Our Commitment to PrivacyAt Amicus, we recognize the importance of, and are fully committed to protecting the privacy of personal information related to all individuals with whom we interact – including patients, clinical trial participants, members of the public, employees, regulatory authorities’ representatives, healthcare organizations’ representatives, healthcare professionals and business partners.
About this General Privacy NoticeThis Privacy Notice (the “Notice”) defines how Amicus processes the personal information of individuals. Personal Information, also known as the personal data according to GDPR (European Union General Data Protection Regulation), is the information on which an individual may be identified. Amicus’ representative for European data protection law purposes is Amicus Therapeutics Europe Limited with its principal place of business at Block 1, Blanchardstown Corporate Park, Ballycoolen Road, Blanchardstown, Dublin 15, D15 AKK1, Ireland. The processing of Personal Information includes the collection, transfer, archiving and safeguarding the Personal Information of individuals. This Notice is designed to assist you in making informed decisions when using our website as well as our products and services, and it will be continuously assessed against new technologies, business practices, legal requirements, and our customers’ needs.
Scope of this Privacy NoticeThis Notice is specifically intended to provide information for our customers, including website users, Amicus shareholders, members of the public who interact with Amicus, patients that use Amicus products, clinical trial participants of Amicus sponsored clinical trials and individuals with whom we do business (including, but not limited to, staff at regulatory authorities, personnel of suppliers and partners and visitors to Amicus offices). This Notice also provides information about specific privacy practices towards specific categories of data subjects such as to individuals who may be considered for employment (‘Job Applicants” or “Candidates’) by Amicus or to patients that take part in Amicus clinical trials. References to “Amicus”, “group”, “affiliates”, “we”, “us” and “our” are references to Amicus Corporation and its worldwide affiliates (to learn more about Amicus’ affiliates please visit: www.amicusrx.com/about-us/contact-us). Please read this Notice before using Amicus’ website (www.Amicusrx.com) or otherwise providing your Personal Information to us. In some instances, your explicit consent may be required under applicable law, and in those cases, we will seek your consent before collecting your Personal Information. In all other instances, your visit to our Website or provision of your Personal Information constitute your agreement and consent to the collection, use and disclosure of your Personal Information as outlined in this Notice.
How We Obtain Your Personal INFORMATION?In most cases, Amicus will collect information directly from you although sometimes we will obtain information about you from public or third-party information sources including (but not limited to): ► Amicus may collect information about Health Care Professionals from public or third party sources for marketing, and research purposes and to verify professional information (including but not limited to access to publicly accessible information, national registries or third party databases); ► Health Care Professionals or other third parties may provide patient information to Amicus where necessary under applicable drug safety and risk management laws; ► Amicus may collect information from your computer or any other devices you use when visiting Amicus’ website such as Internet Protocol (IP), domain name, Internet Service Provider (ISP), information about date and time of your request and other information provided by tracking technologies. Please see our Cookies Statement. ► Information may be shared within the Amicus Group of Companies, which includes our worldwide affiliates.
Why We Process Your Personal Information?Amicus will only process your personal information for purposes permitted by applicable laws, which may vary depending on where you live, and where Amicus operates. Purposes for which we process the General, Professional, Health, Biometric/Genetic and Digital Personal Information may include: 1) Managing our business and providing you goods and services ► to administer our business and services, including to carry out our obligations arising from any agreements entered into between you and us. 2) Managing our relationships/communications with individuals ► for example, responding to questions and comments or inquiries about applications, trials or services, inviting individuals to Amicus events, making proposals for future service needs. 3) For collaboration and research purposes, for example to enable Amicus to make more informed and objective decisions when identifying, engaging with healthcare professionals and key opinion leaders and managing the collaboration relationship with healthcare professionals; 4) Recruitment ► processing professional information to assess the individual suitability for job openings at Amicus; 5) Market Research ► processing information about individuals for lawful market research purposes. We collect information through surveys and interviews with patients and Healthcare Professionals to help us improve our products and services. 6) Direct Marketing ► we process personal information to provide promotional material and engage in marketing and promotional activities with individuals in accordance with applicable laws. (You have choices about this – see “Choices About Marketing” & “Contact Information” sections of this Notice). 7) To ensure our Website functions ► to ensure that content from our Website is presented in the most effective manner for you and for your device. 8) Reorganizing or make changes to our business ► In the event that we (i) are subject to negotiations for the sale of our business or part thereof to a third party, (ii) are sold to a third party or (iii) undergo a re-organization, we may need to transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process or transferred to that re-organized entity or third party and used for the same purposes as set out in this Privacy Notice or for the purpose of analyzing any proposed sale or re-organization. 9) Legal or regulatory obligations and the directions of law enforcement and the court service ► to comply with our legal or regulatory requirements (reporting for the safety of information and product quality complaints or to fulfil transparency requirements with respect to transfers of value to you by us). Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime. 10) Any other purpose that is relevant to the relationship between Amicus and you. Amicus will process personal information for further purposes, where lawful to do so (such as for archiving, scientific or market research purposes) or when legally obliged to do so (such as reporting information for Amicus’ risk management and drug safety obligations).
Legal Basis of ProcessingAmicus processes personal information based on one or more of the following conditions:
- Where you have provided your consent (in which cases, such consent can be withdrawn at any time and without giving any reason);
- Where it is necessary to comply with contractual obligations with you;
- Where the processing is necessary for our compliance with a legal obligation;
- Where the processing is necessary to protect the vital interests of an individual;
- Where processing is necessary in the public interest or for a public task; or
- Where the processing is in Amicus’ legitimate interest, for example, Amicus processes information for scientific and statistical research purposes, information about Amicus visitors and supplier personnel, for scientific development, for the improvement of our products and services, to provide security measures to protect Amicus’ employees, contractors, patients, information and other assets and to prevent crime (such as fraud, financial crime and theft of intellectual and industry property and to ensure the integrity of its manufacturing and other operations).
Special Categories of DataIn addition to the above, where Amicus processes special categories of data about individuals in specified jurisdictions (including the European Union and the European Economic Area) – for example, information about individuals’ health, genetic, religious, ethnicity, religion, trade union membership, genetic and biometric data, sexual orientation or sex life – it shall only do so in accordance with applicable laws and regulations. For the processing of Special Categories of Data Amicus relies on the following conditions, including, but not limited to:
- Where individuals provide explicit consent (such as patients consenting to appear in Amicus marketing materials);
- Where required for rights and obligations related to employment;
- Where required for vital interests of any individual;
- Where processing is necessary for the purposes of provision of healthcare or occupational medicine, pursuant to a contract with a healthcare professional and;
- Where processing is necessary for scientific research.
Where AND HOW We Process and How we Transmit Your Personal INFORMATION?Amicus headquarters are in the United States of America and in the United Kingdom, however Amicus’ operations are also in Asia, Australia, USA and Europe. Personal information about you may be accessible to Amicus headquarters as well as to some Amicus affiliates outside European Union (“EU”)/ European Economic Area (“EEA”), and selected vendors and partners, established in the EU or globally. Your personal information may be accessed by staff or suppliers in, transferred to and stored at, a location outside the EU or the EEA in which data protection laws may not afford the same level of data protection as the one in the EU/EEA. Where Amicus processes personal information in countries that may not provide the same level of data protection as in the EU/EEA or in your own country, where you are resident, Amicus will implement reasonable and appropriate legal as well as technical and organizational security measures to ensure the security of the processing and in particular to protect your personal information from unauthorized access, use or disclosure including, but not limited to, maintaining binding contractual arrangements with all third parties processing personal information of individuals, for and on behalf of Amicus, as well as executing, where necessary, adequate data transfer mechanisms, in the form of standard contractual clauses, for any cross-border data transfers from the EU to controller or processors established in third countries, as adopted and approved by the European Commission, or by the competent supervisory authorities, with the aim to achieve an adequate level of data protection of the personal information of those individuals. For residents of EEA – whenever we transfer your information outside of the EEA, we will either ask for your explicit consent or take any and all necessary steps to ensure that adequate safeguards are put in place to protect your information (unless we are permitted under applicable data protection law to make such transfers without additional formalities e.g. where the recipient country is considered an adequate destination). Such safeguards include the use of European Commission approved standard contractual clauses as mentioned above.
Where We disclose Your Personal INFORMATION?Amicus discloses personal information to third party recipients where this is reasonably permitted to pursue its legitimate business aims and as required by applicable law. Your personal information will be disclosed only in accordance with applicable laws, and appropriate safeguards will be established, where possible, to protect your personal information. We may disclose personal information to any member of our group of companies. In order to conduct Amicus’ business, Amicus may also disclose information to third parties such as public/regulatory authorities/governmental bodies (government, including social and benefits departments), third parties that provide services to Amicus (such as but not limited to service providers, conducting audits, providing IT services, assisting in or managing our clinical trials and studies), business partners and collaborators (such as external scientists), reviews and assist Amicus with health care compliance activities, if Amicus or substantially all of our assets are acquired by a third party, in which case personal information held by us about individuals will be included as transferred assets, or if Amicus is under a duty to disclose or share individuals’ information in order to comply with any legal or regulatory obligation or request. We may also disclose information to enforce any agreements we have with individuals; or to protect the rights, property or safety of Amicus employees, patients or others (e.g. visitors to Amicus premises).
Automated Decision Making and Individuals’ RightsAmicus does not undertake decisions based solely on automated processing, including profiling, of an individual unless we inform you otherwise.
How We Secure and How Long We retain Your Personal INFORMATION?We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice, applicable data protection laws and regulations and international security standards. All information you provide to us is stored on secure servers and accessed and used subject to our security policies and standards. Amicus has implemented reasonable physical, technical and managerial controls and safeguards to keep your personal information protected from unauthorized access, disclosure, alteration, and destruction. Such measures may include, but are not limited to: firewalls, access controls, encryption of information while it is in storage, separation of duties, and similar security protocols. Access to your personal information is limited to a restricted number of Amicus employees whose duties reasonably require such information and third parties with whom Amicus contracts to carry out business activities on its behalf. Our employees have been trained on the importance of privacy and how to handle and manage personal information appropriately and securely. We will retain your personal information for no longer than is necessary for the processing purpose(s) for which your information was collected and any other permitted associated purpose. Information may be retained for a longer duration where applicable laws or regulations require, or allow Amicus to do so. Your information that is no longer needed is either irreversibly anonymized (and the anonymized information may be retained) or securely destroyed.
Choices about MarketingIf we intend to use your information for marketing purposes or if we intend to disclose your information to any third party for such purposes we will inform you respectively. You have the right to object to personal information being used for the purposes of direct marketing and sending scientific information and newsletters. You can also exercise the right at any time by contacting us as set out below.
Additional RightsUnder applicable laws and subject to any legal restrictions, you may have the right to request us to:
- Provide you with further details on the processing of your personal information;
- Provide you access to your personal data that we hold about you;
- Update any inaccuracies in the personal information we hold that is demonstrated to be inaccurate or incomplete;
- Delete any personal information that we no longer have a lawful basis to use;
- Provide you or a third party, with a copy of your data in a digital format(data portability);
- Stop a particular processing when you withdraw your consent;
- Object to any processing based on the legitimate interests or public interest to process information, unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
- Restrict certain aspects of the processing of your information.
A) “Do Not Sell My Data”. The CCPA requires companies that sell personal information to provide California residents a “Do Not Sell My Data” opt-out option, as well as an opt-in option for minors under 16 years of age.Amicus does not and will not sell the personal information we collect and therefore we do not include these options on our website.
B) Request to Know & Request to Delete.If you are a California resident covered by the CCPA, you are permitted to: (1) request that Amicus disclose to you your Personal Information that we process, and (2) request that we delete your Personal Information. You also have the option to designate an authorized agent to make a request on your behalf. You may submit a request to Amicus by completing the CCPA Request Form. The CCPA Request Form may be obtained at www.amicusrx.com/content/dl/CCPA-Request-Form.docx Once completed, it can be submitted in one of the following ways: (1) via e-mail to the address: firstname.lastname@example.org or (2) via post to the address: Amicus Therapeutics Inc., 1 Cedar Brook Drive, Cranbury, NJ 08152, attention Data Privacy Office or by calling the toll-free number, 844-927-2010. After you submit the completed CCPA Request Form, we will be in touch with you to verify your identity (and also your authority to make the request on another’s behalf, if applicable), including information that will enable us to confirm that you are a California resident. Our Data Privacy Office will consider various factors when deciding the steps needed to verify your identity (and also your authority to make the request, if your request is made regarding someone other than yourself). Factors may include, among other things, (a) type, sensitivity and value of the Personal Information about which the request relates; (b) risk of harm posed by any unauthorized access or deletion; (c) likelihood that fraudulent or malicious actors would seek the Personal Information; (d) whether the Personal Information to be provided to verify identity is sufficiently robust to protect against fraudulent requests or being spoofed or fabricated; (e) manner in which the business interacts with the person(s) about the whom the request relates; and (f) available technology for verification. If verification has been successful, we will then respond within legally mandated timeframes (typically within forty-five (45) days). Our response may be to provide the information requested, or to make the requested deletion. In some instances, our response may advise that a legal exemption applies and we are not able to comply with the request (such as for a request to delete). You have a right not to receive discriminatory treatment by Amicus for the exercise of the privacy rights conferred by the CCPA. If you have any concerns or would like more information regarding these rights, please contact Data Privacy Officer by email at email@example.com