Privacy Policy

Privacy Notice Regarding the Sanofi T1D Innovation Grant Program 

 

Last update: September 2025 

 

Sanofi understands the importance of privacy and the protection of personal data and is committed to ensure protection and security of personal data at every level within its organization. 

 

The processing of personal data is a key component of Sanofi’s relationship with you as Sanofi is accountable for the processing of your Personal Data, acting as Controller. Under data protection laws we’re required to provide you with specific information regarding how Sanofi is processing your personal data. 

 

 

1. Personal Data

 

 

1.1 What type of personal data does Sanofi process? 

 

Personal data Sanofi processes about you includes: 

 

  • Contact details, such as first name, last name, professional email address
  • Educational and professional qualifications
  • Financial Information, i.e., professional bank account
  • Organizational Job data, such as company name, job role, job title, location 

 

 

1.2 How does Sanofi collect Personal Data? 

 

Sanofi collects and processes your Personal Data via your registration to our database whereby you declare your interest to take part of the Sanofi T1D Innovation Grant Program and everytime you interact with our services and preferred vendor (i.e., IntraMed) in this regard. 

 

 

2. Why does Sanofi process your Personal Data? 

 

We process your personal data for the performance of the Type 1 Diabetes (T1D) Innovation Grant Program which is a research initiative funded by Sanofi. It provides financial support to five innovative research projects focused on translational immunology in type 1 diabetes. This program aims to fund type 1 diabetes research by supporting innovative projects addressing novel autoimmune pathways, early detection approaches, biomarker strategies, and AI and machine learning applications.  

 

Applications should be submitted to our preferred vendor (i.e., IntraMed) and will be evaluated by an independent committee of international type 1 diabetes experts, following a structured and transparent evaluation process. This evaluation will be performed after the anonymization of any personal data of the submitted file. 

 

Selected applicants will be subsequently notified and asked to submit their file a cloud-based software solution used by Sanofi. 

 

 

3. On what ground we process your personal data 

 

Sanofi processes your personal data because you’ve given your permission to do so. 

 

 

4. Who will have access to your Personal Data?  

 

By default, collected personal data is only available to the team which is conducting the Type 1 Diabetes (T1D) Innovation Grant Program (ie limited number of Sanofi staff) and our preferred vendor.  Please note that we can also share your personal data with: 

 

  • Other departments throughout Sanofi, including Legal, IT, internal audit and where required by law 
  • Local or foreign regulators, governments and law enforcement authorities.  

 

 

5. How long does Sanofi keep your Personal Data?   

 

Sanofi always keeps your Personal Data for the period required by law and where it is needed to do so in connection with possible legal action or an investigation involving Sanofi.

 

According to the Personal Data processing the applicable retention period is 3 years for your registration in our database and 5 years for the processing of your personal data by our preferred vendor. Collected personal data will be removed at the end of the retention period.

 

 

6. Your Privacy and Data Subject Rights

 

You have rights Sanofi needs to make you aware of. You may, where required by applicable law and subject to limitations (which could apply by exceptions or legal requirements locally applicable), be entitled: 

 

  • To have access upon simple request to your Personal Data. You may receive a copy of such data unless it is directly available to you, for instance within your personal registration.
  • To obtain a rectification of your Personal Data if inaccurate, incomplete, or obsolete.
  • To withdraw your consent, at any time, for the activities without affecting the lawfulness of the processing where your Personal Data is used based on your consent.
  • To obtain the deletion of your Personal Data in the situations set forth by Privacy Laws (‘right to be forgotten’).
  • To object to the processing of your Personal Data, where your Personal Data has been used based on SANOFI’s legitimate interests, in which case you will need to support your request by explaining your situation.
  • To request a limitation of the Personal Data Processing Activity in the situations set forth by Privacy Laws.
  • To request that some of the Personal Data you provided to Sanofi are brought to you, or to another Controller, in a commonly used, machine-readable format. 

 

If you would like to exercise any of these rights, please use SANOFI’s contact form to open a Data Subject request.  You are also entitled to lodge a complaint before your local data protection authority regarding the processing of your personal data or before our local data protection authority regarding the processing of your Personal Data (ie Commission Nationale de l'Informatique et des Libertés (lit. 'National Commission on Informatics and Liberty'). 

 

 

7. Security measures

 

Sanofi has implemented global cybersecurity & security frameworks to protect personal data and maintain the security and confidentiality of Sanofi’s information technology systems, assets, information, and databases. 

 

Sanofi has implemented a variety of technical and organizational measures to ensure the integrity and confidentiality of your personal data from unauthorized access, use, alteration and disclosure. 

 

These measures consider the state of the art, the costs of implementation and the nature, scope, context, and purposes of processing as well as the risk and severity for the rights and freedoms of individuals. 

 

 

8. Personal data transfer

 

The processing of your personal data may require the transfer to other countries. For that reason, your personal data are likely to be transferred (for example accessed, hosted, stored) within Sanofi group and/or to third parties, to different jurisdictions which are subject to other privacy laws, applicable outside of your country. 

 

In cases where Sanofi needs to carry out international transfers of your personal data, Sanofi ensures that adequate safeguards are implemented, as required under privacy laws. These safeguards apply whether your personal data is transferred internally within the Sanofi group or externally to third parties.  

 

Sanofi implements adequate internal measures to protect your personal data. If your personal data is subject to an international transfer within the Sanofi group, such transfer will be governed by: 

 

  • The intragroup agreement including the commitment that the recipient is bound by Standard Contractual Clauses (SCCs); you may obtain a copy of these SCCs by contacting SANOFI.
  • Binding Corporate Rules validated by the EU Data Protection Authorities.

 

 

9. Who is responsible for managing your Personal Data?

 

The personal data is collected and processed under the control of Sanofi Winthrop Industrie (82 avenue Raspail, 94250 Gentilly, France; registered under RCS number 775 662 257).