OUR COMMITMENT TO PRIVACY
At Amicus, we recognise the importance of, and are fully committed to protecting the privacy of personal information related to all individuals with whom we interact – including patients, clinical trial participants, members of the public, employees, regulatory authorities’ representatives, healthcare organisations’ representatives, healthcare professionals and business partners.
ABOUT THIS GENERAL PRIVACY NOTICE
This Privacy Notice (the “Notice”) sets out how Amicus together with other members of its group worldwide (to learn more about Amicus’ affiliates and how to contact them directly please visit our corporate website at https://www.amicusrx.com/about-us/contact-us/global-locations/) collect, process and safeguard the personal data about individuals. It is designed to assist you in making informed decisions when using our Website as well as our products and services. This Notice will be continuously assessed against new technologies, business practices and our customers’ needs.
SCOPE OF THIS PRIVACY NOTICE
This Notice is specifically intended to provide information for our Website users, Amicus shareholders, members of the public who interact with Amicus, patients that use Amicus products, clinical trial participants of Amicus sponsored clinical trials and individuals with whom we do business (including, but not limited to, staff at regulatory authorities, personnel of suppliers and partners and visitors to Amicus offices).
References to “Amicus”, “group”, “affiliates”, “we”, “us” and “our” are references to Amicus Corporation and its worldwide affiliates.
Please read this Notice before using Amicus’ website (www.Amicusrx.co.uk – the “Website”) or otherwise providing your personal information to us.By visiting our Website or by providing us your personal data you agree and consent to the collection, use and disclosure of your personal data as outlined in this Notice.
WHAT PERSONAL DATA DO WE COLLECT?
We may collect and process the following personal data about you, including but not limited to:
► General information such as name, postal and/or email address, phone number, date of birth, and other information such as photographs and digital imagery, payment- related information, government issued identification in accordance with applicable laws (e.g. driving license, passport, professional license number), agreements, your communications preferences; queries you make to Amicus;
► Professional information, such as your job title, educational information, professional qualifications, work experience, professional networks, programs and activities in which you participated;
► Health, biometric/genetic information related to identifiable or non-identifiable individuals, and only where necessary and strictly permitted under applicable laws (including in relation to Amicus’ risk management and drug safety programs, or for accessibility purposes for visitors to Amicus sites); and
HOW WE OBTAIN YOUR PERSONAL DATA?
In most cases, Amicuswill collect personal data directly from you although sometimes we will obtain information about you from public or third party information sources including (but not limited to):
► Amicus may collect personal data about Health Care Professionals from public or third party sources for marketing, and research purposes and to verify professional information (including but not limited to access to publicly accessible information, national registries or third party databases);
► Health Care Professionals or other third parties may provide patient personal data to Amicus where necessary under applicable drug safety and risk management laws;
► Amicus may collect information from your computer or other device you use when visiting Amicus’ Website such as Internet Protocol (IP), domain name, Internet Service Provider (ISP), information about date and time of your request and other information provided by tracking technologies. Please see our Cookies Statement.
► Personal data may be shared within the Amicus Group of Companies, which includes our worldwide affiliates.
WHY WE PROCESS YOUR PERSONAL DATA?
Amicus will only process your personal data for purposes permitted by applicable laws, which may vary depending on where you live, and where Amicus operates. The purposes of the data processing activities may include:
1) Managing our business and provide you goods and services ► to administer our business and services, including to carry out our obligations arising from any agreements entered into between you and us.
2) Managing our relationships/communications with individuals ► for example, responding to questions and comments or inquiries about applications, trials or services, inviting individuals to Amicus events, making proposals for future service needs.
3) For collaboration and research purposes, for example to enable Amicus to make more informed and objective decisions when identifying, engaging with healthcare professionals and key opinion leaders and managing the collaboration relationship with healthcare professionals;
4) Recruitment ► processing professional information to assess individual suitability for job openings at Amicus;
5) Market Research ► processing personal data about individuals for lawful market research purposes. We collect information through surveys and interviews with patients and Healthcare Professionals to help us improve our products and services.
6) Direct Marketing ► we process personal data to provide promotional material and engage in marketing and promotional activities with individuals in accordance with applicable laws. (You have choices about this – see “What are your rights & how to contact us?” section of this Notice).
7) To ensure our Website functions ► to ensure that content from our Website is presented in the most effective manner for you and for your device.
8) Reorganising or make changes to our business ► In the event that we are (i) subject to negotiations for the sale of our business or part thereof to a third party, (ii) is sold to a third party or (iii) undergo a re-organisation, we may need to transfer some or all of your personal data to the relevant third party (or its advisors) as part of any due diligence process or transferred to that re-organised entity or third party and used for the same purposes as set out in this Privacy Notice or for the purpose of analysing any proposed sale or re-organisation.
9) Legal or regulatory obligations and the directions of law enforcement, regulators and the court service ► to comply with our legal or regulatory requirements (reporting for the safety of information and product quality complaints or to fulfil transparency requirements with respect to transfers of value to you by us). Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
10) Any other purpose that is relevant to the relationship between Amicus and you.
Amicus will process personal data for further purposes, where lawful to do so (such as for archiving, scientific or market research purposes) or when legally obliged to do so (such as reporting information for Amicus’ risk management and drug safety obligations).
LEGAL BASIS OF PROCESSING
Amicus processes personal data based on one or more of the following conditions:
- Where you have provided your consent (in which cases, such consent can be withdrawn at any time and without giving any reason);
- Where it is necessary to comply with contractual obligations with you;
- Where the processing is necessary for our compliance with a legal obligation;
- Where the processing is necessary to protect the vital interests of an individual;
- Where processing is necessary in the public interest or for a public task; or
- Where the processing is in Amicus’ legitimate interest, for example, Amicus processes personal data for scientific and statistical research purposes, personal data about Amicus visitors and supplier personnel, for scientific development, for the improvement of our products and services, to provide security measures to protect Amicus’ employees, contractors, patients, information and other assets and to prevent crime (such as fraud, financial crime and theft of intellectual and industry property and to ensure the integrity of its manufacturing and other operations).
SPECIAL CATEGORIES OF DATA
In addition to the above, where Amicus processes special categories of data about individuals in specified jurisdictions (including the European Union and the European Economic Area) – for example, information about individuals’ health, genetic, religious, ethnicity, religion, trade union membership, genetic and biometric data, sexual orientation or sex life – it shall only do so in accordance with applicable laws and regulations. For the processing of special categories of data Amicus relies on the following conditions, including, but not limited to:
- where individuals provide explicit consent (such as patients consenting to appear in Amicus marketing materials);
- where required for rights and obligations related to employment;
- where required for vital interests of any individual;
- where processing is necessary for the purposes of provision ofhealthcare or occupational medicine, pursuant to a contract with a healthcare professional and;
- where processing is necessary for scientific research.
WHERE WE PROCESS AND HOW WE TRANSMIT YOUR PERSONAL DATA ?
Amicus headquarters are in the United States of America and in the United Kingdom, however Amicus’ operations are also in Asia, Australia, USA and Europe. Personal data about you may be accessible to Amicus headquarters as well as to some Amicus affiliates inside and outside the European Union (“EU”)/European Economic Area (“EEA”), and selected vendors and partners, established in the EU or globally. Your personal data may be accessed by staff or suppliers in, transferred to and stored at, a location outside the EU or the EEA in which data protection laws may not afford the same level of data protection as the one in the EU/EEA. Where Amicus processes personal information in countries that may not provide the same level of data protection as in the EU/EEA or in your own country, where you are resident, Amicus will implement reasonable and appropriate legal as well as technical and organisational security measures to ensure the security of the processing and in particular to protect your personal data from unauthorised access, use or disclosure including, but not limited to, maintaining binding contractual arrangements with all third parties processing personal data of individuals, for and on behalf of Amicus, as well as executing, where necessary, adequate data transfer mechanisms, in the form of standard contractual clauses, for any cross-border data transfers from the EU to controller or processors established in third countries, as adopted and approved by the European Commission, or by the competent supervisory authorities, with the aim to achieve an adequate level of data protection of the personal information of those individuals.
For residents of EEA – whenever we transfer your personal data outside of the EEA, we will either ask for your explicit consent or take any and all necessary steps to ensure that adequate safeguards are put in place to protect your personal data (unless we are permitted under applicable data protection law to make such transfers without additional formalities e.g. where the recipient country is considered an adequate destination). Such safeguards include the use of European Commission approved standard contractual clauses as mentioned above.
WHAT ABOUT TRANSMISSION VIA INTERNET AND OTHER THIRD PARTY WEBSITES LINKED TO OUR WEB SITE?
The confidentiality of personal data transmitted over the Internet cannot be guaranteed. Amicus urges you to exercise increased caution when transmitting personal data over the Internet, as we cannot absolutely guarantee that unauthorised third parties will not gain access to your personal data.
WHERE WE DISCLOSE YOUR PERSONAL DATA?
Amicus discloses personal data to third party recipients where this is reasonably permitted to pursue its legitimate business aims and as required by applicable law. Your personal data will be disclosed only in accordance with applicable laws, and appropriate safeguards will be established, where possible, to protect your personal data. We may disclose personal datato any member of our group of companies.
In order to conduct Amicus’ business,Amicus may also disclose information to third parties such as public/regulatory authorities/governmental bodies (government, including social and benefits departments), third parties that provide services to Amicus (such as but not limited to service providers, conducting audits, providing IT services, assisting in or managing our clinical trials and studies), business partners and collaborators (such as external scientists), reviews and assist Amicus with health care compliance activities, if Amicus or substantially all of our assets are acquired by a third party, in which case personal dataheld by us about individuals will be included as transferred assets, or if Amicus is under a duty to disclose or share individuals’ personal data in order to comply with any legal or regulatory obligation or request.
We may also disclose information to enforce any agreements we have with individuals; or to protect the rights, property or safety of Amicus employees, patients or others (e.g. visitors to Amicus premises).
AUTOMATED DECISION MAKING AND INDIVIDUALS’ RIGHTS
Amicus does not undertake decisions based solely on automated processing, including profiling, of individual unless we inform you otherwise.
HOW WE SECURE AND HOW LONG WE RETAIN YOUR PERSONAL DATA?
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this PrivacyNotice, applicable data protectionlaws and regulations and international security standards.All personal data you provide to us is stored on secure servers and accessed and used subject to our security policies and standards. Amicus has implemented reasonable physical, technical and managerial controls and safeguards to keep your personal data protected from unauthorised access, disclosure, alteration, and destruction. Such measures may include, but are not limited to: firewalls, access controls, encryption of information while it is in storage, separation of duties, and similar security protocols.
Access to your personal information is limited to a restricted number of Amicus employees whose duties reasonably require such information and third parties with whom Amicus contracts to carry out business activities on its behalf. Our employees have been trained on the importance of privacy and how to handle and manage personal information appropriately and securely.
We will retain your personal information for no longer than is necessary for the processing purpose(s) for which your information was collected and any other permitted associated purpose. Personal data may be retained for a longer duration where applicable laws or regulations require, or allow Amicus to do so. Your information that is no longer needed is either irreversibly anonymised (and the anonymised information may be retained) or securely destroyed.
CHOICES ABOUT MARKETING
If we intend to use your personal data for marketing purposes or if we intend to disclose your information to any third party for such purposes we will inform you respectively. You have the right to object to personal data being used for the purposes of direct marketing and sending scientific information and newsletters. You can also exercise the right at any time by contacting us as set out below.
Under applicable laws and subject to any legal restrictions, you may have the right to request us to:
- Provide you with further details on the processing of your personal data;
- Provide you access to your personal data that we hold about you;
- Update any inaccuracies in the personal data we hold that is demonstrated to be inaccurate or incomplete;
- Delete any personal data the we no longer have a lawful basis to use;
- Provide you or a third party, with a copy of your data in a digital format (data portability);
- Stop a particular processing when you withdraw your consent;
- Object to any processing based on the legitimate interests or public interest to process personal data, unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
- Restrict certain aspects of the processing of your information.
Your exercise of the above mentioned rights is subject to certain exemptions to safeguard the public interest and our own legitimate interests. If you decide to exercise any of these rights we will check your entitlement we may request to confirm your identity and in any case we shall respond within a calendar monthfrom receipt of such a request, unless there are valid grounds for extending the response periods, essentially due to the need to confirm your identity, to request additional information or to ask you to specify or limit your request, in case your request is too general or too complex to be handled within the initial deadline. Amicus may not be able to comply with a request where personal data has been destroyed, erased or made anonymous in accordance with applicable laws and regulations as well as with Amicus’ record retention obligations and practices. In the event that we cannot satisfy a request with regards to your personal data, we will endeavor to provide you with an explanation, subject to any legal or regulatory restrictions.
If we do not handle your request timely or if you are not satisfied with our response to any exercise of these rights you are entitled to lodge a complaint with the competent supervisory authority. Further information and contact details of the competent supervisory authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en.
To exercise your individual data protection rights please contact our Data Protection Officer by email at firstname.lastname@example.org.
OUR CHANGES TO THIS PRIVACY NOTICE
If you have any questions in relation to this Privacy Notice, or you want to obtain more information about Amicus’ privacy practices, please contact our Data Protection Officer by email at email@example.com.
Alternatively, letters may be sent to the following addresses:
► For residents of the United Kingdom
Amicus Therapeutics UK LTD
One Globe Side, Fieldhouse Lane,
Marlow, SL7 1HZ
► For residents of the European Economic Area/EU please contact our EU Representative at:
Amicus Therapeutics Europe Limited
Block 1, Blanchardstown Corporate Park,
Ballycoolen Road, Blanchardstown,
Last Updated: March 2019.