Privacy Policy

Introduction
About Us and Contact Details
Where Do We Collect Your Data from?
Why Do We Collect Your Personal Data and What Types?
Marketing (Withdrawing Your Consent)
With Whom Do We Share Your Personal Data?
How do we protect your Personal Data?
International Transfers of Personal Data
How Long Do We Store Your Personal Data
Your Rights
How to Lodge a Complaint
Updates to the Privacy Notice
Glossary

1. Introduction

Welcome to our Privacy Notice for Johnson & Johnson Ltd, part of Kenvue (“we, us, our”). We are committed to protecting your Personal Data, this Privacy Notice outlines our practices regarding the processing of your Personal Data when you interact with our website and use our services (e.g. websites, platforms, mobile applications or services provided by our third parties), (together “Services”).

You may fall into one of the following categories if your personal information is processed by us:

Healthcare professionals: This includes individuals such as doctors, nurses and other medical professionals with whom we established and maintain professional relationships.
Individual customers or prospect customers: If you are an independent pharmacist or similar professional, you likely belong to this group.
Representatives of corporate customers or prospect customers: This includes those who are employed by or represent pharmaceutical wholesale companies or similar organisations, serving as their contact point with our services.

We have organised this Privacy Notice into sections and included a Glossary at the end where you can find explanation of any defined terms we have used. We will update this Privacy Notice from time to time. Any changes will be available on the Privacy Notice accessible from the website and will include the last reviewed date. If we make any significant changes, we will notify you and provide you with additional information. We encourage you to check this Privacy Notice regularly to stay informed about how we use your Personal Data.

Links on our website may direct you to other brands or services we offer, each with its own privacy notice distinct from this one. We encourage you to review the specific privacy notices of these sites to understand how they use your personal data.

2. About Us and Contact Details

Johnson & Johnson Ltd, part of Kenvue (“Kenvue”) is registered in the United Kingdom, 50-100 Holmers Farm Way, High Wycombe, HP12 4EG. Under Applicable Data Protection Laws, we are the Controller of your Personal Data.

We have designated a Data Protection Officer (DPO). You can contact our DPO and the EMEA DPO Team at [email protected]

3. Where Do We Collect Your Data from?

We will collect Personal Data about you from the following sources:

Directly From you:

When you visit our website or register to use our services
Through cookies we use on our website, for more information please visit our Cookie Policy
Via surveys and feedback forms e.g. data collected when you participate in surveys, feedback forms, or market research initiatives
Your devices e.g. when you use your device to browse our website. For more information about our use of Personal Data which we collect from your device see our Cookie Policy

Third Parties:

Companies that are part of Kenvue to assist us with the services we offer you or for internal administrative purposes
During collaborative events with other organisations
The institution or organisation you are affiliated with
Social Media Platforms

Publicly available sources:

Publications, academic registries

4. Why Do We Collect Your Personal Data and What Types?

The table below outlines what activities we carry out, the type of Personal Data we use and our legal basis for processing your Personal Data.

Why We Collect Your Personal Data	Personal Data Processed	Our Legal Basis
To provide you with access to our Services e.g. to browse our website, download reports, presentations	Device information, IP address. Please see our see our Cookie Policy	It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
For product development and improvement, to use feedback and data to enhance products		Legitimate Interest (improving products and services.)
For Event Management, to organise and manage events and webinars	Name, email login details, username, password, and preferences related to the registration	Performance of a contract (for event registration) Legitimate Interest (providing training/ webinar content to you)
To provide the functionality of our services and customer support.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
For user registration, access authorisation and authentication tools and other resources that may be required for the performance of our contractual relationship, including the provision of our online services.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
To deliver important information regarding our relationship with you, our services, any changes to our terms, conditions, and policies and/or other administrative information.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
To organise logistics and provide travel management services that may be required for the performance of our contractual relationship.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
To publish research results of clinical trials or medical research as defined in the respective agreement you enter into with us.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
To perform scientific and medical research, and delivering associated activities such as training and education that may be required for the execution of such scientific and medical research.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
To conduct audits to verify that our internal processes are compliant with contractual requirements.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
To understand your interests and preferences, through non-automated and automated means, including profiling, to optimise the relevancy of the information and offers you see on our platforms and to offer targeted advertisings tailored to your interests on our advertising or marketing partners’ platforms.		Where we have your consent
To perform interviews or surveys to understand more about our products and the markets we operate in, and to improve our consumer health products, services and process efficiencies		Legitimate Interest (to improve our products, services and processes)
To Verify your professional credentials to consider your involvement in our scientific activities.		Legitimate Interest (To verify your professional credentials before inviting you to take part in scientific activities)
To research and to analyse data for market research and business analysis.		Legitimate Interest (in understanding business trends and business performance.)
To send you technical notices, updates, security alerts, to troubleshoot.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
To determine the effectiveness of our promotional campaigns, so that we can tailor our campaigns to your needs and interests.		Legitimate Interest (to tailor our campaigns to the needs and interest of our users.)
To handle payment transactions, ensuring secure and efficient payment processing for purchases.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
To comply with regulatory and legal obligations related to scientific and medical research;		To comply with our Legal Obligations
To comply with applicable regulatory and legal obligations associated with the manufacturing of our consumer health products;		To comply with our Legal Obligations
To manage legal requirements concerning financial transactions, including Transfer of Value (‘TOV’) disclosures: this includes disclosing payments and other TOV to comply with transparency reporting laws, including but not limited to the US Physician Payments Sunshine Act. don		To comply with our Legal Obligations Legitimate Interest (to comply with the laws and regulations in other countries we are subject to).
To prepare and submit regulatory filings, correspondence, and communications to government authorities concerning the clinical trial.		To comply with our Legal Obligations Legitimate Interest (to comply with the laws and regulations in other countries we are subject to).
To combine your information with other information we collect about you, both online and offline.		Where we have your consent
To find, investigate and prevent fraudulent activities.	Email, phone number, digital usage data - Information collected through digital platforms such as website visits, browser type, version, usage and pattern, and interactions with online content. Please see our Cookie Policy	To comply with our Legal Obligations Legitimate Interest (to comply with the laws and regulations in other countries we are subject to).
For claims, legal disputes, investigations, enforcement of terms and conditions, for the defense of our rights.	Email, phone number, transaction data, communication records, legal documents.	Legitimate Interest (for the purpose of establishing, exercising, or defending legal claims.)
We may process and disclose your Personal Data to comply with legal process or applicable law, which may include laws outside your country of residence.	As required by the specific legal request or obligation, which could include a wide range of data, Contact details (email, phone number), As account details, transaction history, and communication records.	To comply with our legal obligations Legitimate Interest (to comply with the laws and regulations in other countries we are subject to).

Receiving reminders from us: You can opt out of receiving reminders concerning events and relevant conferences and reminders concerning your scheduled activities on a going-forward basis. In your request to us, please provide us your name and the email address or phone number at which you receive reminders from us.

5. Marketing (Withdrawing Your Consent)

If you have consented to receive (opted-in) direct marketing, you can withdraw your consent (opt-out) and not receive marketing communication from us anytime. You can do this by clicking unsubscribe in our marketing emails or contact us at [email protected]. Please note that if you withdraw your consent to receive marketing related messages from us, we may still send you important transactional and administrative messages, from which you cannot opt out from.

Marketing from our other parties

If you have previously consented to receiving marketing from our affiliates or third-party partners, each with its own unique offerings, you will receive messages and promotions directly from them. Our affiliates and third-party partners manage their own marketing activities. They will handle your Personal Data and any consent withdrawals as set out in their privacy notices.

Where you have consented but no longer wish to receive marketing from our affiliates or third-party partners, you should contact them directly to stop their marketing messages.

Your Personal Data may be shared with various recipients for the purposes outlined under section 4. You can find the categories of recipients below:

IT services providers, in the field of image optimization, analytics, hosting services, logs management, security and performance for the browser.
Website Development Companies.
Data Analysis Firms to improve our services and user experiences.
Customer Service that assists in handling customer inquiries and issues.
Data enrichment service providers e.g. social media platforms (Facebook, Instagram).
Marketing agencies and advisors.
Kenvue Affiliates acting as our processor, to help us provide our services to you e.g. our customer service function to handle your enquiries.
Our external professional advisors e.g., legal advisors, our auditors.
Our Kenvue Affiliates, to send direct marketing about their services and products where you have consented to them doing so.
Where permitted by applicable law, a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
We may also disclose your Personal Data when necessary or appropriate, especially in response to laws enforcement agencies, fraud prevention bodies, legal counsel, public or government authorities. This may include authorities outside your country of residence. Such disclosures are made to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others.

7. How do we protect your Personal Data?

We seek to use effective organisational, technical, and administrative measures designed to protect Personal Data under our control. For example, we implement robust security measures to protect your information, which include encryption of transmitted data and secure password practices. If you have a reason to believe that your interaction with us is no longer secure (for example, you believe that the security of your account with us has been compromised), please immediately notify us via the “Contact Details” section above.

8. International Transfers of Personal Data

To ensure your data is protected in the countries we transfer to outside the UK, we either:

Transfer your Personal Data to countries recognised by the UK as providing adequate data protection, please see list here; or
Transfer your Personal Data by contractually ensuring that the recipient is bound by the UK International Data Transfer Agreement or the UK Addendum to the EU's Standard Contractual Clauses.

You may obtain a copy of these adequate measures by contacting our Data Protection Officer and the EU DPO Team in accordance with the “Contact Details” section above.

9. How Long Do We Store Your Personal Data

We will retain your Personal Data for as long as needed or permitted considering the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide our services to you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable considering our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

10. Your Rights

You have various rights regarding your data, as detailed in the table below:

Your rights	Description
The right to object to the processing of your Personal Data	You can object to the use of your Personal Data for certain purposes. You have the right to stop your Personal Data being used for direct marketing at anytime
The right to be informed	You have the right to know if and how we process your Personal Data, as detailed in this Privacy Notice.
The right of access	You can request access to and a copy of your Personal Data we have unless legal exceptions and exemptions apply.
The right to rectification (correct)	You can ask us to complete or correct any incomplete or incorrect Personal Data.
The right to Erasure (also known as the “right to be forgotten”)	You have the right to ask us to delete your Personal Data in certain circumstances, for example, we cannot delete if there is a legal or regulatory obligation on us to keep it.
The right to restrict the processing	You can request that we limit processing your Personal Data in specific situations: a) when its accuracy is contested, b) the processing is unlawful, but you do not require the deletion of your Personal Data c) your Personal Data is no longer needed for processing, but you need it for the establishment, exercise or defence of legal claims d) If you object to processing of your Personal Data occurring based on our Legitimate Interest.
The right to data portability	You can request your Personal Data in a machine-readable format, only when processing is based on your consent or contract and is carried out by automated means.
The right to withdraw consent	If you gave consent for processing your Personal Data, you can withdraw it anytime. Withdrawing consent will not affect the lawfulness of past processing, and we will inform you if we can no longer provide you with your chosen service.

We will keep a record of your requests. In cases of manifestly unfounded, vexatious or excessive request, we may charge a reasonable fee or refuse the request. If you make a request, we will need to confirm your identity and may ask for additional information to help us with your request. We will respond to your request without undue delay, but it may take up to one month to respond. If your identity cannot be verified, we cannot process your request. You can exercise your rights by emailing [email protected]. Please note that for a complex request, timelines may extend up to two months. In such case you will be promptly informed accordingly.

11. How to Lodge a Complaint

If you have any questions, concerns or complaints about this Privacy Notice, please contact [email protected]

You may also lodge a complaint with a data protection supervisory authority in particular where you reside, you work or the matter you are complaining about took place.

The competent data protection supervisory authority in the UK is the Information Commissioner’s Office (ICO), Make a complaint | ICO.

12. Updates to the Privacy Notice

This policy was last updated on 4th April 2024.

13. Glossary

Terms	Definitions
Applicable Data Protection Laws	means all applicable EU legislation and regulation relating to data protection and privacy including without limitation UK's version of the EU GDPR (the "UK GDPR") and the UK's ePrivacy rules ("PECR").
Controller	is a person(s) or company (either alone or jointly or in common with other persons) who decides how Personal Data will be processed.
Legitimate Interest	This is a legal basis which we are able to rely on where we are processing Personal Data for our activities and needs or the activities and needs of others, including providing you with the best service and experience we can offer. We will balance our interests against any potential impact on your rights or freedom. If your rights, interests and freedoms override our interests, we will not process your Personal Data under this legal basis.
Personal Data	This refers to any Information relating to an identified or identifiable individual, who can be directly or indirectly identified by reference to identifiers (e.g. name, email, demographic information, and online identifiers).
Privacy Notice	Also referred to as a Fair Processing Notice or a Privacy Policy – informs individuals what Personal Data is processed and how and why a company will process it. This document is the Privacy Notice for the Services.

Why We Collect Your Personal Data	Personal Data Processed	Our Legal Basis
To provide you with access to our Services e.g. to browse our website, download reports, presentations	Device information, IP address. Please see our see our Cookie Policy	It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
For product development and improvement, to use feedback and data to enhance products		Legitimate Interest (improving products and services.)
For Event Management, to organise and manage events and webinars	Name, email login details, username, password, and preferences related to the registration	Performance of a contract (for event registration) Legitimate Interest (providing training/ webinar content to you)
To provide the functionality of our services and customer support.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
For user registration, access authorisation and authentication tools and other resources that may be required for the performance of our contractual relationship, including the provision of our online services.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
To deliver important information regarding our relationship with you, our services, any changes to our terms, conditions, and policies and/or other administrative information.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
To organise logistics and provide travel management services that may be required for the performance of our contractual relationship.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
To publish research results of clinical trials or medical research as defined in the respective agreement you enter into with us.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
To perform scientific and medical research, and delivering associated activities such as training and education that may be required for the execution of such scientific and medical research.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
To conduct audits to verify that our internal processes are compliant with contractual requirements.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
To understand your interests and preferences, through non-automated and automated means, including profiling, to optimise the relevancy of the information and offers you see on our platforms and to offer targeted advertisings tailored to your interests on our advertising or marketing partners’ platforms.		Where we have your consent
To perform interviews or surveys to understand more about our products and the markets we operate in, and to improve our consumer health products, services and process efficiencies		Legitimate Interest (to improve our products, services and processes)
To Verify your professional credentials to consider your involvement in our scientific activities.		Legitimate Interest (To verify your professional credentials before inviting you to take part in scientific activities)
To research and to analyse data for market research and business analysis.		Legitimate Interest (in understanding business trends and business performance.)
To send you technical notices, updates, security alerts, to troubleshoot.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
To determine the effectiveness of our promotional campaigns, so that we can tailor our campaigns to your needs and interests.		Legitimate Interest (to tailor our campaigns to the needs and interest of our users.)
To handle payment transactions, ensuring secure and efficient payment processing for purchases.		It is necessary to perform a contract with you or to take steps prior to forming a contract with you.
To comply with regulatory and legal obligations related to scientific and medical research;		To comply with our Legal Obligations
To comply with applicable regulatory and legal obligations associated with the manufacturing of our consumer health products;		To comply with our Legal Obligations
To manage legal requirements concerning financial transactions, including Transfer of Value (‘TOV’) disclosures: this includes disclosing payments and other TOV to comply with transparency reporting laws, including but not limited to the US Physician Payments Sunshine Act. don		To comply with our Legal Obligations Legitimate Interest (to comply with the laws and regulations in other countries we are subject to).
To prepare and submit regulatory filings, correspondence, and communications to government authorities concerning the clinical trial.		To comply with our Legal Obligations Legitimate Interest (to comply with the laws and regulations in other countries we are subject to).
To combine your information with other information we collect about you, both online and offline.		Where we have your consent
To find, investigate and prevent fraudulent activities.	Email, phone number, digital usage data - Information collected through digital platforms such as website visits, browser type, version, usage and pattern, and interactions with online content. Please see our Cookie Policy	To comply with our Legal Obligations Legitimate Interest (to comply with the laws and regulations in other countries we are subject to).
For claims, legal disputes, investigations, enforcement of terms and conditions, for the defense of our rights.	Email, phone number, transaction data, communication records, legal documents.	Legitimate Interest (for the purpose of establishing, exercising, or defending legal claims.)
We may process and disclose your Personal Data to comply with legal process or applicable law, which may include laws outside your country of residence.	As required by the specific legal request or obligation, which could include a wide range of data, Contact details (email, phone number), As account details, transaction history, and communication records.	To comply with our legal obligations Legitimate Interest (to comply with the laws and regulations in other countries we are subject to).