print_label | resize_label
Key requirements


In the countries where they apply, AstraZeneca’s BCRs require Us, among other things, to:

  • Use personal data only for specified and lawful purposes;
  • Collect and use only the minimum amount of personal data required in order to meet our legitimate business needs;
  • Take steps to ensure that the personal data that We hold is kept accurate and upto- date;
  • Take appropriate measures against the risks of unlawful use and accidental loss or destruction of, or damage to, personal data;
  • Honour data subject rights requests in regard to access, correction, deletion, restriction, objection, and porting;
  • Impose suitable contractual controls whenever We engage parties to process data on our behalf;
  • Report personal data breaches to competent authorities and affected individuals in appropriate cases; and
  • Comply with accountability requirements that include maintaining a record of processing activities, conducting data protection impact assessments in appropriate cases, and abiding by privacy-by-design and privacy-by-default principles

You can find more information about these requirements in our Data Privacy Standard.