We can get your personal data from one of the following sources:

  • From you directly
  • From publicly available sources

We collect, use and/or disclose personal data about you for the following purposes:

  • To provide products and services to you: To enter into a contract and manage our contractual relationship with you or your hospital / health care service provider / company; to evaluate your suitability and qualifications; to support, assist and perform other activities related to such services or products; to document and coordinate your involvement in an event or for scientific research; to record, edit, and use your recorded lecture and rehearsal for educational and training purposes; to manage and accommodate your business travels (such as reservations and applying for VISA applications); to complete financial transactions, including transaction checks, verification, receipts and invoices; to process payment, perform and record accounting, auditing, financial checks, billing and collection activities;
  • To register and authenticate: To register, verify, identify, and authenticate you or your identity;
  • To contact and communicate with you: To communicate with you in relation to the products and services you or your hospital / health care service provider / company obtain from us; to respond to your questions and requests for information; to provide you with marketing related activities regarding our products; to provide announcements and information about the products and services; to provide product samples for trial use; to provide kit/tools in relation to our program; to accommodate you, invite you to participate in, and administer training, events, meetings, seminars and/or educational activities;
  • Data analytics: To undertake data analytics and data profiling, market research, surveys, assessments, to know you better and to improve our business performance; to identify and resolve issues with our existing products and services; and
  • Internal compliance and legal compliance: To comply with internal policies and applicable laws, regulations, directives and regulatory guidelines.

Where we need to collect your personal data as required by law, or for entering into or performing the contract we have with you and you fail to provide that data when requested, we may not be able to fulfil the relevant purposes as listed above.

For the purposes described above in Section 2, we will collect, use and/or disclose the following types of personal data:

  • Contact Information (institution name, institution address, email address, telephone number)
  • Personal Profile (name, title, signature, gender, date of birth, image, video, sound, passport number, ID number, HCP license number, educational background, professional qualifications, CV)
  • Financial Information (financial data of interest, bank account, payment for your services)
  • Employment related information (historical employment, work experience and period, hospital or clinic name)
  • IT user activity (name, specialty, institution name, institution address, phone number, e-mail, ID number and HCP license number)
  • Other information (preference, opinion, patient relationship)

If you provide personal data of any third party to us (e.g. name and telephone number of your family members), please ensure that you provide this Privacy Notice for their acknowledgement and/or obtaining consent where applicable.

For the purposes described above in Section 2, we may share your personal data with:

  • Other Novo Nordisk entities (e.g. Novo Nordisk headquarters or affiliates in other countries);
  • Suppliers or vendors that assist our company (e.g. consultants, financial auditors, financial institutions, law firms, educational associations, IT service providers, travel agency, event organizers); and
  • Public authorities, embassies, including health and/or regulatory authorities.

For the purposes described above in Section 2 and data back up, we may transfer your personal data to countries outside Thailand. Some recipients of your personal data may be located in another country which the Personal Data Protection Committee under the Thai Personal Data Protection Act B.E. 2562 has not yet to rule that this country has adequate data protection standards.

When it is necessary to transfer your personal data to a third country with a level of data protection standards which may be considered lower than in Thailand, we will use our best endeavours to ensure an adequate degree of protection is afforded to the transferred personal data, or that the transfer is otherwise permitted in accordance with the applicable data protection law. We may, for example, obtain contractual assurances from any third party given access to the transferred personal data that such data will be protected by data protection standards which are equivalent to those required in Thailand.

We will keep the relevant personal data as long as it is reasonably necessary to fulfil the purposes for which we obtained it for and to comply with our legal and regulatory obligations. However, we may need to keep your personal data for a longer duration, as required and/or permitted by applicable laws.

The rights listed in this section are your legal rights, where you may request to exercise these rights under the conditions prescribed by law and our rights management procedures. These rights are as follows:

  • To request access, obtain a copy of your personal data, or for the disclosure of the acquisition of your personal data that is obtained without your consent;
  • To have your personal data corrected, if it is inaccurate or not up to date;
  • To have your personal data deleted, destroyed, or anonymized;
  • To request us to provide your personal data in a structured, commonly used and machine-readable format, and transmit it to another organization;
  • To object to how we collect, use and/or disclose your personal data in certain activities;
  • To restrict us from using your personal data if you believe such data to be inaccurate, that our processing is unlawful, or that we no longer need to process this data for a particular purpose; and
  • To withdraw consent for collection, use and/or disclosure of your personal data that is based on your consent at any time.
  • To lodge a complaint to the competent data protection authority, where applicable. We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us in the first instance.

You can always contact the Novo Nordisk Data Protection Officer at DataPrivacyTH@novonordisk.com.

Your request for exercising any of the above rights may be limited by the applicable laws. There may be certain cases where we can reasonably and lawfully decline your request; for example, due to our legal obligation or a court order. If we decline your request, we will notify you of our reason.

The company responsible for collecting, using and/or disclosing your personal data is:

Novo Nordisk Pharma (Thailand) Co., Ltd.
98 Sathorn Square Office Tower, Unit 2101-2105, 21st Floor,
North Sathorn Road, Silom Bangrak District, 10500 Bangkok, Thailand
Phone: +66 2 237 9263
Fax: +66 2 237 9265
Mail: infothailand@novonordisk.com

You can always contact the Novo Nordisk Data Protection Officer at DataPrivacyTH@novonordisk.com with questions or concerns about how we collect, use and/or disclose your personal data.