Content :

Banners :

Personal data protection - Actions

To ensure the personal data protection within the Group, sanofi-aventis implements various actions:

• Defining rules at Group level
• Developing training modules
• Organizing the approach

Defining rules at Group level

The sanofi-aventis approach is based on the Code of Ethics, the Group’s Personal Data Protection Charter and the Binding Corporate Rules (BCR).

The Code of Ethics

The sanofi-aventis Code of Ethics contains a chapter that addresses personal data protection.

In the Code of Ethics, which is available to all employees, sanofi-aventis confirms its commitment to protecting personal data by guaranteeing a person’s right to exercise control over the collection, processing, use, dissemination and storage of his / her personal data.

 For more information:

• Sanofi-aventis Code of Ethics (PDF, 1836Kb)

The Group’s Charter

Based on the European Directive of October 24, 1995, sanofi-aventis also established the Group’s Personal Data Protection Charter.

Available on the Group’s web site, this charter ensures that the same policy will be applied in all countries. It also ensures compliance with local legislation where laws have been enacted.

 For more information:

• The Group’s Personal Data Protection Charter (PDF, 66Kb)

BCR (Personal Data Protection)

The transfer of personal data is authorized among member states of the European Union because each country has transposed the Directive of October 24, 1995, which in particular sets out the standards to guarantee the protection of personal data during their transfer.

For countries outside the EU that are not bound by this European Directive, the transfer of data to one of these countries may only take place if th e individual whose data are transferred gives explicit consent, and if a specific contract has been established between the country that exports and the country that imports these data.

To harmonize data transfers outside the European Economic Space, sanofi-aventis has adopted internal rules known as Binding Corporate Rules. These have also been validated by the French National Data Protection Authority (CNIL) and by the authorities in charge of personal data for the European Economic Area.

Each sanofi-aventis affiliate concerned by these data transfer rules (BCR) has signed a contract, which has also been validated by the CNIL, making explicit their commitment to respect these rules. The Binding Corporate Rules, which were approved in late 2009, started to be applied within the Group in 2010.

Developing training modules

Sanofi-aventis has developed training modules concerning personal data and BCR so that all employees will be aware of their importance. The training modules, available on the Group’s Intranet site and through the Compliance Officers Network, will be updated on a regular basis.

There are two types of training modules:

• General training about personal data protection, designed for all employees
• Specialized training focusing primarily on BCR, intended especially for Group employees in charge of databases containing personal information

Initially provided in French and English, the training modules come with a translation kit so that affiliates may develop adapted versions in their local language.

 
The purpose of these remote modules is to train as many employees as possible. By late 2010, they were distributed to all the Group’s support functions. They will be rolled out in all countries in 2011.

Organizing the approach

Sanofi-aventis has taken several measures to ensure compliance with procedures, including:

• A dedicated Intranet site
• A Compliance Officers Network whose task it is to ensure that all Group employees have access to the sanofi-aventis Code of Ethics and Personal Data Protection Charter
• A Personal Data Protection Committee