2. Foreword: Why a simplified version of the Internet rules?
5 fields are now reviewed instead of 8
In a justified emergency, the web site can be validated before it goes on-line in 72 hours
(Fast-Track process)
An ad hoc process can be set up enabling the site to be validated after it goes on-line (on
request by the subsidiary and after approval by the Internet Validation Committee)
The e-PSF becomes optional. On the other hand, centralised management of the domain
names remains mandatory.
Web use in the Group is growing and it has become an essential medium.
More than 580 web sites were listed in the Group at end 2009, which is a 40% increase in 4 years. The
Internet Validation Committee has validated about a hundred projects a year since 2005 (own sites, in
partnership, web 2.0), which demonstrates the growing importance of the web for our business.
More than ever, the Internet is supplementing other media traditionally used in our marketing mix. It is a
channel with very great potential for promoting our products and activities, as well as informing our
patients about our main therapeutic fields.
But being on the Internet also has risks.
Being on the Internet is not risk-free for a group like ours. So precautions must be taken to limit potential
risks so that serious damage is not suffered (such as legal risks, non-compliance with regulations, hacking
of our sites, unauthorised access to or retrieval of confidential data, alteration or inconsistency of our
image or messages). Note that 74% of sites reviewed in 2008 and 46% in 2009 did not comply with the
Group’s Internet standards (out of a total of 294 projects reviewed in 2 years).
This is why there have to be Internet rules – which keep pace with evolving
needs.
It is inconceivable for sanofi-aventis to be on the Internet unless some principles are abided by. As
regards changes in our internal organisation and the limitations of our environment, we believe it is
necessary to free up the process of validating web sites, so we have simplified it by altering the points
mentioned in the introduction above.
2
Internet Rules 2.1 – July 2010
3. The Internet rules and forms mentioned in this document can be
downloaded at Is@ Group:
http://internet.sanofi-aventis.com
3
Internet Rules 2.1 – July 2010
4. CONTENTS
1. Scope ............................................................................. 5
2. The validation procedure ............................................... 6
2.1 Phase 1 : The site project...................................................................................................6
2.2 Phase 2 : Building the site .................................................................................................8
2.3 Phase 3 : Launching the site .............................................................................................9
3. Validation components ................................................ 11
3.1 Domain names ..................................................................................................................11
3.2 Legal affairs.......................................................................................................................11
3.2.1 Formalise contractual relations and comply with the legislation in every country....................... 11
3.2.2 Terms and conditions .................................................................................................................. 12
3.2.3 Site exit pop-up ........................................................................................................................... 12
3.2.4 Copyright and intellectual property rights.................................................................................... 13
3.3 Regulatory Affairs.............................................................................................................13
3.3.1 General principles ....................................................................................................................... 13
3.3.2 Transparency .............................................................................................................................. 14
3.3.3 Access to the site ........................................................................................................................ 14
3.3.4 Specific questions related to the type of information .................................................................. 14
3.4 Communication.................................................................................................................16
3.4.1 Graphic charter............................................................................................................................ 16
3.4.2 Content management.................................................................................................................. 17
3.5 IS security..........................................................................................................................17
3.5.1 Hosting facilities .......................................................................................................................... 17
3.5.2 Applications ................................................................................................................................. 18
3.5.3 Sending information .................................................................................................................... 18
3.6 Accessibility......................................................................................................................19
4. Appendices .................................................................. 20
Glossary ................................................................................................................................................... 20
The e-PSF................................................................................................................................................ 21
The e-PAF................................................................................................................................................ 23
DN registration request form.................................................................................................................... 27
DN pointing request form ......................................................................................................................... 28
Check-list for contracts ............................................................................................................................ 29
The consent request email for links ......................................................................................................... 32
Site exit pop-up ........................................................................................................................................ 33
Example of terms and conditions............................................................................................................. 35
The Contact Us page ............................................................................................................................... 40
The graphic charter applicable to all sanofi-aventis product and/or theme sites..................................... 42
4
Internet Rules 2.1 – July 2010
5. 1. Scope
Version 2.1 of the Internet rules covers Internet projects intended for external targets (outside
sanofi-aventis).
An Internet project can be a web site, of course, but can also be an e-crf system, an e-purchasing system
involving suppliers, an e-recruitment system, etc.
External targets can be customers, patients, doctors, health authorities, payers, shareholders, suppliers,
partners (patients’ associations, universities, hospitals, etc.), job applicants, etc.
The Group’s Internet rules 2.1 apply to:
Internet projects that sanofi-aventis owns and is solely responsible for
Internet projects that sanofi-aventis sponsors (partnership with a site owned by a third
party)
So any site, although it uses Internet technologies and is accessible on the Internet, that only concerns
sanofi-aventis employees is not covered by these rules. For example, web sites for sales forces are not
within the scope of the Internet rules 2.1.
Web 2.0 initiatives (using social networking for example) are covered
in a document supplementing the Internet rules: the Web 2.0 Guide.
Please refer to it (downloadable on the intranet).
Projects that sanofi-aventis sponsors are covered in an ancillary
document to the Internet rules: Internet partnerships. Please refer to it
if your project comes under this heading.
5
Internet Rules 2.1 – July 2010
6. 2. The validation procedure
IDEA PROJECT DEVELOPMENT LAUNCHING / RUNNING
STAGE 1 STAGE 2
Registering the Domain name Validating the project
Domain Name Registration Form e-Project Assessment Form
or Web 2.0 Checklist (depending
on the project)
OPTIONAL: project monitoring
Activating the domain name
e- Project Study Form
Domain Name Pointing Form
All forms mentioned in this section are given in the appendix and are
available on the intranet at http://internet.sanofi-aventis.com
2.1 PHASE 1: THE SITE PROJECT
Registering the domain name and presenting the Internet project
a) How do I register my domain name?
When you begin an Internet project, and once you have chosen your project’s domain name(s), send your
request to the e-mail address DN-Domain-names-management@sanofi-aventis.com, using the “DN
Registration Form” (see appendix).
The management of all sanofi-aventis domain names is based on the following principles:
Centralised administrative registration of domain names
Centralised technical management of domain names (on sanofi-aventis DNS
servers)
6
Internet Rules 2.1 – July 2010
7. b) Who do I present my project to, when and how?
AT LOCAL LEVEL
Firstly, your project must have been validated at local level (Internet website or web 2.0 project).
The following steps are absolutely necessary in the strategic validation of your project and must be
respected before the presentation of your project at global level:
1- Know the global digital strategy
2- Define your website and project objectives
a. Why and how a website is the right tool to achieve your objectives?
b. What are the objectives of the website itself?
3- Define how your website is innovative in comparison with existing tools
4- Define your audience targeted
a. Profile (from general public to Healthcare Specialists)
b. Characteristics
c. Geographical localization
5- Define your messages and publishing frequency
a. Contents, services and functionalities
b. Customer loyalty and added-value services enhancement
Think as if you were in visitor’s shoes!
6- Include medical, regulatory, legal and IT local correspondents the soonest, in order to get
their validation at the very beginning of the project
7- Define how the website will be promoted (set up a promotion plan)
8- Define the success and profitability indicators (ROI)
a. Website frequentation
b. Visitor’s behaviour on the website
c. Impact of the website in terms of product notoriety, image or sales
9- Manage the lifecycle of your website
a. Updates frequency (mandatory to maintain your website attractive)
b. Contents creation
c. Allocated resources (for updates, promotion…)
AT GLOBAL LEVEL
In parallel, you must inform the Internet coordination team that you are initiating an Internet project, before
starting the building of the website.
To do so, please be sure to complete correctly the section “project description” in the domain name
registration form.
If you want, you can get the support of the Internet coordination team when undertaking your
project. To get their help, send an e-PSF (e-Project Study Form in the appendix or available on the
7
Internet Rules 2.1 – July 2010
8. intranet) to Internet-Committee@sanofi-aventis.com. You will have the benefit of regular support, and
can ask the team for advice while running your Internet project.
The E-PSF stage is optional.
2.2 PHASE 2: BUILDING THE SITE
Validation of the Internet project with the Internet Validation Committee
a) When does this phase take place?
This second phase takes place when the Internet project has been developed, and is ready to go on line.
The site should be completed, installed on its permanent hosting platform, and not accessible to web
users (protected by HT Access).
b) What is the Internet Validation Committee and what does it do?
The Internet Validation Committee validates all Internet projects before or after they go on line, according
to the procedure set in the Internet rules.
It is a multi-disciplinary body, tasked with setting and ensuring application of the Group Internet rules in
sanofi-aventis. Local validations of the project remain primordial, and the IVC does not substitute for the
local validation process (in terms of medical and regulatory contents validation for example).
It consists of global representatives from the following sectors:
Corporate Communication Thierry Le Magny, Géraldine Gorgol
Legal Affairs Isabelle Cadiau, Anne-Sophie Nibert
Medical and Regulatory Affairs Cécile Gousset, Françoise Rey, Sylvie Pujol, Peggy
(Promotional Material Excellence team) Dolin-Brunel
Information System Security Jérôme Lahalle, Olivier Fourmaux
Accessibility Tanguy Lohéac
Marketing Céline Degand
Information System Technologies Dominique Lacan
Coordination Caroline Debuire, Frédéric Dimur
It meets fortnightly on a Friday morning. A schedule of meetings is available on the intranet at
http://internet.sanofi-aventis.com
c) The traditional validation procedure
To have your Internet project validated by the Internet Committee, you should send an e-PAF (e-Project
Assessment Form in the appendix or available on the intranet) to Internet-Committee@sanofi-
aventis.com at the latest by the Tuesday before the Internet Validation Committee meeting.
8
Internet Rules 2.1 – July 2010
9. At the end of the assessment, which takes up to two working days, the Internet Validation Committee
gives an answer to the person in charge of the web site, who may be asked to make changes before the
site goes on line, if it does not comply with the Internet rules 2.1.
Exception: the emergency validation procedure (Fast-Track process)
Sometimes the dates of the Internet Validation Committee meeting may not fit in with the date scheduled
for your web site to go on line.
If and only if the site launch date is linked to a major event (such as a product launch, marketing
authorisation announcement, crisis on a product, international congress, etc.) an exceptional review
between two meetings of the Internet Committee can be arranged.
d) The Ad Hoc procedure assigned per subsidiary
Depending on the number of sites already validated by the Internet Committee, and especially
depending on the degree of compliance of sites previously presented, some teams/subsidiaries have
acquired certain expertise in the Internet rules.
It is possible to set up a simpler procedure, to speed up reviews by the Internet Committee. Each case will
be looked at individually, and depending on the conclusions of the analysis by the Committee with the
team/subsidiary concerned, a Ad Hoc procedure may be implemented, which may even include the
possibility of accepting sites after they go on line if necessary. In which case, the domain name will be
pointed before validation.
Nonetheless, if there are repeated breaches of the Internet rules reported during the use of the Ad Hoc
stage, the subsidiary will be required to go back to the traditional procedure.
2.3 PHASE 3: LAUNCHING THE SITE
Putting your Internet project on line
a) How is the web site activated?
Once the site has been validated by the Internet Validation Committee and any changes requested have
been made, the Internet project can then be put on line.
To do so, the domain name should be pointed to your web site’s IP address.
To request pointing, the pointing request form “DN Pointing Form” (see appendix) should be completely
filled in and sent to the address DN-Domain-names-management@sanofi-aventis.com.
The domain name pointing will be confirmed in the days following the request.
b) What happens once the site is launched?
The project manager is responsible for the site and in particular must ensure compliance with the Internet
rules 2.1 throughout the life of the site. If necessary, he/she must ask the Committee if there is a question
or problem.
In addition, every web site may be checked to ensure it complies with the Internet rules.
9
Internet Rules 2.1 – July 2010
10. Where applicable, a summary of any requests for changes will be sent to the person in charge of the site.
Lastly, if major changes are made to the Internet project (such as a change of positioning of a site, new
design, new service, new web 2.0 tool, etc.), they must be reported to the Internet Validation Committee.
c) What should I do if a site is on-line but has not been validated?
There are two possibilities:
The site has never been reviewed by the Internet Committee, and has been on-line for a long
time
This can be the case for example with sites on the Internet before the Internet rules were published, or
web sites from mergers or acquisitions.
Every site owner concerned must send an e-PAF to the Internet Validation Committee at the following
address Internet-committee@sanofi-aventis.com.
The site will then be assessed by the Committee and an assessment report will be sent to the person
responsible for the site, detailing any changes to be made.
The site has been reviewed by the Internet Committee, or has been put on-line without
making the requested changes
The Internet Validation Committee may decide to close a site put on-line without the Committee’s
authorisation, notified by e-mail to the person in charge of the site.
It must be closed as soon as possible after notification is sent:
1 Either by the project manager, by any means available (e.g. HT Access, redirection)
2 Or by disabling the domain name pointing if necessary.
10
Internet Rules 2.1 – July 2010
11. 3. Validation components
These mandatory components determine whether or not a web site is validated.
The components concern six separate fields: domain names, legal affairs, regulatory affairs,
communication, computer security and accessibility.
3.1 Domain names
All domain names should:
comply with the sanofi-aventis naming policy
be bought directly by sanofi-aventis and not by a any third party
be hosted on sanofi-aventis DNS servers
Any pointing enabling a site to be put on-line is done by sanofi-aventis in-house staff, and can be done in
only two cases:
either before the site is put on-line, provided that an HT Access is set up
or after approval by the Internet Committee
Important information:
For legal liability reasons, when sanofi-aventis partners or sponsors a site, the domain name must not be
registered by sanofi-aventis.
Registration and pointing forms for domain names are available in the
appendix.
All DN requests should be sent to the following e-mail address:
DN-Domain-names-management@sanofi-aventis.com
3.2 Legal affairs
3.2.1 Formalise contractual relations and comply with the legislation
in every country
You should have the following points validated by your Legal Department:
Validation and verification of contractual relations (see checklist in the appendix):
Web site design agreement
Maintenance agreement
11
Internet Rules 2.1 – July 2010
12. Internet access and hosting agreement
Site promotion related agreements
Partnership agreement
Checking the legislation applicable in each country:
National and international legal provisions: the laws in each country, as well as
international agreements (such as Community law for the EU), should be taken into account
Recommendations, codes of conduct and practices on the Internet: personal data
should be collected and processed in accordance with the specific laws in each country.
Current regulations: check that information given on the site is aimed at the right
audience (patients/doctors), is not unlawful and does not create offence; does not mention third
parties’ products or services; information should not defame or denigrate; it should respect
customs and practices in countries where it is disclosed.
So it is essential, before going on-line and even before the e-PAF is sent to the Internet Validation
Committee, for you to check with your legal department that the web site complies with all the
requirements that apply to it.
3.2.2 Terms and conditions
Terms and conditions should be shown on all Group sites.
The terms and conditions should be tailored to take account of legislation in the country concerned and
should also cover legal information, limitation of liability, a statement relative to privacy and the
protection of intellectual property rights (e.g. copyright), the publisher of the site, and the name
of the Head of publication.
Legal information on privacy and the processing of personal data should also be provided.
This information should be easy to consult from all pages on the site.
An example of terms and conditions is available in the appendix. We strongly recommend that you
use it and have it checked by your legal department.
3.2.3 Site exit pop-up
It is recommended that the limitation of liability clause be displayed on entering and leaving
the site, especially for hyperlinks to third party web sites. Examples of site exit pop-ups are
available in the appendix.
Any link to an external partner’s site should not be installed without the prior agreement of the third
party and sanofi-aventis.
The terms and conditions and site exit pop-up should be validated by your legal department.
12
Internet Rules 2.1 – July 2010
13. 3.2.4 Copyright and intellectual property rights
Sanofi-aventis should hold the intellectual property rights on content used on sites (including text,
photos, videos, animations and logos).
A copyright symbol should be inserted with the name of the company owning the site and the
date at the bottom of every page of the site.
Examples available in the appendix: checklist for agreements/
contracts, letter requesting consent for links to third party sites, site
exit pop-ups, terms and conditions.
All requests to legal affairs should be sent to:
isabelle.cadiau@sanofi-aventis.com
3.3 Regulatory Affairs
3.3.1. General principles
The website must imperatively be validated by the structure in charge of the project (affiliate,
region or global) before being sent to the Internet Validation Committee. The regulatory and
medical representatives of the structure are responsible for the contents validation.
These principles are the minimal standards that everyone in the Group should meet worldwide.
They do not cancel or replace stricter local regulations.
Information specific to a given country should comply with local rules.
Promotional information (full page or banner advertising) and medical information given on web
sites should be validated, in compliance with the process of promotional document validation, well
before it is put on-line on web sites and then after it is put on-line whenever any promotional
information is changed.
Remember that information on the Internet is subject to the same rules and regulations on
medical information as it is in all other media.
13
Internet Rules 2.1 – July 2010
14. 3.3.2 Transparency
The identity of the Group should be clearly stated on the first page as well as the nature of the
partnership if there is one (cooperation or simple financial support, educational grant).
The target audience should be clearly identified (country of residence, general public, health
professional, shareholder or journalist) and clearly specified on the site (in general at the top of the
site page).
The content should be suited to the target audience and the purpose of the site should be clearly
stated.
Links should be appropriate and clearly highlighted for the target audience with site exit pop-ups.
Examples of pop-ups are available in the appendix.
if the site belongs to sanofi-aventis and complies with the same rules and regulations (same
country), there is no need to add the pop-up;
if the external site belongs to sanofi-aventis and complies with different rules and
regulations (different countries), a pop-up should be added stating that the web site cannot
comply with regulatory criteria that apply to the audience in question;
if the external site does not belong to sanofi-aventis, it is necessary to add a pop-up
warning users that they are leaving the sanofi-aventis web site;
if a page provides several links, a clearly visible message at the top of the page can replace
the pop-up. This solution applies if it complies with local regulations.
The sources of any information given on the site and its date of publication should be stated on the
site.
The date of the last update of the various information given should be stated on every page and be
specific to each item of the content.
3.3.3 Access to the site
Site open to the general public: information on prescription products (excluding the US) should
not be put on-line.
Information for health professionals: a password is required to access this page, or a clause
limiting access in the form of a pop-up with confirmation click, in accordance with local regulations.
Information for patients given a prescription medicine: proof of prescription should be provided
or access should be granted by the prescribing doctor.
3.3.4 Specific questions related to the type of information
Product information: depending on the target audience, the Patient Information sheet / the
Summary of Product Characteristics or any other official Product Information required by the local
authorities should be easily accessible by means of a clear, easy-access link.
14
Internet Rules 2.1 – July 2010
15. General information on health: free. Web sites that provide information on health should always
advise web users to consult a health professional for any further information. Drugs can be alluded
to provided that they are presented in an exhaustive and objective way. Generally, only therapeutic
classes are mentioned; if the law allows, the international non-proprietary name (INN) should be
preferred to the brand name. If brand names are used, they should be accompanied by the INN, for
reasons of clarity.
Public information on clinical trials: the sanofi-aventis Group is committed to transparency
on clinical trials: information on clinical trials in progress and the results of clinical research can be
accessed by the public firstly through records of clinical trials, and secondly on databases of clinical
trial results. Sanofi-aventis has chosen to save its clinical trials to the www.clinicaltrials.gov web site
and publishes the results of its clinical trials on the www.clinicalstudyresults.org web site. Useful
link:
http://www.sanofi-aventis.com/recherche_innovation/dev_clinique/engagements/engagements.asp
Clinical trial results: this information should be validated by the Communication Department.
Clinical trials in progress: secure site that can only be accessed by health professionals who are
directly taking part in the trials. The decision to deploy this type of network should be validated by
the department managing the trial (International Clinical Development or Global Medical Affairs
and/or the Global Marketing Clinical Operations).
Price list: possible at country level if validated. Information should be limited to the product name,
its INN, presentation and price. Information should be dated.
Bibliography or database of publications: it should be as complete as possible, up-to-date and
not restricted to articles favourable to our products. The search and selection criteria should be
clearly specified.
Photographs: authorisation to use and pay for copyright should be obtained. Credits (name of the
photographer/agency) should be stated.
Interactive sessions (forums, webinars): refer to the web 2.0 document. Sessions should only
be on a precise date for a predefined audience, and access should be by password.
Contact page: Direct access to e-mail addresses or direct reference via “mail to” should be
avoided. There should be a contact form that includes required fields (name, address, profession
and electronic address) and a general statement advising members of the public against reporting
undesirable effects or other drug monitoring events to this address. An example is available in the
appendix.
The mail box should be checked every day and reports of undesirable events should be sent to the
drug monitoring department of the subsidiary concerned
Examples available in the appendix: contact form and site exit pop-up.
15
Internet Rules 2.1 – July 2010
16. For further information, refer to:
The FIIM’s Code of marketing practices for pharmaceuticals
The sanofi-aventis Principles of good promotion practices
Intranet
The Promotional Material Excellence intranet
Contact
Promotional-Material-Excellence-Team@sanofi-aventis.com
3.4 Communication
Three types of web site are identified:
Group and Subsidiaries’ Corporate Communication
Corporate sites: sanofi-aventis.com, sanofi-aventis.tv and sanofipasteur.com.
Subsidiaries’ sites: sanofi-aventis.us, sanofi-aventis.de, etc.
Internet initiatives
Product, pathology, environment and social media sites
Partnerships with third parties
Information provided by sanofi-aventis and spokespersons on the Internet should comply with the
basic principles of respect for the Group’s identity, image and values. Every web site should
comply with the graphic charter and content management principles.
3.4.1 Graphic charter
Every web site should comply with the Corporate Identity Guideline, as specified by the
Communication Department:
The Group’s symbols, colours and logos should be used in compliance with the Group graphic
charter.
The Group logo block consists of the “sanofi-aventis” logo and the “Because health matters”
signature. These two parts are indissociable.
The Group logo should appear on all pages (home page and inside pages) of all Group web sites.
The Corporate Identity Guidelines and especially rules concerning Internet electronic
communication are available at IS@: Communication / Guidelines and Graphic Identity (the model
is also available in the appendix to this document).
When a web site is built in partnership with another company, a special graphic charter may be
needed, in which case the Group Communication Department should be consulted. At the very
least, the Group logo should appear on all pages on the site.
16
Internet Rules 2.1 – July 2010
17. The graphic charter to be used for web sites is given in the appendix
(example of a site).
3.4.2 Content management
The content of web sites calls for special attention because it represents the image of the Group
and should always accord with Group values:
Information on the Group should only be provided on the sanofi-aventis.com, sanofi-aventis.tv
and sanofipasteur.com Group web sites. Local information provided by subsidiaries should be
based on the example of the Group web site.
People in charge of content management should be identified. They are responsible for the content
and for updating it. A “contact” or “webmaster” link should also be provided on all Group web sites.
Mail boxes should be checked every day.
Rights to use multimedia components (photos, videos, podcasts, etc.) on the Internet should be
acquired before they are used on the web site.
If there are hyperlinks to external web sites on the site, they should not have any negative impact
on the image of the Group.
Any questions should be sent to the following e-mail address:
geraldine.gorgol@sanofi-aventis.com
3.5 IS security
The design of applications on the Internet, a truly public network, opens the way to many risks that must
be guarded against. To reduce risk and ensure that sanofi-aventis Internet applications are only
used for the purposes they were designed for, the following security measures should be
implemented.
3.5.1 Hosting facilities
Include security clauses in hosting agreements (see checklist contract in the appendix).
Ensure that servers are exclusively dedicated to sanofi-aventis. Sharing servers with other
companies is not allowed.
Make sure that computer facilities are adequately secure and most particularly in terms of backup
power supply, air conditioning and fire protection.
A procedure should be in place to authorise access to computer facilities and authorisations issued
should be reassessed from time to time.
17
Internet Rules 2.1 – July 2010
18. If the hoster is a third party, the document entitled Computer Facility Check List Standard (DSSI-
STDT-014-EN) should be used to confirm the standard of security provided.
Check that security rules are in place in the administration of servers (password system policy,
updating process, patch management, firewall, etc.)
The checklist for contracts is available in the appendix and a paragraph
deals specifically with computer security clauses.
3.5.2 Applications
If there is authentication, ensure that passwords are kept numerically and that they comply with the
Password Policy in terms of complexity (see Password Policy - DSSI-PLMO-006-FR).
Ensure that developments comply with the secure development rules (see Secure Application
Development Policy (DSSI-PLMO-010-FR).
For sensitive web applications, such as e-business sites or ones with patient data (for example for
clinical research), the following additional measures should be implemented:
An intrusion test should be run and any vulnerabilities found should be corrected before the
application is used.
Personal data about patients should be kept in numerical form (especially in backups).
Do not hesitate to ask your IS security manager or the DSSI to help on sensitive projects.
3.5.3 Sending information
Users should be authenticated and personal information should be sent on the Internet by means of a
digital protocol (SSL protocol) so that data are kept confidential.
Any questions should be sent to the following e-mail address:
jerome.lahalle@sanofi-aventis.com
For further information and technical support, refer to the intranet
http://issecurity.sanofi-aventis.com
18
Internet Rules 2.1 – July 2010
19. Useful documents referred to in this paragraph (active links):
Policy on the use of passwords (DSSI-PLMO-006-FR)
Digital authentication (DSSI-PLMO-002-FR)
Secured Application Development (DSSI-PLMO-010-FR)
Computer Facility Check List Standards (DSSI-STDT-014-EN)
3.6 Accessibility
It is our duty as a health business to provide an access as wide as possible to information, and especially
for the disabled. The Group has thus decided to implement concrete actions to promote accessible
information media. This initiative by the Group applies to all types of information: conferences,
symposiums, text and multimedia publications and in particular web sites.
Consequently, sanofi-aventis has made the following arrangements:
Every sanofi-aventis web site should be accessible to the disabled.
The W3C-WAI wcag 2.0 international accessibility standards (http://www.w3.org/TR/WCAG20/) are
the accessibility standards
Double A standard: for Group corporate information sites
Single A standard: for all other Group web sites.
In general, it should be noted that the accessibility criteria should be taken into account as early as
possible in the project process.
Likewise, it is perfectly possible to design web sites that are fully accessible, without adversely affecting
visual quality or attractive or innovative graphic aspects.
For detailed information on implementing these recommendations, take a look at
our intranet site on accessibility: http://accessibilite.sanofi-aventis.com.
You can also contact Tanguy Lohéac, accessibility expert:
tanguy.loheac@sanofi-aventis.com
19
Internet Rules 2.1 – July 2010
20. 4. Appendices
Glossary
Term Definition
Domain name Name of a web site in the present case of the sanofi-aventis Internet policy. For
example: sanofi-aventis.com, sanofiaventis.com and sanofi-avantis.com are three
different domain names that all lead to the same web site: www.sanofi-aventis.com
CCtld Country Coded Top Level Domain: country extension of a domain name. For
example: sanofi-aventis.fr, sanofi-aventis.us.
Gtld Generic Top Level Domain: generic extension of a domain name.
For example: sanofi-aventis.com, .net, .org
e-PSF E-Project Study Form: form used for assessing a project before it is built. It is used
for checking that the project is in line with the Internet policy before the site is
developed in any way.
e-PAF E-Project Assessment Form: form describing the features of the site as regards the
Internet policy requirements. It is used for assessing the web site when it is
submitted to the Internet Validation Committee.
HT Access Protection system that temporarily restricts access to a site by access codes. In
general, its use is recommended to protect the site before it goes on-line.
SSL V3 128 bit Encryption standard used for sending secure data on the web, for on-line
transactions, collecting information from users and data exchange. Results in the
address htpps://
For example: to be used for contact forms, registrations on an extranet by login
and password.
HTTPS Communication protocol used to access a secure web server. If HTTPS is given in
the URL instead of the usual HTTP, the message will be sent to a secure input port
on the server. Dialogue between web browser and server will then be managed
with security restrictions. In particular, data exchanges will be encrypted and the
web user will generally be identified.
Staging Site validation environment. The site is on the Internet or on a non-Internet server
and can only be viewed by people in charge of validating the site.
20
Internet Rules 2.1 – July 2010
21. The e-PSF
e-Project Study Form (e-PSF)
If you want, you can provide a mock-up of the web site (PDF for the design) and an English translation of the
Home Page and site map.
► Project Overview
Project Name Country/Dept
Project Leader(s) Launch date
Project Objective(s) (What will the project achieve?)
Project Description (How objectives will be achieved, how the project relates to other activities, etc.)
Target Audience (Detail characteristics, audience size, expected number, frequency of contacts, etc.)
Local Global Both Public: at large Patients Family
Healthcare professionals: Practice (or mix):
General practitioners Specialists Private consulting-room Hospital
Pharmacists Paramedical Non-medical environment
Opinion formers All
Other
► Project Description
Domain name
Did you contact the central team at DN-Domain-names-management@sanofi-aventis.com to register your domain
name?
What will the final domain name of the web site be?
If there are several domain names, please list them:
Is the web site a partnership?
Key aspects of daily management of the site
Site Accessibility Open access Controlled access Open with restricted areas
Site management shared with Corporate/affiliates Another laboratory Others:
Mailbox management Internal External
The Project’s main functionalities / Services (Detail only the most important services offered to visitors)
Access to information Forum / Blog
Community of interest Online education
E-business Online Contact Form
Main Content / Information (Primary content sources and messages to be conveyed)
Company Information Pathology
Product Clinical trials
Other:
Technical Requirements
21
Internet Rules 2.1 – July 2010
22. HT Access on development environment
SSL V3 128 bit (https)
Other:
Web 2.0 (please specify the use of Facebook, YouTube, Twitter, etc.)
Constraints (internal and external deadlines, commitments, events, regulatory issues, etc.)
► Key Project Indicators
Internal Resources (people, materials required during project management and online management of the site)
Costs For External Providers
BUDGET and Services provided:
K€ / year (company name, town, country)
Initial Development External Internal
Content provision External Internal
Updating online content. External Internal
Site technical maintenance External Internal
Site hosting External Internal
Use of mobile tools (PDA) External Internal
Statistics (specify software) External Internal
Site promotion External Internal
Search engine ranking External Internal
Other partners (e.g. webcast):
Project Development timetable (Key milestones and timetable)
Site life (years) Site developments if planned (e.g. new targets or content)
Project Performance Indicators (Return on Investment or other measurements, key success factors)
Expected number of visitors (monthly) Expected Frequency (monthly):
Frequency of content updates (yearly)
22
Internet Rules 2.1 – July 2010
23. The e-PAF
e-Project Assessment Form (ePAF)
Please remember prior local validation is mandatory before IVC review
► Project Description
Project Name Country
Objective(s)
Audience Targeted
Project Description
Main Editorial
components
Expected Benefits
Budget (€uros)
Targeted Launch date Day / Month / Year
► Access
Website test version URL
Login: Password:
Website final URL
Login: Password:
If not in English, please provide attached the English version of the Home Page, site map
and legal notice.
► Project Team
Project Team
Name Position e-mail
Project sponsor
Project Team Leader
Project Team Members
Service Providers Contacts
Contact Name Company Name e-mail Telephone
Site creation
Site maintenance
Site Hosting
Content providing
Website Management
Contact (first, last name) e-mail Telephone
Webmaster
Publishing manager
23
Internet Rules 2.1 – July 2010
24. ► Domain name Yes No N/A
Did you contact the central team to register your domain name? (at DN-
Domain-names-management@sanofi-aventis.com)
Is your website a partnership (with a laboratory, patient association,
scientific board…)?
► Legal Affairs Yes No N/A
What is the name and function of the legal contact who validated the project is compliant with local
legislation?
Name Function email
Contracts
Have the necessary contracts been done with your suppliers (site creation,
maintenance, hosting, and promotion)?
Are there any other services provided by third parties in connection with the
site?
Please precise the service: Is there a contract?
Applicable Laws, Legal and Privacy notices
Have you checked that your site comply with the applicable legislation in
your country including any official requirements?
Do you comply with the relevant regulations in connection with personal data
protection?
Have you posted a legal notice on the site (including a privacy statement)
mentioning the mandatory points detailed in the Internet Rules (applicable
law, site editor …) (cf. paragraph 3.2.2 of the Internet Rules)?
External links
Do you respect the relevant rules concerning external links:
Third-parties consent
Warning pop-up
First click responsibility
Intellectual Property Rights and Copyright
Do you have the necessary intellectual property rights and/or copyright to
use the content of the site (text, images, photos, videos…)?
Did you mention credits for photographs and videos?
Have you put a copyright on your website?
► Regulatory Affairs Yes No N/A
What are the names and functions of the medical and regulatory contacts who validated the project
is in line with local regulations?
Names Functions emails
Transparency
Can a visitor identify the sponsor of the site?
How and where?
Can a visitor identify the target audience (country and type of audience)?
How and where?
Did you validate the content of the site according to the medico-regulatory
requirements of the country of the targeted audience?
Do you have links to other websites?
Did you add pop up window leading to outside links?
How often have you planned to check the links?
Is the page content dated?
24
Internet Rules 2.1 – July 2010
25. Site Access (depending on the type of information and target)
Do you provide product information to the general public?
Is information on prescription-only medicines password-restricted?
Is up-to-date Patient Information Leaflet readily available to the visitors?
Do you provide product Information to health professionals?
Is the site restricted only to health professionals?
Is up-to-date Prescribing Information readily available to the visitors?
Do you provide product information to the patients?
Is the site password restricted to patients only?
Is up-to-date Patient Information Leaflet readily available to the visitors?
How does the patient get access to the site? (DTC, password provided by
HCP, etc)
Information on products
Do you mention specific products?
Do you provide advice on alternatives to treatment?
Do you advise visitors to consult a healthcare professional for further
information
Information on clinical trials
Does this site provide information on international clinical trials?
Does information comply with information provided by Global
Communication?
Price list
Do you provide a price list on the site?
Was the price list approved by the appropriate person?
Is it limited to price information only (do not include indication, efficacy or
safety/tolerance concerns) ?
Bibliography
Is it complete and objective (including either favourable or possibly
unfavourable articles)?
Where are the selection criteria described?
Interactive tool (please report to the web 2.0 guide)
Is it clearly stated that interactive sessions are sponsored by sanofi-aventis?
Is the access password restricted?
MailBox / Contact Form
Is the information about the Email sender requested by compulsory fields?
Did you add an appropriate disclaimer to encourage visitors to reports
adverse events according to local process in force?
Have you identified internally the network in charge of answering questions?
Is there an appropriate organisation to check the mailbox (at least once a
day) and transfer mail to the appropriate department?
► Corporate Communication Yes No N/A
What is the name and function of the communication contact who validated the project?
Name Function email
25
Internet Rules 2.1 – July 2010
26. Compliance with the corporate identity
Did you use the graphics template for Internet communication (Corporate
Guidelines and Identity – Electronic communication) (cf. paragraph 3.4.1 of
the Internet Rules)?
Does the logo link to sanofi-aventis web site (link to the local affiliate module
or to the Corporate web site when no local module)?
Content Management
Are the contents of the web site in line with the Group’s values?
Have you ensured that proposed links to external web sites, posted in the
site, do not harm the Group’s image?
Have you set up an organisation for the monitoring of the web site content?
If photos/videos have been posted in the website, have you checked that
they do not harm the Group’s image?
► IS Security Yes No N/A
What is the name and function of the IS contact who validated the project?
Name Function email
Has the provider agreed to the three security clauses in the contract
(paragraph 3.5.1 of the Internet Rules)?
If there is an authentication or transmission of Personal Identifiable
Information on the Web site, is SSL used to protect users’ credentials or
data?
Is the web server dedicated to sanofi-aventis?
Have the providers been audited by IS Security?
Has intrusion testing been done on the application?
► Accessibility Yes No N/A
What is the name and function of the technical contact who validated the project is accessible?
Name Function email
Did you take into account accessibility requirements when building your
website (paragraph 3.6 of the Internet Rules)?
Did you test if your website is accessible?
26
Internet Rules 2.1 – July 2010
27. DN registration request form
Domain Name Registration Form
to be sent to nathalie.marcy@sanofi-aventis.com
and DN-domain-names-management@sanofi-aventis.com
► Information about the requestor
Name Request Date
email Telephone
Country Department
► Domain name registration
Domain Name(s) Is the DN a Any website for
(please, use lowercase characters and no blank before and after the DN) Trade Mark ™? this DN?
Yes No Yes No
Yes No Yes No
Yes No Yes No
Yes No Yes No
Yes No Yes No
Yes No Yes No
► Website Description: if a website project is planned with the domain name(s)
Website Description and objectives
Website main functionalities and services Estimated Launch date
Day / Month / Year
Is SSL V3 128 bit (https) needed on the website? Yes No
Type of information
General information Product Information Online education clinical trials
Interactive session: forum, blog, webinar, live Q/A… e-commerce
Targeted Audience (Define characteristics, audience size, expected number, frequency of contacts, etc.)
Geographic: Local Global Both
Public : at large Families Patients with a prescription of the product
Healthcare professionals: General practitioners or specialists Pharmacists Paramedical
Opinion leaders Others
Web 2.0 (please mention the use of Facebook, Youtube, Twitter,… for your project.)
27
Internet Rules 2.1 – July 2010
28. DN pointing request form
Pointing / domain name redirection request form
(Use the Tab key to move from box to box)
Applicant’s name: Telephone:
E-mail:
Fax:
Applicant department: Country: Date of request:
Pointing/redirection date:
Domain name IP address if pointing Domain name if MX address:
redirection Name servers AND
(Use lower case without spaces before IP address
and after the domain name)
E.g.:
www.mydomain.org 125.25.33.12 Ns1.dn.ec
mydomain.org 125.25.33.12 256.255.33.10
www.mydomain .com www.mydomain.org
___________________________ __________________ _____________________ _________________
Comments:
28
Internet Rules 2.1 – July 2010
29. Check-list for contracts
This summary is only indicative to recap on the major clauses in agreements. It is not in any way complete
and should clearly be adapted in each country in accordance with the legislation applicable.
Site design contract:
The contract should cover all stages of the site design, from the audit of needs through to overall quality
control on going live.
It is essential that a site can be run entirely independently, and that the service provider involved in
creating it does not claim ownership of it.
A web site includes creations that are or can be protected as intellectual property. These rights, detailed in
the contract, will be transferred to sanofi-aventis by the service provider on completion of the project. The
list of rights to be transferred is given below in the intellectual property clause.
In addition, guarantees should be provided in the contract to cover us in the event of content in breach of
the law or unfair competition.
Accessibility clause: every site design contract should include a clause covering accessibility.
This is because all new web sites should be accessible to the disabled. So that the site
complies, it is necessary to specify at least compliance with the “silver” level quality standard.
This standard consists of a set of criteria on the content and structure of web pages.
Intellectual property clause: the purpose of this clause is to ensure that all intellectual property
rights are transferred, either by acquisition or by concession (the period and territory should be
specified). This clause should detail all rights that are expressly transferred, because everything
not expressly transferred remains with the owner, such as:
o Right to reproduce or have reproduced,
o Right to disclose, dispose and transfer,
o Right to represent or have represented,
o Right to adapt, alter and translate.
o Right to copy, represent and incorporate, in full or in part, with or without a change
of interface,
o Right to publish, either directly or indirectly, by any electronic means or by
telecommunication, on any existing or future medium, on-line or off-line
o Rights specific to the producer of databases.
o Right to correct and develop. Likewise for design documents.
The media concerned should also be listed, for example such as the Internet or any other present
or future medium.
The cost of transferring all rights should be included in the overall price of service.
Dispossession guarantee clause: this clause covers the service provider’s intellectual property
rights. It guarantees that all intellectual property rights that it owns have been duly acquired
and that they are not in breach and/or are not obtained by unfair competition or pirating. In the
event of an action for breach, the service provider undertakes to guarantee us untroubled
enjoyment of the result of its service by paying all charges or costs due to any legal action and
undertakes to find a replacement solution for sanofi-aventis.
Maintenance contract:
The maintenance contract covers the various components of the site for which you must own intellectual
property rights enabling you to make corrections and changes to the site.
Clause on definitions: Technical definitions in the contract should be clear and universally
understandable. In particular, the term “fault” should be clearly defined, with different
graduations (major fault / minor fault), which will subsequently enable the service provider’s
work to be governed.
Clause on maintenance content: this clause should be carefully scrutinised, to detail what
services the service provider is committed to providing, namely developmental, corrective,
29
Internet Rules 2.1 – July 2010
30. curative and preventive maintenance. Attention should be paid to what the service provider
excludes.
Response time clause: check that the response time is clearly stated in accordance with the
level of criticality of the fault. Also check its starting point, which most often is when the fault
is reported to the service provider.
Clause on penalty for delay: the purpose of this clause is to encourage the service provider
to meet the standards of service or deadlines that the service provider is committed to. It will
have the effect of obliging the service provider to pay a certain sum of money in the case of
late performance or non performance of its undertakings. The starting point for penalties for
delay, the calculation basis and the length of time late should be precisely defined and
calculated to ensure that the amount is not derisory. It is preferable that penalties relate to a
precise undertaking rather than to all the host’s obligations.
Correction and work-around solution clause: this is the possibility for the service provider to
offer its customer a temporary work-around solution so that the customer can continue to
run the program. This solution should be temporary and the service provider must then
repair the program so that it runs as intended.
Hosting contract:
Relations with the site host should be covered by contract. It is essential first to draw up a pre-contract
specification for an audit of the service provider.
Host’s liability clause: particular attention should be paid to the limits of liability so as to be
covered in the event of damage in particular if the service provider hosts important sanofi-
aventis sites.
Clause on penalty for delay or penalty for non-compliance with service level undertakings:
see what was said for the maintenance contract.
Site availability clause: include a clause of this type so that users have access to the site,
taking into account hardware and software maintenance periods necessary for the service
provider. The access can be specified in the contract in the form of an availability rate.
Clause on personal data: a clause should be included where the host acknowledges that
personal data collected are confidential by nature. It should not under any circumstances
keep it, use it, disseminate or communicate it for its own purposes. This clause should be
revised in accordance with current local legislation.
Reversibility clause: this gives Sanofi-aventis the option of hosting the site in-house or of
having it hosted by a third party. This clause should specify a reversibility plan detailing in
advance essential points such as timing, costs, tasks and payment.
Security clauses (see §3.5): ask the host to commit on systems updates and enabling the
sanofi-aventis IS Security department to run regular vulnerability scans with a view to
checking that there are no known weaknesses. Lastly, there should be clauses allowing
sanofi-aventis to conduct security audits at the host:
Security upgrade clause
The service provider agrees to regularly upgrade and maintain the security of its networks, servers,
systems and applications, in compliance with the recommendations by software publishers and hardware
manufacturers supporting the service.
Security audit clause
The service provider agrees that security audits will be conducted on its networks, servers, systems,
applications and procedures, supporting the service, on request by sanofi-aventis, and undertakes to
implement recommendations that may be made as soon as possible.
30
Internet Rules 2.1 – July 2010
31. Clause on periodic vulnerability analysis
In the case of a service accessible on the Internet, the service provider agrees that vulnerability analyses
will automatically be conducted regularly on its systems and applications, supporting the service, and
undertakes to implement recommendations that may be made as quickly as possible.
Site promotion related contracts
The listing contract: it is necessary to ensure that no third party names are used for listing,
or there may be liability for breach.
The advertising space purchase contract: this type of transaction should also be covered by
an agreement with the advertiser or agency.
Similarly, any promotional activity with a third party should be governed by contract (e-
mailing, viral marketing campaign, launch via social networks, etc.)
Partnership contracts
Hyperlinks enabling one web page to be connected to another, either within the site, or
outside. Before creating a link with a site, it is first necessary to get the agreement of the
publisher of the other site.
Content is often exchanged or combined in “co-sponsoring” or “co-branding” form with a
section of the partner’s site. Content is identifiable as coming from the partner’s site. A link
enabling Internet users to go directly to that content
The affiliation contract which enables routing from partner or affiliated sites is also possible.
In general, it is necessary to pay attention in all agreements to the liability clause. In it, if a limit on liability
is set, it should cover damage attributable to the service provider in performing the contract.
As this list of clauses and contracts is only indicative, contracts should always be validated by the usual
legal experts, who may add to them if necessary in accordance with current local legislation.
31
Internet Rules 2.1 – July 2010
32. The consent request email for links
When a site belonging to sanofi-aventis offers Internet users a link to a third party site, a prior consent
letter should be sent to the administrator of the third party site.
The letter can be in the following form:
“Sanofi-aventis publishes and operates the (name of your web site) web site, which deals with
(description of your web site, general content, positioning, target).
We would like to provide a link to your web site (name of the third party web site). To do so, we need
your consent for the following:
- Conditions applicable to the link: (state the section hosting the link, simple link or link with
description of the pointed web site, use of the third party logo, update of the link)
- Period of validity of the link: (state the period)
- When Internet users click the link, a pop-up window appears to warn them that they are leaving
our web site and are being routed to yours (and also states that we are no longer responsible for
the information provided).
If you do not reply within two weeks, we shall assume that you agree with this pointing arrangement.
Please feel free to contact us if you have any questions or need further information about our web site or
this procedure.
32
Internet Rules 2.1 – July 2010
33. Site exit pop-up
The linked web site to belongs to sanofi-aventis and complies with the various rules and
regulations
Example for the United States:
33
Internet Rules 2.1 – July 2010
34. The linked web site does not belong to sanofi-aventis
Example of the Lantus web site in the United States:
34
Internet Rules 2.1 – July 2010
35. Example of terms and conditions
Terms mentioned in red should be replaced and adapted to your site.
Terms mentioned in grey are advisory, given for drafting your terms and conditions, and should be
deleted in the final version.
Terms and conditions should be validated by your local legal department.
This page describes the terms and conditions that apply to all Internet users visiting this
site. By consulting them you unconditionally undertake to comply with them. As terms and
conditions may be amended at any time, without prior notice, we advise you to consult them
regularly.
1. Intellectual property
This site belongs to and is operated by name of the sanofi-aventis subsidiary, (hereinafter
“sanofi-aventis”) belonging to the sanofi-aventis Group. The layout and each of the
components, including trademarks, logos and domain names, appearing on the site name
and url of the site (hereinafter the "Site"), are protected by current laws on intellectual
property, and belong to sanofi-aventis or its subsidiaries, or their use is the subject of an
authorisation.
No component of the Site may be copied, reproduced, altered, edited, downloaded,
denatured, transmitted or distributed in any way whatsoever, on any medium whatsoever, in
whole or in part, without the prior written consent of sanofi-aventis, except solely for use for
press requirements conditional on compliance with intellectual property rights and any other
property rights that are mentioned. Only copying for private use is authorised for your own
personal, private, non-commercial use, on your personal computer.
The following statement should appear on any authorised copy of all or part of the content of
the Site: "COPYRIGHT year the site was created – current year - name of the sanofi-
aventis subsidiary - ALL RIGHTS RESERVED".
Any authorised use of items composing or shown on the site must not be denatured,
changed or altered in any way whatsoever.
Sanofi-aventis or its subsidiaries reserve the right to take legal action against any breach of
its intellectual property rights.
2. Nature of information
Information, especially financial, published on the Site shall not be considered as an
encouragement to invest. It should not under any circumstances be interpreted as
prospecting or as a public offering, nor is it an offer to subscribe, buy or swap shares or
other securities in sanofi-aventis and/or its subsidiaries concerned. Sanofi-aventis draws
35
Internet Rules 2.1 – July 2010
36. your attention to the fact that financial information posted on the Site is regularly updated
(if financial information is provided on-line).
The Site may offer opinions by experts consulted in a particular field in relation to the
content of the Site or excerpts from press articles. Any such information solely represents
the opinion of the expert consulted or the publication, and is not necessarily the opinion of
the sanofi-aventis Group. Any such experts are not employees of the sanofi-aventis Group
and do not receive any emoluments in exchange for sanofi-aventis using their opinion.
Sanofi-aventis is not responsible for the accuracy or completeness of any such information
and opinions. Experts’ opinions reflect their own personal views and should never be
interpreted as being the opinion or responsibility of sanofi-aventis.
The Site also includes information on health, physical condition, the medical field and
medical treatments solely for human use. Said information is published on the Site for
information purposes only and is no substitute for the advice of your physician or
pharmacist. The information should not be used under any circumstances to make a medical
diagnosis of an illness or physical problem, or for prescribing or using drugs presented on
the Site. In all instances you should refer to your physician or pharmacist.
3. Links to other sites
The liability of sanofi-aventis or of the sanofi-aventis parent company shall not be incurred
by a third party site that can be accessed via the Site. We do not have any way of
controlling the content of such third party sites which remain entirely independent of sanofi-
aventis. Moreover, the existence of a link between the Site and a third party site does not
under any circumstances mean that sanofi-aventis approves the content of that site in any
way whatsoever and in particular the use that may be made of it.
In addition, you are responsible for taking the precautions necessary to prevent any
infection from the Site, in particular by one or more computer viruses, Trojan horses or any
other "parasite".
External sites may include hypertext links to the Site. Any such links should not be created
without the express prior consent of sanofi-aventis. In any case, sanofi-aventis is not in any
way liable for the non-availability of such sites and sanofi-aventis does not scrutinise, check
or approve them and is not responsible for contents, advertising, products or other
components available on or via those sites.
4. Personal information and other information
4.1 Sanofi-aventis will not disclose to third parties personal data about you that you may
convey to it by e-mail. It will only be used with a view to providing you with an answer as
effectively as possible.
36
Internet Rules 2.1 – July 2010
37. If there is a law on personal data protection in your country, you should complete
and mention the following paragraph:
In accordance with local legislation “give the name, number and references of the law
in force”, you have the right to access, alter, rectify and delete personal data that concerns
you. To do so, request as follows:
On-line: the webmaster’s address
Ensure that the mail box mentioned is active and that its holder checks it daily.
If possible, do not give the e-mail address of a sanofi-aventis employee, prefer
generic addresses of “webmaster@mysite.com” type
By post: physical address of the subsidiary or department
4.2 The Site is not intended to receive confidential information from you. Consequently, and
except for personal data mentioned above, any information, whatever its form - document,
data, graphic, question, suggestion, concept, comment or other - that you send us via the
Site will not under any circumstances be deemed confidential. Consequently, the act of
sending it to us alone gives us the right to use it, reproduce it, publish it, alter it or send it
with a view to dealing with your request.
5. Limitations on liability
Sanofi-aventis strives to the best of its ability to ensure that information published on the
Site is accurate and up-to-date. It reserves the right to correct content at any time, without
prior notice. However, sanofi-aventis cannot guarantee that the information available on the
Site is accurate, correct, up-to-date or complete.
Consequently, and except for property damage resulting from gross or intentional negligence
by sanofi-aventis, the group declines any liability:
for any inaccuracy, error or omission as regards information available on the
Site;
for any damage resulting from fraudulent intrusion by a third party resulting in
an alteration of information or items made available on the Site
and more broadly, for any property damage or consequential loss, for any
reason, of any origin, nature or with any consequences whatsoever, even if
sanofi-aventis had been warned of the possibility of such damage or loss,
caused (i) because of any access to the Site or because it was impossible to
access it, (ii) because of the use of the Site, including any harm or virus that
may infect your computer or any other property, and/or (iii) because of the
credence given to any information coming directly or indirectly from the Site.
37
Internet Rules 2.1 – July 2010
38. The components of the Site or of any other site are provided "as is" without any guarantee
of any kind, whether implicit or explicit. Sanofi-aventis does not offer any implicit or explicit
guarantee, relative, without limitation, to their market value or suitability for any given
purpose.
6. Availability of the web site
You acknowledge (i) that it is technically impossible to provide the Site free from any defect
and that sanofi-aventis cannot undertake to do so; (ii) that defects may lead to the Site
being temporarily unavailable; and that (iii) operation of the Site can be affected by events
and/or matters that sanofi-aventis does not control, such, for example, as means of
transmission and communication between you and sanofi-aventis and between sanofi-
aventis and other networks.
Sanofi-aventis and/or its suppliers may, at any time, alter or interrupt, temporarily or
permanently, all or part of the Site to undertake maintenance and/or make improvements
and/or changes to the Site. Sanofi-aventis is not responsible for any alteration, suspension
or interruption of the Site.
7. Information on products
Information included and published on the Site may include direct or indirect references to
products, programmes and services of the sanofi-aventis Group that are not announced or
available in some countries or some regions or that may be supplied under a different name
and may be subject to regulations and terms of use that differ depending on the country.
Such references do not mean that the sanofi-aventis Group intends to sell those products,
programmes or services in your country. Refer to the local sanofi-aventis Group subsidiary
or your sanofi-aventis Group sales partner for any information about the products,
programmes and services available to you.
8. Legal provisions
The Site and its content are governed by the Laws of name of country, and any disputes
relating thereto are subject to the jurisdiction of the courts of name of country.
9. Terms and conditions
9.1 Publisher of the Site:
This is the subsidiary
38
Internet Rules 2.1 – July 2010
39. Physical address of the subsidiary or department
Name of the sanofi-aventis subsidiary is a joint stock company with capital of amount of
capital, listed in the name of the register for your country and company number.
9.2 Head of Publication:
This is the person in charge of validating the contents, the editorial line, etc.
Depending on the site, it may either be the Head of Communication, or the
Marketing Manager, or the Medical Manager, or sometimes the Product Manager.
Name and surname of the Head of publication
9.3 Site hosting:
Name and address of host
10. Photo / video credits:
This is the name of the photographer or agency
List credits and copyright for photographs, images and videos used on the site
39
Internet Rules 2.1 – July 2010
40. The Contact Us page
Contact pages should be a form with predefined fields. Direct “mail to” links are not allowed.
40
Internet Rules 2.1 – July 2010
41. Contact Us pages should include a form for Internet users to fill in before posting their comment and/or
question.
They should be secure by https.
They should also state that they are not intended for receiving adverse event notifications (and propose an
alternative way).
The form can include the following items
Choice General public/physicians (required field)
Title
Surname (required field)
Name (required field)
Company
E-mail (required field)
Address
Post code
Town
Country
Telephone (required field)
Subject
Message (required field)
41
Internet Rules 2.1 – July 2010
42. The graphic charter applicable to all sanofi-aventis product and/or
theme sites
The logo block at the top of the page of a product and/or theme site is positioned as follows:
- At the top right of the page only use the logo (sanofi-aventis name with graphics and smile).
- Positioning in the specified horizontal “silhouette” form
42
Internet Rules 2.1 – July 2010