Privacy Policy - Bristol Myers Squibb

1. WHO WE ARE

We are Bristol-Myers Squibb (BMS), a member of Bristol Myers Squibb Company. In addition to this Notice, our details (name, address, etc.) may have been given to you separately at the time of the collection of information about you, for example, in a form, an app or website notice, or in an e-mail, containing a link to this Notice. Together with our worldwide affiliates and other entities that are part of the BMS group which have a relationship with you, we are the controllers of your Personal Information. We refer to these entities as “BMS”, “we”, “us” or “our”. You can access the main locations of our entities and facilities, markets where we distribute our products and the countries where we operate on www.bms.com.

2. INTRODUCTION – HOW THIS NOTICE APPLIES TO YOU

3. HOW WE USE YOUR INFORMATION ONLINE

We may collect your Personal Information online when you use BMS or third-party operated websites and other online resources, including mobile applications, other digital means or platforms. This may also happen through collaborations that we have in place with third parties or companies that host websites for us or with whom we have partnerships for our products, services, or activities. Below, we give you additional information about how we use your information online.

You may interact with BMS or our partners’ websites and platforms that relate to BMS products and services, job application, patient recruitment, disease awareness, scientific research, alliance websites, or applications used in the context of patient support or management programs.

We enter into arrangements for those collaborations to require an appropriate protection of your Personal Information. Some areas of our websites and platforms may require you to submit information in order for BMS to respond to your request, permit you to access specific areas or participate in a particular activity. When visiting our websites, please also read our Legal Notice and if you are visiting our website for safety reasons, please visit our page for medical information.

We have identified examples where we Use your Personal Information online in the table below.

Online Information that we may collect when you use our sites
Contact information	If you communicate with us through the "contact us" link on our sites, we may ask you for your Personal Information, such as your name, telephone number, professional information and e-mail address so that we can verify your identity, or respond to your questions and comments.
Website features	Our site offers various features, which we may change from time to time. We may ask you to submit certain Personal Information so we can communicate with you about these features and manage them properly.
Contacting Medical Information or reporting an adverse event	If you contact our medical information team (medinfo) or report an adverse event in relation to a BMS product, the information you provide (including your name, contact details, professional information and your questions) will be documented and retained on our databases for purposes of dealing with your enquiry and to comply with the law.
Connections and authentication	Some areas of our websites and platforms can be restricted. It may require you to log in with usernames, passwords and other authentication mechanisms that belong to you, that you create or that we provide you. When using such features, this may automatically allow us to access certain of your account credentials or other personal user account details to verify your identity or that you have a valid licence to practice as a professional.
Other uses of information	We may Use the Personal Information you provide through BMS websites or platforms for our internal purposes. These purposes include administration of the site, data analytics, compliance with our legal obligations or our internal policies and procedures.
Cookies and similar tracking technologies	When connecting to our various websites, applications, and other digital platforms, we may use cookies and other similar technologies that may allow us or third parties to collect Personal Information about you. Depending on the country where you reside, you may opt-in or opt-out from options or technologies that we use and display. Please read our section on cookies below for more information.

Links to other third-party websites

As a convenience to users, our sites contain links to other third-party websites that may offer additional information, such as educational or professional materials, services and contacts. This Notice does not apply to your use of those other websites. Before using the linked websites, please review their privacy notices to understand how they use and protect your Personal Information.

4. WHAT INFORMATION WE MAY PROCESS ABOUT YOU

The information that we Process about you may include various categories of Personal Data depending on your interactions with BMS, third parties with whom we collaborate, or external sources that provide us with your Personal Data. We have outlined below the main categories of Personal Information and, where applicable categories of sensitive Personal Information that we may collect about you.

Examples of general categories of Personal Information
Contact information	Full name, personal or professional postal and/or email address, phone number and other contact details.
Identification information	Full name, initials, date of birth, photographs, or government-issued identification, such as driving licence, passport, professional licence number, or government ID number.
Financial information	Payment-related information, such as your bank address or account details and number, tax-related information for business purposes, creditworthy information (such as to enter into a contract with you or to comply with the law), or other information about you, your relatives, connections, your suppliers or third parties for example to verify the absence of conflicts of interest or to comply with anti-bribery laws.
Professional information	Job title, CVs and resume, educational information, professional qualifications, position, work experience, background checks, criminal records, professional networks, programs, publications and activities, referrals and, other relevant professional information where needed.
Categorization and classification data	In some cases, we may classify, organize, rank, rate or create profiles relating to our audiences (for example, via our customer relationship management system or other similar tools). When doing so, those activities are conducted with human intervention by BMS staff or authorised third-party employees to capture: data relating to how you behave using our technologies (for example websites, mobile applications, platforms, or care programs); data used to categorize, analyse, or predict performance and preferences. You can read more about this activity in section 10 below.
Sentiment analysis and analytics, social media and data from publicly available sources	We may obtain information from publicly available sources, third-party service providers specialized in social media listening, or from the Internet to understand how the general public or influencers perceive our brand, products and activities. This may include collecting information about: the volume of coverage, reach and popularity, sentiments (negative/positive), most frequent words and topics that you use, engagement (amount of likes, favourites, comments, shares of users on a specific topic), contributors’ demographics (native language, country of origin and gender), and date and time of posts to see development over time, which we may collect via our channels, websites, social media or via third-party providers. When conducting such activity, we do not make individual decisions on users unless we inform you otherwise. We have agreements in place with third parties to protect and limit information Used for this purpose to aggregate reports. If we need to specifically identify you, we will use reasonable efforts to inform you about our Use of your Personal Information. You can read more about this activity in section 10 below.
Data from social media activities and monitoring	BMS uses social media channels to share important news about our research and commercial activities, programs, and initiatives to improve the life of patients. You may connect using your login details on such platforms or visit publicly available pages. When monitoring our channels, we may receive aggregate information or access Personal Information about you, such as your username, profile, and what you say, like or comment on our channel. When monitoring our channels, BMS may also receive information about potential adverse events about someone using a BMS product. If we identify or receive safety information about patients, we may be required to notify competent authorities about pharmacovigilance cases. You should consider carefully what information about yourself and others (such as colleagues, friends, customers, or patients) you choose to share when you use social media. If you need to report any concern about our products, we encourage you to contact us via our contact forms on our official BMS sites. Because the information you may share becomes public and often cannot be permanently erased on those platforms, we recommend that you do not report sensitive information, including health information through BMS social media platforms. We may provide additional notice and choices to you about how BMS may Use Personal Information on social media platforms, our websites and other online resources that we utilize.
Information technology-related data	The information we may collect might originate from your use of BMS’s sites, websites, mobile applications, and other connected devices (such as medical devices and Apps) and includes: Internet Protocol (IP) address, geolocation data, your browser, operating systems, device ID; data captured by cookies and similar tracking technologies, which may include analytics information and information about the date and time of your request (read our cookies section below); or Information that we may collect that describes and gives information about other data ("metadata”). This Notice applies to the extent such metadata allows us to draw precise conclusions about your private life, to identify you or to further Use your Personal Information for our purposes.

In some situations, we may collect sensitive Personal Information about you. When doing so, we apply stronger safeguards to protect your privacy. Depending upon the country in which you reside and the particular context for the collection of such Personal Information, this may include the following information:

Examples of special categories of data / sensitive Personal Information
General types of sensitive Personal Information	Data revealing race or ethnicity (such as for diversity and inclusion initiatives); Political opinions (such as for employment purposes); Religious or philosophical beliefs (such as for tax purposes), or trade/labor union membership (such as to comply with labor laws); or Data related to a person's sex life or sexual orientation;
Health information(if permitted or required by law)	We may collect data relating to your health in limited contexts, which includes: health data or status needed for managing accidents cases or for disease prevention in the context of public health; dietary preferences or restrictions (such as food allergies), special conditions or disabilities when attending an event; genetic or biometric information, (for example, for identification and safety purposes, in relation to BMS’s risk management and drug safety programs, for accessibility purposes for visitors to BMS facilities and manufacturing sites, or for security or fraud prevention or detection purposes); or other health data, combined with other identifiers that we may collect to provide you with cell therapies, personalized medicines and other innovative therapies or devices that we use to manufacture our products, ensure product quality, safety, performance, vigilance and to ensure patient safety. Such Personal Information may include your initials, name, key-coded or pseudonymized data, and other related information necessary for the provision of our products when necessary to protect your health safety or to comply with the law.

Examples of special categories of data / sensitive Personal Information

General types of sensitive Personal Information

Data revealing race or ethnicity (such as for diversity and inclusion initiatives);
Political opinions (such as for employment purposes);
Religious or philosophical beliefs (such as for tax purposes), or trade/labor union membership (such as to comply with labor laws); or
Data related to a person's sex life or sexual orientation;

Health information(if permitted or required by law)

We may collect data relating to your health in limited contexts, which includes:

health data or status needed for managing accidents cases or for disease prevention in the context of public health;
dietary preferences or restrictions (such as food allergies), special conditions or disabilities when attending an event;
genetic or biometric information, (for example, for identification and safety purposes, in relation to BMS’s risk management and drug safety programs, for accessibility purposes for visitors to BMS facilities and manufacturing sites, or for security or fraud prevention or detection purposes); or
other health data, combined with other identifiers that we may collect to provide you with cell therapies, personalized medicines and other innovative therapies or devices that we use to manufacture our products, ensure product quality, safety, performance, vigilance and to ensure patient safety. Such Personal Information may include your initials, name, key-coded or pseudonymized data, and other related information necessary for the provision of our products when necessary to protect your health safety or to comply with the law.

Please note: The categories of Personal Data listed above are not exhaustive and may vary depending on the way that you interact with us or the type of Personal Data that BMS needs to Process for particular activities. In the event that BMS Uses Personal Data about you which is not listed in this Notice, we will employ appropriate means to inform you about the information that we will Use at the time of collection or when we communicate with you.

5. WHERE DO WE GET YOUR INFORMATION FROM

In most cases, BMS will collect information directly from you, although sometimes we will obtain information from public or third-party information sources or from use of web-based, devices or other technologies which automatically generate such information. We have outlined below the main ways BMS collects and Processes Personal Data when interacting directly or indirectly with you.

We may collect information from you directly:

when we interact with you in the course of our activities or when you participate in a BMS activity, event or program (such as diversity and inclusion, ambassador or patient support programs);
in the context of a specific treatment, such as for personalized medicines, using medical devices or digital platforms or applications;
when we engage service providers, business partners or institutions for services, collaborations or operations;
when you sign up to receive our communications to become a member of our databases or when registering to receive our press releases, e-mail alerts, marketing communications or more information about our activities;
when you share information with us through our various contact points, such as through our company products, commercial, clinical or alliance websites, mobile applications, contact forms, call centers, career application websites, during offices or manufacturing site visits, or for product inquiries;
when we collect information about you from your computer or other devices you use when visiting BMS’s website or mobile applications, or other products, our offices and facilities; or
when you share medical information with us relating to adverse events, pharmacovigilance or incidents involving devices or applications. These disclosures can be communicated in-person or remotely, including by calling us, or via our websites and other digital channels or means of communication.

We may collect Information about you indirectly:

when we receive information about you through a healthcare professional where necessary for pharmacovigilance, incident management, risk management, investigation, or litigation purposes;
when we obtain information that is accessible from public registries, databases, or other third-party sources, such as service providers, agencies or private organisations;
when you have made information about you publicly available on the Internet, including websites, social media platforms, scientific reviews, articles and publications and other sources, in which case we may either inform you, anonymize the data or get your prior consent;
when necessary to verify your credentials, professional information (such as by accessing publicly accessible information, national registries or third-party databases) or your identity for compliance, security or ID verification purposes;
when you make public posts on social media platforms that we follow (for example, so that we can understand public opinions); or
when conducting pharmacovigilance monitoring activities, or in the context of incidents or other post-market surveillance obligations.

We may also collect information about you automatically, such as for security and systems monitoring (e.g. through video (CCTV) recording) and building access control logs when you visit our offices or in other contexts made apparent to you at the time.

6. DATA MINIMIZATION

7. FOR WHAT PURPOSES DOES BMS PROCESS YOUR INFORMATION

This is a global Notice. BMS Processes your information in the context of our regular activities, and in accordance with the purposes as set out in this Notice, a separate notice, or when Applicable Data Protection Laws either permit or require us to do so. These purposes may vary depending on where you live and where BMS operates. Where the laws of a country restrict or prohibit certain activities described in this Notice, we will comply with such requirements. This may include refraining or not Using your Information for those purposes restricted or prohibited in that country.

Below, we list some of the main, but not all, of our purposes for which we may Use Personal Information about you.

Main purposes for which BMS may Use your Personal Information
Contracting purposes	We may Use Personal Information about you, your staff and third parties with whom you collaborate in the context of the services that you provide to us. Such Personal Information may include: when you need access or authorisation to connect to our systems, devices or enter our facilities; to protect our systems and IT infrastructure; when assisting us in our activities; or when we conduct audits or assessments of your organisation. This includes obtaining Personal Information before, during and after we enter into a contract with your, your organisation and your staff.
Collaborations and research purposes	We may Use Personal Information about you when we partner with other organisations, including private or public alliances, institutions, regional or local discussions, or life science industry groups associations and consortiums.
Patient advocacy and support programs	When we exchange, interact or establish partnerships with service providers, local, regional or global patient advocacy associations or organisations, or other life sciences companies, including in the context of patient-related support or management programs.
Providing innovative products, such as devices or personalized medicine	As we develop and manufacture innovative therapies, we may Use Personal Information, which may include sensitive Personal Information about you when providing: personalized medicines, such as cell-therapies, or other innovative therapies; or digital health platforms, digital or medical devices, medical equipment, tools or applications. In this context, we may keep Personal Information, including health information, about you for manufacturing, quality or safety purposes.
Managing BMS’s relationship with you	For example, when we: respond to your questions, comments, application and requests; manage your access to our systems, devices and facilities; conduct due diligence (including for compliance with anti-bribery laws and to avoid conflict of interests) or audits activities; invite you to our events, activities, initiatives or programs; conduct assessments, provide training, perform background checks or identity verification, send invoices; or have to disclose information to competent authorities.
Commercial and marketing activities	When conducting our business operations, we may interact with you in person or digitally or to improve our brand and products, such as through the following activities: Market Research and surveys: we collect Personal Information about individuals for market research purposes. We collect this information through surveys and interviews with patients and healthcare professionals or other stakeholders to help us improve our products and understand the market; Direct Marketing: we Process Personal Information to provide marketing information to individuals, including in-person, by electronic or remote means; or Websites and social media platforms: we may use social media to inform the public about our activities. We might collect aggregate information about social media users when you comment on BMS-related topics or use BMS media channels. See more details in our section 4.
In the context of clinical operations, studies and programs	BMS Uses limited Personal Information before, during and after we place a pharmaceutical product or a medical device on the market. This includes during our sponsored clinical trials and studies, such as for drug safety (pharmacovigilance), or incident or post-market surveillance monitoring (materiovigilance), or when interacting with authorities, regulatory agencies and bodies. We may also conduct real-world evidence activities in compliance with regulatory requirements.
Job application	When we Process professional information to assess individual's suitability for roles at BMS or collaboration purposes, such as when you apply on our career websites, through a job offer posted online or through agencies with whom we have partnerships. You can read more information in section 14 “Applying to work at BMS”.
Patient recruitment activities and websites	When we conduct in-person and activities to inform the general public, healthcare professionals and patients about our diseases, upcoming medicines and treatments or studies that may enable individuals to apply to such clinical trials or studies that we conduct.
Regulatory and compliance	When we Process information to comply with regulatory obligations particularly where they relate to drug safety and risk management obligations, and obligations related to spend-transparency and similar requirements specific to the pharmaceutical sector.
Investigations or defence of legal claims	For example, we may have to keep, preserve Personal Information about you in order to protect our rights, or for the protection of third-party rights. In certain situations, we may have to submit or transfer such information to authorities, courts, or other third-parties, including outside your country of residence.
Other purposes: BMS will Process your Personal Information for other purposes, where permitted or when required such as reporting information for BMS’s risk management and drug safety obligations.

8. HOW BMS JUSTIFIES USING YOUR INFORMATION

In this section, we describe our legal justifications (commonly referred to as “legal basis”) for the Use of your Personal Information related to each of our main Processing activities. We will use the legal basis that is most appropriate for the purpose and circumstances related to such Processing. Below, we have explained which legal bases we may choose or have to use when Using your Personal Information.

There may be times where we must use your consent to Process your Personal Information. We may also decide to ask your permission to Process your Personal Data, such as in the context of voluntary initiatives or activities.

Please note: depending on the country where you reside, the law of your country may not require that BMS use a specific legal basis to justify Using your Personal Information, including transfers of your Personal Information outside your country. However, when Applicable Law requires a legal basis, we will inform you about what legal basis we use at the time of the collection or when we communicate with you.  If your jurisdiction requires consent to Process your Personal Information when you interact with us, we will obtain your consent prior to the Use of such Information.

In the following table, you can read more details about what legal basis or combination of legal bases we use when Processing your Personal Information.

Our legal bases	Examples of activities that we conduct with your Personal Information
We may use our legitimate business interest or private interest to Process your Personal Information for	conducting our regular commercial activities; scientific and statistical research purposes; registering BMS visitors and supplier personnel visiting our offices; improving our products and services; interacting with contractors, patients and the general public; keeping you informed about our regular activities, such as with newsletters; conducting market research and surveys; collecting information that you decide to share on the internet or social media platforms, collecting responses from surveys, sending you newsletters, and inviting you to events; responding to your enquiries; engaging with you whether in-person, remotely, or digitally to organize our activities, or exchange information with you about our products or initiatives, or services; conducting profiling activities, such as tiering of individuals, our customers, key opinion leaders, visitors of our websites, through the use of applications and devices, and for other similar activities or through other means; conducting research activities alone or together with other third parties; to prevent crime (such as fraud, financial crime, and theft of intellectual and industry property) and to ensure the integrity of our manufacturing and other operations, or when necessary to enable us to operate as a pharmaceutical company.
When rely on our contractual relationship with you	when Using Personal Information about you, your staff, suppliers and third parties with whom you collaborate, for example to: send you requests for proposals or suggest of partnership and collaboration; conduct due diligence, assessments or audits of your organization; assess the feasibility of a study with your institution and to contract with you, your institution and staff; generally manage the contractual relationship with you as a partner, supplier or a third party service provider, such as for billing and payment purposes.
To comply with applicable laws	We may Use your Personal Information, including keeping or sharing it with authorities as required by Applicable Data Protection Laws, such as to: respond to or notify authorities about pharmacovigilance monitoring activities, incidents or other post-market surveillance obligations, for spend transparency; tax or accounting; anti-bribery and other laws that prohibits conflicts interest;
We use the public interest	when law of your country enables us to rely on it, in particular in situations that will be of significant public interest, such as for: scientific research that leads to medical breakthroughs or new medicines, seeking for a better understanding of diseases or to improve our products; to provide early access to our medicines; the prevention of diseases (such as in a pandemic situation); or preventing or the detection of crime.
We may use your Vital interests	In limited situations, BMS may have to collect information, which includes the use of sensitive Personal Data about you to protect your life or against incidents or other threats.
Other legal exceptions	In some instances, the law of your country may allow BMS to use a legal exception. This may apply, for example, when Using your health data to conduct research projects or to ensure high standards of quality and safety of health care and of medicinal products or medical devices.
With your consent	We may use your prior permission when the law of your country requires us to do so, for example to Use your Personal Information, disclose it, transfer it to, or share it with, third parties, including outside your country of residence. In other instances, we may require your prior consent to: to engage with you remotely or in-person, to send you commercial communications electronically (via an opt-in or a right to opt-out), such as for direct marketing, market research, surveys, propose collaborations, or for general interactions with you; to invite you to events or to propose you participate in various BMS activities and initiatives; to use your media content and your images (such as your photographs, audio or video recordings) for interviews, events or other BMS initiatives.

When you consent to the Processing of your Personal Information, you may have the right to withdraw that permission at any time. In such case, we will cease to Use your information in the future and, unless BMS has an obligation to keep it for a longer period, we will employ reasonable measures to limit or prevent further Use of it. This includes archiving, blocking, or employing encryption, anonymization, or erasure techniques.

9. WITH WHOM DO WE SHARE YOUR INFORMATION

As a multinational company operating worldwide, your Personal Information may be shared with, or accessed by, parties located outside your country of residence. If you are located outside of the United States, BMS may share your Personal Information with parties located in countries that provide less protection than in your country, which includes the United States. We may also Process and share your Personal Information with some of our affiliates and other members of the BMS group including selected and approved third parties (vendors and business partners) that help us operate worldwide. When doing so, we implement appropriate measures to prevent unauthorised access or Use of your Personal Information.

Below you can find more information about how BMS shares your Personal Information within its group of entities and with third parties.

Sharing your Personal Information within the BMS group

Often, we share your Personal Information within the BMS group of companies (“BMS Group”). This may include the Bristol Myers Squibb Company headquarters in the United States and all of its current and future subsidiaries, branch offices, affiliates, entities and other companies that are part of, owned or controlled by, the BMS Group. When exchanging information internally, we rely on appropriate arrangements and mechanisms to cover any transfer of your Personal Information within our corporate structure, such as binding corporate rules (BCRs), contractual arrangements approved by authorities, based on consent, or as otherwise permitted by applicable in your jurisdiction.

Sharing your Personal Information with third parties

To conduct our business, we share with, or disclose Personal Information to, third parties, such as:

Third-party service providers for the purpose of outsourcing specific business activities to request external support and resources. This may include companies that provide information technology services, clinical trials and studies support, marketing or market research services, events, meeting and planning services, or services related to talent acquisition or consultancy;
business partners such as external scientists and healthcare professionals to review and assist us with healthcare compliance activities and institutions and other organisations with whom we collaborate to support our clinical or commercial activities (such as for clinical studies, patient support programs, and so on);
Regulatory and health authorities including governmental bodies (such as the FDA, EMA, NHS), data protection authorities, tax authorities, or courts in case of disputes, when permitted or required by Applicable Data Protection Law; and
third parties to whom BMS is legally obligated to provide such information, such as other parties in litigation or legal disputes, guardians, conservators, or individuals with powers of attorney.

When engaging with third parties, we enter into agreements with them for the Processing of Personal Data so that such Processing is carried out in accordance with our instructions, in a confidential, secure, and transparent manner in order to protect your privacy rights. When it is not possible to enter into an agreement with a third party, such as when engaging, reporting or interacting with regulatory or health authorities or courts, and when legally possible, we will use our best efforts to implement appropriate security measures and controls (such as pseudonymisation) to protect your Personal Information.

If you are in the European Economic Area (“EEA”) and Switzerland

Whenever we transfer your Personal Information within the EEA, Switzerland or to countries that are deemed “adequate”, such countries are deemed to offer the same level of protection as given by the law of your country. When accessing your Personal Data from, or transferring it, outside of the EEA or Switzerland to countries that may not provide the same level of protection as your own country, we will use appropriate safeguards to protect your right to privacy. For example, such safeguards may consist of using Standard Contractual Clauses (to exchange information with third parties outside of the EEA and Switzerland), Binding Corporate Rules (for data transfer within the BMS group of companies) as approved by the European Commission or the competent authority, data transfer agreements or your consent.

If you are outside the EEA and Switzerland

Where possible, we will allow access to or the transfer of your Personal Information outside your country of residence:

to countries that provide a reasonable high level of data protection;
using the most appropriate data transfer mechanisms available to BMS; or
where required by Applicable Data Protection Laws, after we get your prior permission, for the collection, disclosure to third parties and the transfer of your Personal Information to a country which does not provide an adequate protection equivalent to the laws of your country of residence.

10. AUTOMATED DECISION-MAKING AND INDIVIDUALS’ RIGHTS

11. WHAT ARE MY RIGHTS AND HOW TO EXERCISE THEM

12. HOW LONG WE RETAIN YOUR INFORMATION

13. HOW DO WE PROTECT YOUR INFORMATION

14. APPLYING TO WORK AT BMS

BMS may Process your Personal Data to evaluate your application to work at BMS. When applying for an opportunity at BMS, we may collect and Process Personal Information about you directly or indirectly from our official websites, third parties or when you make this information publicly available or accessible by third parties for recruitment purposes. You can consult our career opportunities on this page: https://careers.bms.com/. Below, you can find more information about how BMS Processes your Personal Information when you apply to work for us.

To consider your application we may collect:

your professional experience, such as job title, education information, professional qualifications, work experience, publications, and professional networks, programs and activities in which you participated;
your contact details, such as your e-mail address, full name, date of birth and other information necessary to submit your application;
information gathered from agencies, such as information from recruitment agencies, reference providers, and (where permitted by law) background screening providers;
publicly available information from a company website, internet searches or social media platforms such as LinkedIn or other social media platforms, and publicly available profile information (such as your experience, skills, and interests);
information that you allow us to access, for example, if you choose to simplify your login Process to the job platform to allow direct access once you have signed in to your third party social media user account, (such as Gmail or Yahoo!), or if you want to upload information to the platform (such as from LinkedIn) instead of manually completing an application; and
other information (which may contain your sensitive Personal Information) that you submit to us, such as criminal records, or credit worthiness data that we require you to provide for certain roles, obtain indirectly or that we access when looking for new hires or career opportunities.

As your job application proceeds

We may ask you to share additional Personal Information with us, such as:

official information, such as government issued identification number or tax status;
financial information, such as bank account details;
special categories of Personal Data / sensitive Personal Data, including (where it is permitted, necessary or required for your application) information about your health, marital status, trade union membership religion,; or
other information necessary for your interview or providing you with a job offer, such as details of any known disability or workplace accessibility needs, background information, travel and expenses, performance management, emergency contact details, compensation, hours of work, holidays and benefits-related information.

Where do we Use your Personal Information for job application

As a multinational organisation, our affiliates transfer information globally. When you upload information to a job search platform, you provide it to all our affiliates, each of which may Process it for its own recruitment purposes. This is the case even where you respond to a job posting that mentions a particular BMS affiliate. Accordingly, we may transfer globally information about you (for example, if you are in the European Economic Area ("EEA"), your information may be transferred outside the EEA; if you are in Australia, your information may be transferred outside Australia).

We will not keep your Personal Information for longer than needed to consider your application. However, we may ask your permission to keep some information about you for a longer period (for example your CV or resume, work experience, cover letters and so on) to consider your eligibility for further job opportunities.

15. WHAT INFORMATION DO WE COLLECT ABOUT OUR PATIENTS

BMS Processes Personal Information about patients that use our treatments and in the context of our clinical research activities. We may also Use patient Personal Information in connection with certain activities, such as through our services, patient websites, collaborations or consortium agreements with third parties (for example genetic data), during events interviews, for advocacy related activities, or for clinical trials, studies or research projects linked to our products (for example to recruit you through our websites or business partners).

Note, this section, together with this Notice, does not apply to participants to clinical trials.

This Notice applies to how BMS may Use Personal Information about you when you participate in non-clinical activities. Below, you will find out more information about Personal Data that we collect about patients in contexts other than clinical studies or research projects.

Patients participating in non-clinical research activities with BMS

In the context of non-clinical research activities, BMS generally does not collect patient data, except in certain occasions, such as where we have reporting obligations to authorities, when we engage directly with you, via third parties, when you contact us, when accessing websites or other platforms, or if you agree to share such information with us. In some instances, we may have interactions with you or access information about you outside of our clinical research activities. This may happen when:

accessing our personalized medicines, other innovative therapies or devices;
BMS collaborates with patient organisations;
we recruit you for our clinical studies;
inviting you to our events;
we propose patient support programs; or
when conducting surveys, market research, interviews or propose ambassador programs.

When doing so, BMS will either collect information that does not allow us to identify you or use technical measures to limit the risk of identification. For example, we may use measures that could include:

replacing your information such as name, identification number or any other information with a code (key-coded study data);
using a third party provider who will only share your Personal Information in an aggregate manner with BMS;
anonymizing your Personal Information after its collection; or
requesting your prior consent.

If BMS accesses Personal Information about you that is sensitive, we will protect it adequately. For more information about our Use of sensitive data, please refer to section 4.

16. CHILDREN

17. COOKIES AND TRACKING TECHNOLOGIES

Depending on the country where you reside, you may manage your preferences on cookies and similar tracking technologies through the use of consent management tools that are available on our websites. This section applies to cookies and similar tracking technologies and we explain what our use of cookies and similar tracking technologies means to you and how to disable tracking (such as using opt-in or opt-out preferences). When we collect information that may enable us to identify you, the other sections of this Notice will apply.

What are cookies?

A cookie is a small piece of data that a website asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Such cookies when set by us are called first-party cookies. We may also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting (for example, those used by social media, instant messaging, CRM or marketing platforms, or advertising companies). For more information about cookies, types of cookies and how to manage cookies, including how to block them and delete them, please visit http://www.allaboutcookies.org.

Below, we list the main categories of cookies and similar tracking technologies that we may use when you connect to our websites, use our web-based platforms, applications, devices, or when you interact with us electronically or when you receive electronic communications from us (“Online Use”). You can learn more about the purposes for which BMS may use such technologies for your Online Use.

What categories of cookies may BMS use?

We generally use certain types of cookies during your session on our website (“session cookies”). To improve your experience or remember your preferences or choices, we may use cookies that will remain on your device unless you remove them (“persistent cookies”). When using cookies on our websites and other digital services, such technology may include:

Categories of cookies and tracking technologies that BMS may use
Strictly necessary cookies (“required”)	Those cookies and tracking technologies enable our websites to operate and to improve the security of our website for your Online use, such as when you have to authenticate or use login functionalities to access restricted part of our websites (such as using patient or physician login or page selection to restricted pages or areas of a website or application).
Performance cookies	Those cookies may allow BMS to: improve our websites; remember language or other preferences when you navigate; or use other features on our websites, applications, platforms and devices to improve your Online use.
Social media cookies	On certain BMS websites, we may use social media plugins for you to share interesting content or to connect to certain accounts to share your Personal Information with us. Such platforms may access your history of navigation and collect information about your browsing journey under their own terms. You can access more information when connecting to our sites.
Analytics cookies	These cookies enable us to better know the use of our websites, establish statistics on their uses and visits (e.g. information on each visited page, how long a user navigates on a specific page, how long it takes to download a specific page, what are the users’ actions on each page (click, selection, etc.).
Other tracking technologies	When using third-party software or websites, mobile applications, devices, web-based platforms or through other Online use, the technology may involve certain built-in tracking technologies. This may include: web beacons, web server data and similar technologies; tracking pixels, which we may include as an image in our communications to you. This may allow us to understand when you read electronic communications that we send you, to send you more accurate and relevant content and improve our communications to you. When using such technology, we may receive aggregate or anonymized information. In certain cases, we may collect Personal Information about you that includes: location data (such as the city, region and from where you opened your e-mail); your IP address; browser and device information: such as your mobile or desktop Operating System (OS), e-mail software type, device and user agent; or time and date of when you open our electronic communications. other trackers that enables functionalities such as remote interactions with you through chatbots, instant messaging and other online features on our websites or third-party software that we use for our activities.

Why do we use cookies on our website?

In addition to the explanation provided in this Notice and the section above, we use cookies or similar tracking technologies in various instances, such as for the following purposes:

Making your experience more efficient, faster and easier: by remembering your preferences, like preferred language, display and other settings, maintaining your session, and for authentication purposes. This helps us to provide you with a better user experience. These cookies are also referred to as Session-Id cookies, authentication cookies, and User Interface customization cookies.
Gain useful knowledge about how the site is used: by collecting information about the number of visitors and other uses. This helps us improve our sites. These cookies are also referred to as analytics cookies. For this purpose, we use services such as Google Analytics which means that Google and similar suppliers will also have access to this information (including your IP address and any other equipment identifiers such as the IMEI number and the MAC address).
Provide easy access to our websites. This helps us to direct you, share with you our content within sites such as Facebook, Twitter, LinkedIn, YouTube or Pinterest or allow you to share content that is of your interest. To the extent we use such technology, these ‘social media plug-ins’ may store cookies and similar technology on your computer or other device. This means that the social media sites may access this information (including your IP address), may identify that you interacted with the BMS site.
Improve our marketing communications to you. Certain cookies, such as web beacons or tracking pixels, may be used by third party systems, such as customer relationship management systems or other service providers who help us manage e-mail campaigns. Those trackers enable us to better understand the success of our communications and the relevance of the content that we share with you. This may allow us to reduce the number of e-mails that we send you and provide you with content, scientific information, or initiatives that are more tailored to your interests.

How can you object or refuse cookies?

Subject to the law of your country, in particular in the European Union, we will either inform you, ask your prior permission (opt-in) before placing tracking technologies on your device, or provide you with a right to object (opt-out) for the purposes that we describe in this section. Your web browser, e-mail software (such as Microsoft outlook, or Google Gmail) and other clients that you use can be set to manage cookies and similar trackers and even reject them by default. Do bear in mind that if you set your browser to automatically reject cookies, your user experience when visiting websites will not be the same: your preferences may not be remembered, some functionality may be lost and you may not be able to access certain areas or features of the sites.

For more details on the cookies that we use, you can read our cookie table below or, where applicable, on the website that you use by accessing the relevant cookie notice.

18. CHANGES TO THIS PRIVACY NOTICE

19. CONTACT US

Privacy Notice

General Privacy Notice

Our Commitment