information (such as your email address, mailing address, telephone number(s), and/or other mobile messaging app IDs), gender, age, and preferred language.
  • Professional information and experience, such as information related to your medical specialty, qualifications, skills and areas of expertise, area(s) of interest or focus, place of practice, professional registration number and medical certificate number (including any ID photos associated with them).
  • Information about your experience with our products and services, including browsing history, your interactions and other network activity on our portals, websites, applications and social media platforms. 

Our legitimate interest to establish or maintain a business relationship with you. 

Consent, where required by applicable law.

 

Confirming the existence or absence of conflicts of interest, establishing whether you hold relevant government or other positions, or have committed relevant violations of law impacting our ability to collaborate with you. 
  • Potentially any personal data mentioned above or below that is relevant to these purposes. 

Our legitimate interest to establish and maintain a business relationship with you, as well as to protect our business and avoid illicit dealings, transactions, or collaboration with parties who are sanctioned or have been disciplined. 

 

Comply with applicable laws, such as laws governing conflicts of interest, money laundering, bribery, and so forth. 

Invite you to engage in scientific collaboration, such as clinical trials, advisory boards, and educational activities. 
  • Your name and business contact information (such as your email address, mailing address, telephone number(s), and/or other mobile messaging app IDs), gender, age, and preferred language.
  • Professional information and experience, such as information related to your medical specialty, qualifications, skills and areas of expertise, place of practice, professional registration number and medical certificate number (including any ID photos associated with them).
  • Information about your experience with our products and services, including browsing history, your interactions and other network activity on our portals, websites, applications and social media platforms. 

Our legitimate interest to establish and maintain a business relationship with you. 

 

 

Perform contractual obligations owed to you and manage our contractual relationship with you, including payment of honoraria and taxes and management of your travel and accommodation arrangements, as well as to monitor compliance with our internal policies on engagements with healthcare professionals and experts, and for our own internal evaluation and business analytics purposes. 
  • Your name and business contact information (such as your email address, mailing address, telephone number(s), and/or other mobile messaging app IDs), gender, age, and preferred language.
  • Financial and travel-related identification information, such as your bank account number, credit/debit card numbers and other financial and compensation details.
  • Your national identification number, national insurance number, passport number, driving license number, tax identification number, and travel preferences. 

Performance of a contract or taking steps prior to entering into a contract. 

 

Our legitimate interest to establish and maintain a business relationship with you and comply with our internal policies and procedures in relation to payments and reimbursement. 

 

Compliance with applicable laws and regulations, such as tax and accounting laws. 

Submission of records about our collaboration with you to government authorities under applicable law. 
  • Potentially any of the types of personal data listed in this table. 
Compliance with a legal obligations, such as laws on transparency and conflicts of interest. 

Publicly disclosing transfers of value, such as consultancy fees, to you (as a healthcare professional). 

 

 

  • Name and business contact information (such as your email address, mailing address, telephone number(s), and/or other mobile messaging app IDs).
  • Amounts paid out. 

Our legitimate interest to establish transparency and trust in the transfers of value from the pharmaceutical industry to healthcare professionals.

 

Compliance with legal requirements for transparency in collaborations between pharmaceutical companies and healthcare organizations and their employees. 

 

Where required by law, your consent. If local law or other regulations of the country where you reside require your consent, but you disagree with your identifiable information being shared, we publish it only in aggregate form. 

D. Other 
Report adverse events you notify us about. 
  • Your name and business contact information (such as your email address, mailing address, telephone number(s), and/or other mobile messaging app IDs).
  • Information about your experience with our products and services.

Compliance with pharmacovigilance laws. 

 

Protect your or another individual’s vital interests. 
  • Potentially any of the information listed above and below. 
Protect your or another individual’s vital interests. 

Manage and maintain our network and information system security. 

and

Test and develop new IT systems and applications that we use to conduct and improve our business operations. 

  • Technical information about devices from which you access AstraZeneca websites and other services and network activity information, such as your IP address, device ID, hardware model and version, browser type and version, browsing history, search history, access time, pages viewed, physical location, and other standard server log information and online identifiers. Please consult the cookie notice (and/or cookie consent interface) on the AstraZeneca website you are visiting for more information about the technical information we collect. 
Our legitimate interest in keeping our products, services, and internal IT systems secure, as well as to maintain and improve our business operations. 

Collect feedback, opinions and insights through photographs, voice/video recordings, and statements from you in connection with the services rendered by you to AstraZeneca or in relation to an event held by us, including using artificial intelligence to record, transcribe, and summarize the interaction.   

 

We keep and make such information available for educational purposes for authorized personnel. Our practice is not to publish such recordings externally, but if we plan to do so, you will be clearly informed prior to any such recordings. 

  • Photographic images, video, and audio recordings from our virtual or live meetings and events that you attended or similar information made in relation to articles, publications, and trainings where we collaborated with you. 

Our legitimate interest in furthering our business, including to host events and solicit input and feedback from healthcare professionals. 

Consent, where required by applicable law.

If a meeting will be recorded, you typically will be informed that the recording will take place upon joining the meeting. 

Comply with laws and regulations applicable to pharmaceutical companies with respect to their relationship with healthcare professionals and other experts. 
  • Potentially any of the information listed in this table.

Compliance with a legal obligation. 

Our legitimate interest in complying with industry standards and requirements, such as in relation to providing safe and effective products and services. 

Defend against potential or actual legal claims and manage security, risk and prevent crime. 
  • Potentially any of the information listed in this table.
Our legitimate interest in protecting our business, customers, and the public. 
Support activities related to a sale, divestment, collaboration, or joint venture for all or part of our business. 
  • Potentially any of the information listed in this table.
Our legitimate interest in conducting corporate transactions.


We may process your personal data for other purposes not listed above where such processing is at your direction or with your consent.  

Who do we share your personal data with and how do we transfer it?

Depending on the purposes for which we use your personal data, we may share your personal data with the following entities for the purposes listed above:

  • Other AstraZeneca group companies, including our affiliates and subsidiaries. You can find a list of AstraZeneca companies here.
  • Service providers, such as:
    • IT providers for the purposes of system management and maintenance, system security and improvement, development, testing, technical support, and data hosting.
    • Web analytics service providers using cookies to analyze patterns and information about your use of our websites, as further explained in the cookie notice (and/or cookie consent interface) on the AstraZeneca website you are visiting. Some of our websites may use Google Analytics, provided by Google, Inc. (“Google”). More information on Google Analytics. You may choose to opt-out of having your data used by Google Analytics.
    • Event agencies that help us organize conferences and other events, for example, send out invitations, prepare participant lists, and select speakers.
    • Market research companies to include you in our surveys or other scientific opportunities to obtain insights about your experience with our products or services.
    • Marketing consultants that help us send you materials about our products by mail, email, or other channels.
    • Advertising companies to serve you ads online.
  • Healthcare service providers and other pharmaceutical companies who partner with us to conduct research into diseases and develop products to treat them, including participation in scientific events, clinical studies, and advisory bodies.
  • Auditors and consultants to verify our compliance with internal and external requirements.
  • Statutory bodies, law enforcement agencies, legal advisors and litigants.
  • A successor or business partner to AstraZeneca or to an AstraZeneca group company in the event that it sells, divests or sets up a collaboration or joint venture for all or part of its business, or in the context of some other type of corporate transaction.
  • Other third parties providing services on our behalf.
  • To other third parties at your direction or with your consent. 

The entities with whom we share personal data may be located in different jurisdictions globally. When we transfer your personal data across borders, we do so in compliance with applicable privacy and data protection laws.

Where required by law, we rely on contracts to ensure that the entity receiving your personal data complies with applicable data protection laws. Such contractual arrangements include, for example, AstraZeneca's Binding Corporate Rules and Standard Contract Clauses, or equivalent instruments approved by a competent supervisory authority. You can request information and a copy of the Standard Contract Clauses used by AstraZeneca by contacting us at [email protected].

Where required by applicable privacy and data protection laws, we will ask for your consent before transferring your personal data to another jurisdiction.

Law enforcement, regulatory and security authorities or courts in the jurisdictions to which we transfer your personal data may have a right to access your personal data in accordance with applicable laws.

How long do we keep your personal data and how do we protect it?

We keep your personal data for as long as we need it for the purposes set out above, or where local law imposes a retention period, in accordance with such law. When your personal data is no longer needed for these purposes, it will be deleted.

We have implemented a variety of privacy and security policies, measures, and technologies to help protect your personal data from a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. In particular, AstraZeneca has implemented physical security controls and developed and implemented robust data transmission and storage systems designed to ensure an appropriate level of security and protection of personal data. 

We have a dedicated process for carefully selecting the service providers and partners we work with, which includes verifying that they have appropriate technical and organizational security measures in place to protect your personal data. We also confirm that these service providers and partners are able to comply with the obligations they have undertaken in the data processing and sharing agreements we sign with them.

If you suspect or believe that your interactions with us are no longer secure, please contact us as soon as possible. See the “contact us” section below.

What are your data protection rights?

Generally, your rights in relation to your personal data will depend on: (i) the data protection law (if any) that applies to how we collect and use your personal data; and (ii) in some jurisdictions, the lawful basis on which we collect and use your personal data. Some laws also apply conditions or exceptions to the exercise of these rights.

You may have the following rights in relation to your personal data:

  • Right to obtain information on how we use your personal data, including the purposes for which we use it, with whom we share it, how long we retain it, and so forth;
  • Right to access to the personal data we hold about you, including receive a copy of your personal data;
  • Right to have us correct any inaccuracies in the personal data we hold about you (for example, because it is incomplete or out of date);
  • Right to have us delete (erase) your personal data;
  • Right to have us transmit the personal data you have provided to us about yourself to a third party;
  • Right to object to our use of your personal data (for example, for direct marketing);
  • Right to receive meaningful information about the logic involved in any automated decisions we take about you, and the right to be informed of the significance and the envisaged consequences of that decision;
  • Right to withdraw any consent you may have given to the collection or use of your personal data; and
  • Any other right recognized by applicable data protection law. 

If you want to exercise these rights, please use AstraZeneca’s dedicated online platform. When doing so, please note the following:

  • We may ask you to provide proof that you are who you say you are if we have any doubts about your identity. For example, we may ask you to verify certain data we have about you or, in some cases, to show us your ID.
  • If you are making the request on behalf of someone else, we may ask you to provide proof that you have been authorized by that other person to make the request on their behalf.
  • We will delete any proof of your identity as soon as we are satisfied that you are who you say you are, or that you are in fact representing someone else.

In addition to the above rights, you may also have the right to complain to your local data protection authority, depending on the applicable law. You may also have the right to be notified in the event of a breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to your personal data, depending on applicable law. 

If you have a complaint 

If you have any concerns or complaints about the manner in which your personal information has been collected or handled by AstraZeneca, please contact the Privacy Officer. Your concern or complaint will be directed to the appropriate complaint manager who will consider and endeavour to respond to your complaint within 14 days. 

It is our intention to use our best endeavours to resolve any complaint to your satisfaction. However, if you are unhappy with our response: 

  • In Australia you may contact the Office of the Australian Information Commissioner who may investigate your complaint further. Further information about the application of the Australian Privacy Act can be found at www.oaic.gov.au.
  • In New Zealand you may contact the New Zealand Privacy Commissioner who may investigate your complaint further. Further information about the application of the New Zealand Privacy Act can be found at www.privacy.org.nz

Contact us

If you have questions about our Policy or privacy practices, wish to provide feedback about this Policy or would like to access or correct your personal information held by AstraZeneca, please contact our Privacy Officer at: 

Email: privacy.au@astrazeneca.com 

Phone: +61 2 9978 3500 

Postal address: The Privacy Officer 

AstraZeneca Pty Ltd 

PO BOX 131 

North Ryde NSW 1670 

Australia 

 

You can contact us using the business contact information – such as the email address, mailing address, or telephone number(s) – of the AstraZeneca entity responsible for your personal data, which you can find on this website.

You can also contact our Data Protection officer at [email protected] or by mail at: Global Data Protection Officer, AstraZeneca 1 Francis Crick Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA, United Kingdom.

If you want to exercise your rights, please use our dedicated online platform.

How do we let you know of updates to this privacy notice?

We will post the latest version of our privacy notice on our website. The privacy notice lets you know when it was last updated. If we make material updates to the privacy notice, we will, where possible and in accordance with applicable law, provide you with an additional notice (for example, by sending it to the contact information we have on file for you).

User of AZ services, products, or websites

Who is this notice intended for?

This privacy notice explains how AstraZeneca (“we,” “us,” “our”) collects and uses personal data about users of our products, services, and websites (“you”), such as when you visit one of our websites, request information about our services, or submit an adverse event report about one of our products. 

Personal data means any information which could reasonably be used to identify you either directly (e.g., your name) or indirectly (e.g., online identifier). It includes information about your online activity if such information can reasonably be used to identify you. 

This privacy notice is in line with AstraZeneca's Global Privacy Standard and aims to comply with privacy and data protection laws around the world. However, if a particular jurisdiction requires AstraZeneca to collect or use your personal data differently, we will always comply with applicable law. If you are a resident of the United States, please read this notice in conjunction with our US Supplemental Notice, which includes additional information relevant for individuals residing in certain US jurisdictions. 

Who is responsible for your personal data?

The local AstraZeneca company that contacts or communicates with you, or with which you otherwise have a relationship, is responsible for your personal data. This entity is the "controller", "responsible person" or other equivalent term under applicable privacy and data protection law.

Find here a list of AstraZeneca companies, including their business contact information, such as their email address, mailing address, and telephone number(s), as applicable.

What personal data do we collect and how do we use it?

We collect personal data about you from a range of sources depending on the circumstances, including: 

  • From you directly, such as when you:
    • use our websites, attend a virtual event or webcast, or complete an online form or survey;
    • attend one of our live meetings, such as a scientific conference or promotional event, as well as when you visit one of our facilities with CCTV cameras;
    • register to receive marketing and promotional communications from us;
    • share adverse events or medical information enquiries with us (in the event you report an adverse event related to an AstraZeneca product, please review the adverse event reporting notice for your relevant country, to get further information on how we process your personal data in that context);
    • write to us or contact us with questions or comments, including when we record calls to our call centers after providing you advance notice;
  • Automatically from your device when you use one of our platforms, websites, applications, or systems, or when you open an email from us from which we collect email open rate metrics;
  • From other sources (where permitted by and in accordance with applicable law) including:;
    • third parties providing services to the healthcare sector, including providers of demographic data, data analytics, marketing and advertising services, market research services, fraud detection and prevention services, payment processors, and so forth;
    • healthcare providers and insurance companies;
    • public databases, publications and professional organizations;
    • authorized/legal representatives, family members, and caregivers;
    • joint marketing partners;
    • career social networking sites; and
    • social media platforms. 

The table below lists the purposes for which we may collect and use your personal data, the categories of personal data we may collect and use, and, for those jurisdictions that require a “legal basis”, the legal basis we rely on.

Regarding legal basis, some countries do not allow us to rely on legitimate interest to use your personal data, in which case we may rely on another legal basis such as your consent. We will ask for your consent to collect and use your personal data where required by and in accordance with applicable law. Occasionally, we may process sensitive personal data about you – for example, if you voluntarily provide information about your physical or mental health as part of a request for information. In this case, we use such information only to respond to your inquiry and if applicable to provide you additional guidance (e.g. to inform you of your right to submit an adverse event report). Where we process service personal data, we comply with applicable privacy and data protection laws. 

You are free to choose not to provide us with your personal data when we ask for it. However, if you choose not to provide us with your personal data, it may limit or prevent us from assisting you, responding to your request(s), or providing you with the products or services you have requested, among other things.

Processing PurposesCategories of Personal DataLegal Basis
(where applicable)
A. Provide our products, services, and websites

Provide our products, services, and websites to you, including:

  • Developing, improving, repairing, and maintaining our products, services and websites.
  • Maintaining our facilities and infrastructure.
  • Maintaining internal records.

 

  • Your name and contact information, such as your email address, mailing address, and telephone number(s) that you enter in an online form.
  • Demographic information, such as age, date of birth, gender, and race (if permitted by applicable law).
  • Mental and physical health information or conditions
  • Financial information, such as to determine eligibility for patient assistance programs.
  • Information about your experience with our products and services.
  • Internet or other electronic network activity information, such as IP address, geographic location, browser type, device type, operating system, dates and times you access our services, browsing history, and other information about your interactions with our online services, or advertisements.

Our legitimate interests to provide our products, services, and websites as part of managing our business.  

 

Consent, where required by applicable law.

Communicate with you, including:

  • Inform you of updates to our policies, terms, and conditions.
  • Respond to your queries.
  • Provide patient assistance services.
  • Send you invites or offers to participate in events and surveys to obtain insights into your experience with our products and services.
  • Evaluate the effectiveness of our information channels.
  • Your name and contact information, such as your email address, mailing address, and telephone number(s).
  • Information about your experience with our products and services.
  • Preferred method of communications with us.

 

Our legitimate interest to establish and maintain a business relationship with you; keep you up to date on our policies, terms, and conditions; and improve our information channels.

 

Compliance with legal obligations, such as to provide disclosures required by law. 

 

Fulfil contractual obligations to you as specified in our General Terms & Conditions and online Terms of Use. 

 

Consent, where required by applicable law.

Understand your preferences and personalize your experience when interacting with us, as well as to improve the content and functionality of our products, services, and websites.
  • Your name and contact information, such as your email address, mailing address, and telephone number(s).
  • Mental and physical health information or conditions.
  • Financial information, such as to determine eligibility for patient assistance programs.
  • Information about your experience with our products and services.
  • Internet or other electronic network activity information, such as IP address, geographic location, browser type, device type, operating system, dates and times you access our services, browsing history, and other information about your interactions with our online services, or advertisements.
  • Inferences, such as notes drawn from any of the personal data listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.

Our legitimate interest to establish or maintain a business relationship with you, and to provide information that is relevant to your needs and interests.

 

Consent, where required by applicable law.

Ensure the safety of our products, services, and websites by investigating incidents and taking action against illegal or harmful behavior, as well as assisting law enforcement and regulatory bodies.
  • Technical information about devices from which you access our portals, websites and applications.
  • Other information listed above and below in this notice that is relevant to protecting the safety of our products, services, and websites.
Our legitimate interest to protect our business and ensure the safety of our products, services, and websites.
B. Marketing & Promotional Communications
Send you marketing and promotional information, including to provide you with information about our products, services, news, and the latest scientific developments.
  • Your name and contact information, such as your email address, mailing address, and telephone number(s).
  • Information about your experience with our products and services, including browsing history, interaction and other network activity on our portals, websites, applications and social media platforms.
  • Technical information about devices from which you access our portals, websites and applications.
  • Preferred method of communications with us.

Our legitimate interest to establish and maintain a relationship with you and provide information that is relevant to you.

 

If we intend to share electronic marketing with you, we will ask for your consent, where required. You can opt out of receiving marketing materials from us at any time.

C. Other
Report adverse events you notify us about.
  • Your name and contact information.
  • Your experience with our products and services.

Compliance with pharmacovigilance laws.

 

Protect your or another individual’s vital interests.
  • Potentially any of the information listed above and below in this notice.
Protect your or another individual’s vital interests.
  • Manage and maintain our network and information system security.
  • Test and develop new IT systems and applications that we use to conduct and improve our business operations.
  • Detect and prevent fraud.
  • Perform identity verification.
  • Perform accounting, audit, and other internal functions, such as internal investigations.
  • Undertake quality and safety assurance measures.
  • Your name and contact information.
  • Technical information about devices from which you access AstraZeneca websites and other services and network activity information, such as your IP address, device ID, hardware model and version, browser type and version, browsing history, search history, access time, pages viewed, physical location, and other standard server log information and online identifiers. Please consult the cookie notice (and/or cookie consent interface) on the AstraZeneca website you are visiting for more information about the technical information we collect.
Our legitimate interest in keeping our products, services, and internal IT systems secure, as well as to maintain and improve our business operations.
Comply with laws and regulations applicable to pharmaceutical companies.
  • Potentially any of the information listed above and below.

Compliance with a legal obligation. 

 

Our legitimate interest in complying with industry standards and requirements, such as in relation to providing safe and effective products and services.

Defend against potential or actual legal claims and manage security, risk and prevent crime.
  • Potentially any of the information listed above and below.
Our legitimate interest in protecting our business, customers, and the public.
Support activities related to a sale, divestment, collaboration, or joint venture for all or part of our business.
  • Potentially any of the information listed above and below.
Our legitimate interest in conducting corporate transactions.


We may process your personal data for other purposes not listed above where such processing is at your direction or with your consent. 

Who do we share your personal data with and how do we transfer it?

Depending on the purposes for which we use your personal data, we may share your personal data with the following entities for the purposes listed above:

  • Other AstraZeneca group companies, including affiliates and subsidiaries.
  • Service providers, such as:
    • IT providers for the purposes of system management and maintenance; system security and improvement, development, testing, and technical support; data hosting, data storage, data analysis and processing; distribution; patient support and legal services;
    • Web analytics service providers using cookies to analyze patterns and information about your use of our websites, as further explained in the cookie notice (and/or cookie consent interface) on the AstraZeneca website you are visiting. Some of our websites may use Google Analytics, provided by Google, Inc. (“Google”). More information on Google Analytics. You may choose to opt-out of having your data used by Google Analytics.
    • providers of research services,
    • Advertising companies to serve you ads online.
  • business partners, for example, researchers with whom we collaborate, companies with whom we co-develop a therapy, companies with whom we co-promote a product or third-party companies managing our in-countries operations;
  • Auditors and consultants to verify our compliance with internal and external requirements.
  • Statutory bodies, law enforcement agencies, legal advisors and litigants.
  • A successor or business partner to AstraZeneca or to an AstraZeneca group company in the event that it sells, divests or sets up a collaboration or joint venture for all or part of its business, or in the context of some other type of corporate transaction.
  • Other third parties providing services on our behalf.
  • To other third parties at your direction or with your consent. 

The entities with whom we share personal data may be located in different jurisdictions globally. When we transfer your personal data across borders, we do so in compliance with applicable privacy and data protection laws.

Where required by law, we rely on contracts to ensure that the entity receiving your personal data complies with applicable data protection laws. Such contractual arrangements include, for example, AstraZeneca's Binding Corporate Rules and Standard Contract Clauses, or equivalent instruments approved by a competent supervisory authority. You can request information and a copy of the Standard Contract Clauses used by AstraZeneca by contacting us at [email protected].

Where required by applicable privacy and data protection laws, we will ask for your consent before transferring your personal data to another jurisdiction.

Law enforcement, regulatory and security authorities or courts in the jurisdictions to which we transfer your personal data may have a right to access your personal data in accordance with applicable laws.

How long do we keep your personal data and how do we protect it?

We keep your personal data for as long as we need it for the purposes set out above, or where applicable law imposes a retention period, in accordance with such law. When your personal data is no longer needed for these purposes, it will be deleted.

We have implemented a variety of privacy and security measures and technologies to help protect your personal data from a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. In particular, AstraZeneca has developed and implemented robust data transmission and storage systems designed to ensure an appropriate level of security and protection of personal data.

We have a dedicated process for carefully selecting the service providers and partners we work with, which includes verifying that they have appropriate technical and organizational security measures in place to protect your personal data. We also confirm that these service providers and partners are able to comply with the obligations they have undertaken in the data processing and sharing agreements we sign with them.

If you suspect or believe that your interactions with us are no longer secure, please contact us as soon as possible. See the “contact us” section below.

What are your data protection rights?

Generally, your rights in relation to your personal data will depend on: (i) the data protection law (if any) that applies to how we collect and use your personal data; and (ii) in some jurisdictions, the lawful basis on which we collect and use your personal data. Some laws also apply conditions or exceptions to the exercise of these rights.

You may have the following rights in relation to your personal data:

  • Right to obtain information on how we use your personal data, including the purposes for which we use it, with whom we share it, how long we retain it, and so forth;
  • Right to access to the personal data we hold about you, including receive a copy of your personal data;
  • Right to have us correct any inaccuracies in the personal data we hold about you (for example, because it is incomplete or out of date);
  • Right to have us delete (erase) your personal data;
  • Right to have us transmit the personal data you have provided to us about yourself to a third party;
  • Right to object to our use of your personal data (for example, for direct marketing);
  • Right to receive meaningful information about the logic involved in any automated decisions we take about you, and the right to be informed of the significance and the envisaged consequences of that decision;
  • Right to withdraw any consent you may have given to the collection or use of your personal data; and
  • Any other right recognized by applicable data protection law. 

If you want to exercise these rights, please use AstraZeneca’s dedicated online platform. When doing so, please note the following:

  • We may ask you to provide proof that you are who you say you are if we have any doubts about your identity. For example, we may ask you to verify certain data we have about you or, in some cases, to show us your ID.
  • If you are making the request on behalf of someone else, we may ask you to provide proof that you have been authorized by that other person to make the request on their behalf.
  • We will delete any proof of your identity as soon as we are satisfied that you are who you say you are, or that you are in fact representing someone else.

In addition to the above rights, you may have the right to complain to your local data protection authority, depending on the applicable law. You may also have the right to be notified in the event of a breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to your personal data, depending on applicable law.

Contact us

You can contact us using the business contact information – such as the email address, mailing address, or telephone number(s) – of the AstraZeneca entity responsible for your personal data , which you can find on this website.

You can also contact our Data Protection officer at [email protected] or by mail at: Global Data Protection Officer, AstraZeneca 1 Francis Crick Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA, United Kingdom.

If you want to exercise your rights, please use our dedicated online platform online platform.

How do we let you know of updates to this privacy notice?

We will post the latest version of our privacy notice on our website. The privacy notice lets you know when it was last updated. If we make material updates to the privacy notice, we will, where possible and in accordance with applicable law, provide you with an additional notice (for example, by sending it to the contact information we have on file for you).

AstraZeneca Privacy Contact Information