Website Privacy Notice
Our Commitment to Privacy
At Amicus, we recognize the importance of, and are fully committed to protecting the privacy of personal information related to all individuals with whom we interact – including patients, clinical trial participants, members of the public, employees, regulatory authorities’ representatives, healthcare organizations’ representatives, healthcare professionals and business partners.
About this General Privacy Notice
This Privacy Notice (the “Notice”) sets out how Amicus together with other members of its group worldwide (to learn more about Amicus’ affiliates and how to contact them directly please visit our corporate website at https://www.amicusrx.com/about-us/contact-us) collect, process and safeguard the personal information about individuals.It is designed to assist you in making informed decisions when using our Web site as well as our products and services. This Notice will be continuously assessed against new technologies, business practices and our customers’ needs.
Scope of this Privacy Notice
This Notice is specifically intended to provide information for our website users, Amicus shareholders, members of the public who interact with Amicus, patients that use Amicus products, clinical trial participants of Amicus sponsored clinical trials and individuals with whom we do business (including, but not limited to, staff at regulatory authorities, personnel of suppliers and partners and visitors to Amicus offices). This Notice also provides specific information about specific privacy practices towards specific categories of data subjects such as to individuals who may be considered for employment (‘Job Applicants” or “Candidates’) by Amicus or to patients that take part in clinical trials related to Amicus drugs and other medicinal products.
References to “Amicus”, “group”, “affiliates”, “we”, “us” and “our” are references to Amicus Corporation and its worldwide affiliates.
Please read this Notice before using Amicus’ website (www.Amicusrx.com) or otherwise providing your personal information to us. By visiting our Website or by providing us your personal information, you agree and consent to the collection, use and disclosure of your personal information as outlined in this Notice.
What Personal Information Do We Collect?
We may collect and process the following personal information about you including but not limited to:
► General information such as name, postal and/or email address, phone number, date of birth, and other information such as photographs and digital imagery, payment- related information, government issued identification in accordance with applicable laws (e.g. driving license, passport, professional license number), agreements, your communications preferences; queries you make to Amicus;
► Professional information, such as your job title, educational information, professional qualifications, work experience, professional networks, programs and activities in which you participated;
► Health, biometric/genetic information related to identifiable or non-identifiable individuals, and only where necessary and strictly permitted under applicable laws (including in relation to Amicus’ risk management and drug safety programs, or for accessibility purposes for visitors to Amicus sites); and
How We Obtain Your Personal Data?
In most cases, Amicus will collect information directly from you although sometimes we will obtain information about you from public or third party information sources including (but not limited to):
► Amicus may collect information about Health Care Professionals from public or third party sources for marketing, and research purposes and to verify professional information (including but not limited to access to publicly accessible information, national registries or third party databases);
► Health Care Professionals or other third parties may provide patient information to Amicus where necessary under applicable drug safety and risk management laws;
► Amicus may collect information from your computer or any other devices you use when visiting Amicus’ website such as Internet Protocol (IP), domain name, Internet Service Provider (ISP), information about date and time of your request and other information provided by tracking technologies. Please see our Cookies Statement.
► Information may be shared within the Amicus Group of Companies, which includes our worldwide affiliates.
Why We Process Your Personal Information?
Amicus will only process your personal information for purposes permitted by applicable laws, which may vary depending on where you live, and where Amicus operates. The purposes of the data processing activities may include:
1) Managing our business and provide you goods and services ► to administer our business and services, including to carry out our obligations arising from any agreements entered into between you and us.
2) Managing our relationships/communications with individuals ► for example, responding to questions and comments or inquiries about applications, trials or services, inviting individuals to Amicus events, making proposals for future service needs.
3) For collaboration and research purposes, for example to enable Amicus to make more informed and objective decisions when identifying, engaging with healthcare professionals and key opinion leaders and managing the collaboration relationship with healthcare professionals;
4) Recruitment ► processing professional information to assess the individual suitability for job openings at Amicus;
5) Market Research ► processing information about individuals for lawful market research purposes. We collect information through surveys and interviews with patients and Healthcare Professionals to help us improve our products and services.
6) Direct Marketing ► we process personal information to provide promotional material and engage in marketing and promotional activities with individuals in accordance with applicable laws. (You have choices about this – see “What are your rights & how to contact us?” section of this Notice).
7) To ensure our Website functions ► to ensure that content from our Website is presented in the most effective manner for you and for your device.
8) Reorganizing or make changes to our business ► In the event that we are (i) subject to negotiations for the sale of our business or part thereof to a third party, (ii) is sold to a third party or (iii) undergo a re-organization, we may need to transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process or transferred to that re-organized entity or third party and used for the same purposes as set out in this Privacy Notice or for the purpose of analyzing any proposed sale or re-organization.
9) Legal or regulatory obligations and the directions of law enforcement and the court service ► to comply with our legal or regulatory requirements (reporting for the safety of information and product quality complaints or to fulfil transparency requirements with respect to transfers of value to you by us). Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
10) Any other purpose that is relevant to the relationship between Amicus and you.
Amicus will process personal information for further purposes, where lawful to do so (such as for archiving, scientific or market research purposes) or when legally obliged to do so (such as reporting information for Amicus’ risk management and drug safety obligations).
Legal Basis of Processing
Amicus processes personal information based on one or more of the following conditions:
- Where you have provided your consent (in which cases, such consent can be withdrawn at any time and without giving any reason);
- Where it is necessary to comply with contractual obligations with you;
- Where the processing is necessary for our compliance with a legal obligation;
- Where the processing is necessary to protect the vital interests of an individual;
- Where processing is necessary in the public interest or for a public task; or
- Where the processing is in Amicus’ legitimate interest, for example, Amicus processes information for scientific and statistical research purposes, information about Amicus visitors and supplier personnel, for scientific development, for the improvement of our products and services, to provide security measures to protect Amicus’ employees, contractors, patients, information and other assets and to prevent crime (such as fraud, financial crime and theft of intellectual and industry property and to ensure the integrity of its manufacturing and other operations).
Special Categories of Data
In addition to the above, where Amicus processes special categories of data about individuals in specified jurisdictions (including the European Union and the European Economic Area) – for example, information about individuals’ health, genetic, religious, ethnicity, religion, trade union membership, genetic and biometric data, sexual orientation or sex life) – it shall only do so in accordance with applicable laws and regulations. For the processing of Special Categories of Data Amicus relies on the following conditions, including, but not limited to:
- Where individuals provide explicit consent (such as patients consenting to appear in Amicus marketing materials);
- Where required for rights and obligations related to employment;
- Where required for vital interests of any individual;
- Where processing is necessary for the purposes of provision of healthcare or occupational medicine, pursuant to a contract with a healthcare professional and;
- Where processing is necessary for scientific research.
Where We Process and How we Transmit Your Personal Data ?
Amicus headquarters are in the United States of America and in the United Kingdom, however Amicus’ operations are also in Asia, Australia, USA and Europe. Personal information about you may be accessible to Amicus headquarters as well as to some Amicus affiliates outside European Union (“EU”)/ European Economic Area (“EEA”), and selected vendors and partners, established in the EU or globally. Your personal information may be accessed by staff or suppliers in, transferred to and stored at, a location outside the EU or the EEA in which data protection laws may not afford the same level of data protection as the one in the EU/EEA. Where Amicus processes personal information in countries that may not provide the same level of data protection as in the EU/EEA or in your own country, where you are resident, Amicus will implement reasonable and appropriate legal as well as technical and organizational security measures to ensure the security of the processing and in particular to protect your personal information from unauthorized access, use or disclosure including, but not limited to, maintaining binding contractual arrangements with all third parties processing personal information of individuals, for and on behalf of Amicus, as well as executing, where necessary, adequate data transfer mechanisms, in the form of standard contractual clauses, for any cross-border data transfers from the EU to controller or processors established in third countries, as adopted and approved by the European Commission, or by the competent supervisory authorities, with the aim to achieve an adequate level of data protection of the personal information of those individuals.
For residents of EEA – whenever we transfer your information outside of the EEA, we will either ask for your explicit consent or take any and all necessary steps to ensure that adequate safeguards are put in place to protect your information (unless we are permitted under applicable data protection law to make such transfers without additional formalities e.g. where the recipient country is considered an adequate destination). Such safeguards include the use of European Commission approved standard contractual clauses as mentioned above.
What About Transmission via Internet and Other third party websites linked to Our Web Site?
The confidentiality of Personal Information transmitted over the Internet cannot be guaranteed. Amicus urges you to exercise increased caution when transmitting Personal Information over the Internet, as we cannot absolutely guarantee that unauthorized third parties will not gain access to your Personal Information.
Where We disclose Your Personal Data?
Amicus discloses personal information to third party recipients where this is reasonably permitted to pursue its legitimate business aims and as required by applicable law. Your personal information will be disclosed only in accordance with applicable laws, and appropriate safeguards will be established, where possible, to protect your personal information. We may disclose personal information to any member of our group of companies.
In order to conduct Amicus’ business, Amicus may also disclose information to third parties such as public/regulatory authorities/governmental bodies (government, including social and benefits departments), third parties that provide services to Amicus (such as but not limited to service providers, conducting audits, providing IT services, assisting in or managing our clinical trials and studies), business partners and collaborators (such as external scientists), reviews and assist Amicus with health care compliance activities, if Amicus or substantially all of our assets are acquired by a third party, in which case personal information held by us about individuals will be included as transferred assets, or if Amicus is under a duty to disclose or share individuals’ information in order to comply with any legal or regulatory obligation or request.
We may also disclose information to enforce any agreements we have with individuals; or to protect the rights, property or safety of Amicus employees, patients or others (e.g. visitors to Amicus premises).
Automated Decision Making and Individuals’ Rights
Amicus does not undertake decisions based solely on automated processing, including profiling, of an individual unless we inform you otherwise.
How We Secure and How Long We retain Your Personal Data?
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice, applicable data protection laws and regulations and international security standards. All information you provide to us is stored on secure servers and accessed and used subject to our security policies and standards. Amicus has implemented reasonable physical, technical and managerial controls and safeguards to keep your personal information protected from unauthorized access, disclosure, alteration, and destruction. Such measures may include, but are not limited to: firewalls, access controls, encryption of information while it is in storage, separation of duties, and similar security protocols.
Access to your personal information is limited to a restricted number of Amicus employees whose duties reasonably require such information and third parties with whom Amicus contracts to carry out business activities on its behalf. Our employees have been trained on the importance of privacy and how to handle and manage personal information appropriately and securely.
We will retain your personal information for no longer than is necessary for the processing purpose(s) for which your information was collected and any other permitted associated purpose. Information may be retained for a longer duration where applicable laws or regulations require, or allow Amicus to do so. Your information that is no longer needed is either irreversibly anonymized (and the anonymized information may be retained) or securely destroyed.
Choices about Marketing
If we intend to use your information for marketing purposes or if we intend to disclose your information to any third party for such purposes we will inform you respectively. You have the right to object to personal information being used for the purposes of direct marketing and sending scientific information and newsletters. You can also exercise the right at any time by contacting us as set out below.
Under applicable laws and subject to any legal restrictions, you may have the right to request us to:
- Provide you with further details on the processing of your personal information;
- Provide you access to your personal data that we hold about you;
- Update any inaccuracies in the personal information we hold that is demonstrated to be inaccurate or incomplete;
- Delete any personal information that we no longer have a lawful basis to use;
- Provide you or a third party, with a copy of your data in a digital format(data portability);
- Stop a particular processing when you withdraw your consent;
- Object to any processing based on the legitimate interests or public interest to process information, unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
- Restrict certain aspects of the processing of your information.
Your exercise of the above mentioned rights is subject to certain exemptions to safeguard the public interest and our own legitimate interests. If you decide to exercise any of these rights, we will check your entitlement, we may request to confirm your identity and in any case we shall respond within a calendar month from receipt of such a request, unless there are valid grounds for extending the response periods, essentially due to the need to confirm your identity, to request additional information or to ask you to specify or limit your request, in case your request is too general or too complex to be handled within the initial deadline. Amicus may not be able to comply with a request where personal information has been destroyed, erased or made anonymous in accordance with applicable laws and regulations as well as with Amicus’ record retention obligations and practices. In the event that we cannot satisfy a request with regards to your personal data, we will endeavor to provide you with an explanation, subject to any legal or regulatory restrictions.
If we do not handle your request in a timely manner, or if you are not satisfied with our response to any exercise of these rights, you are entitled to lodge a complaint with the competent supervisory authority. Further information and contact details of the competent supervisory authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en.
To exercise your individual data protection rights please contact Data Privacy Officer by email at firstname.lastname@example.org
Our changes to this Privacy Notice
Amicus reserves the right to amend this Privacy Notice from time to time to reflect technological advancements, legal and regulatory changes, and Amicus’ business practices, subject to applicable laws. If Amicus changes its privacy practices, an updated version of this Privacy Notice will reflect those changes by posting any revisions on https://www.amicusrx.com/privacy-policy/ with the respective update of the effective date listed on the bottom of this Notice. All changes to this Statement shall become fully effective thirty days (30) after the update date posted below. We therefore encourage you to view any amendments when you visit our Website from time to time to stay informed of how we are using your personal information.
If you have any questions in relation to this Privacy Notice, or you want to obtain more information about Amicus’ privacy practices, please contact our Data Privacy Officer by email at email@example.com