Privacy Shield Policy | Amicus Therapeutics

PURPOSE OF DATA COLLECTION:

Amicus Therapeutics, Inc. (Amicus) is a biotechnology company that develops, produces and markets therapies to treat a range of devastating rare and orphan diseases.  In doing so, Amicus may collect personal information from or concerning individuals in the European Economic Area (EEA) and Switzerland.  The purposes for collecting data vary but may include carrying out scientific or medical research, adverse event and product complaint reporting, managing and overseeing vendors/consultants, and communicating about our products and services.  We also process human resources data for various purposes, including: recruitment; compensation, benefits administration and payroll; performance appraisals and training; protection against injury, theft, legal liability, fraud and abuse; and other business purposes.

Effective March 27, 2019

BACKGROUND

Amicus Therapeutics, Inc. (Amicus) is a biopharmaceutical company that develops, produces and markets therapies to treat a range of devastating rare and orphan diseases.  In doing so, Amicus may receive personal information from or concerning individuals in the European Economic Area (EEA) and Switzerland from its: (1) clinical research subjects; (2) clinical investigators and staff conducting clinical and medical research; (3) potential clinical trial and post-market patients and their family members/caregivers; (3) adverse event reporters and subjects; (4) consumers; (5) investors and shareholders; (6) medical and healthcare professionals; (7) customers; and (8) vendors, suppliers, contractors, and business partners; and (9) government officials.

PRIVACY SHIELD

Amicus complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries (and Iceland, Liechtenstein, and Norway) and Switzerland transferred to the United States pursuant to Privacy Shield. Amicus has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Amicus is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.

SCOPE

This Privacy Shield Privacy Policy applies to the processing of personal information in the United States from individuals located within the EEA or Switzerland.

PRIVACY SHIELD PRINCIPLES:

1. Notice

Amicus will not sell or provide your personal information to any third party without notice.  When Amicus directly collects personal information from EEA and/or Swiss individuals, it, as explained below, advises you about the purposes for which the information is collected and used, and your ability to limit the use and disclosure of such information, and how to contact Amicus.  Amicus provides this notice in clear and conspicuous language, either through this privacy statement or other means such as informed consent forms, statements on Amicus’s website and other disclosures.  Purposes for collection and use vary but may include carrying out scientific or medical research, adverse event and product complaint reporting, managing and overseeing vendors/consultants, and communicating about our products and services.

Information Amicus may collect:

The type of information collected may include personal information such as:

Clinical Trial Information:  When you participate in scientific or medical research, your participation is completely voluntary, and requires that you explicitly consent in writing to the scope of the research to be conducted using the information gathered from and about you during the clinical trial of our products (Clinical Trial Information) which may include, but is not limited to, your medical history, disease state, information regarding biological specimens and tissue samples, and adverse events.

To protect your privacy, your data will be given a code.  Your name and other information that can directly identify you will not be available to Amicus.  Amicus may receive this coded data from third parties such as contract research organizations (CROs) and clinical sites.  Amicus will only use this data for the general research purposes for which it was originally collected and for research that is consistent with your original consent, or to which you have subsequently consented.

Human Resources Data:The types of data Amicus collects and uses is outlined in the Data Protection Policy and Privacy Notice for Employees, Workers and Consultants.

For additional information about the types of data Amicus collects, please refer to the Privacy Policy linked here.

2. CHOICE

Subject to the exceptions outlined in the Privacy Shield Supplemental Principle governing Pharmaceutical and Medical Products (see below), and as otherwise permitted by applicable law, Amicus does not use or intend to use your personal information for any purpose other than that for which it was originally collected without your consent.

Amicus does not disclose personal information to third parties for purposes that are incompatible with the purposes for which it was originally collected.  Amicus may occasionally transfer personal information to third parties who act for or on behalf of Amicus, or in connection with the business of Amicus, for further processing consistent with purposes for which the data was originally collected.  Where disclosure of personal information to a third party is likely or necessary, further notice may be provided, where appropriate, at such collection points as to the intended use of the data.

We require that such third parties protect the information and, where appropriate, we will contractually require them to process data transferred only for the purposes expressly authorized by Amicus.

Please use the contact information listed below to request to limit the use and disclosure of your personal information.

3. ONWARD TRANSFERS

Amicus will not transfer personal information from or concerning individuals in the EEA and Switzerland to third parties unless such third parties have entered into a written agreement with Amicus requiring that the third party provide at least the same level of privacy protection as is required by the relevant principles of the Privacy Shield.  Amicus will only transfer data to our agents, resellers or third-party service providers who need the information in order to provide services or to perform activities on behalf of Amicus.  The types of companies that now or in the future may receive personal information provide the following categories of services: clinical research, direct marketing assistance, distributors/resellers, data storage, hosting services, and sales support.  Amicus does not share data with non-agent third parties.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Amicus’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Amicus remains liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Amicus proves that it is not responsible for the event giving rise to the damage.  Amicus may provide personal data from clinical trials conducted in the EEA and Switzerland to regulators in the United States and other countries for regulatory and supervision purposes.

4. ACCESS AND CHOICE

Amicus acknowledges that EEA and Swiss individuals have the right to access the personal information that it maintains about them.  Amicus will provide individuals with reasonable access to information it has about them upon their request, and Amicus will take reasonable measures to allow for the correction, amendment, or deletion of information that is inaccurate or processed in violation of the Principles.  You may contact Amicus using the contact information below to learn whether or not Amicus has your personal data subject to this policy, and to request corrections, amendments or deletion of such data.  This right applies only to personal information about you and is subject to other limitations as defined by law, or where the burden or expense of providing access would be disproportionate to the risks related to the privacy of the individual or where the rights of other individuals would be violated.  You will need to provide sufficient identifying information.

Participants in blinded studies (when participants, and often investigators, cannot be given access to information about which treatment they are receiving) do not have to be provided access to the data on their treatment during the trial if this restriction has been explained when the participant entered the trial and the disclosure of such information would jeopardize the integrity of the research effort.

If you withdraw, or are asked to withdraw from a clinical trial of our products, your Clinical Trial Information collected prior to your withdrawal may still be processed along with other data collected as part of the clinical trial, if this was made clear to you in the notice at the time you consented to participate in the clinical trial.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.  To request to limit the use and disclosure of your personal information, please submit a written request to the contact information listed below.

5. PRODUCT SAFETY AND EFFICACY MONITORING

The Notice, Choice, Onward Transfer and Access Principles outlined above do notapply to Amicus’s product safety and efficacy monitoring activities, including the reporting of adverse events and the tracking of patients/subjects using certain medicines or medical devices to the extent that the adherence to the Principles interferes with compliance with regulatory requirements, including disclosures to agencies, such as the U.S. Food and Drug Administration.

6. SECURITY

To protect personal information from or concerning individuals in the EEA and Switzerland, Amicus has in place reasonable and appropriate technical and operational security measures to prevent unauthorized access, loss, misuse, disclosure, alteration and destruction of data in its control.

7. DATA INTEGRITY

The personal information Amicus uses or processes will be necessary for and related to the purpose for which it was obtained or collected. Amicus will not use or process the data in a manner that is incompatible with the reason it was collected or authorized to be used.  Amicus will take reasonable measures to ensure that the data is accurate, complete, current, and reliable for its intended use.

8. ENFORCEMENT & DISPUTE RESOLUTION

The U.S. Federal Trade Commission has jurisdiction over Amicus’s compliance with the Privacy Shield.

In compliance with the Privacy Shield Principles, Amicus commits to resolve complaints about your privacy and Amicus’s collection or use of your personal information transferred to the United States pursuant to Privacy Shield.  EEA and Swiss individuals with Privacy Shield inquiries or complaints should first contact Amicus at dataprivacyofficer@amicusrx.com or in writing at:

Attention:

Joel Norris
Amicus Therapeutics, Inc.
1 Cedar Brook Drive
Cranbury, NJ 08512  United States

Anna Kosobudzka
Amicus Therapeutics UK LTD
One Globeside Park
Fieldhouse Lane,
Marlow, 7SL 1HZ
Buckinghamshire, United Kingdom

Amicus has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus.  If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.  This service is provided free of charge to EEA and Swiss individuals.

If your complaint involves human resources data transferred to the United States from the EU and/or Switzerland in the context of the employment relationship, and Amicus does not address it satisfactorily, Amicus commits to cooperate with the panel established by the EU data protection authorities (DPA Panel) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable and to comply with the advice given by the DPA panel and/or Commissioner, as applicable with regard to such human resources data.  To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction.  Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.  Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Changes to this Privacy Shield Policy

Amicus may, at any time, amend this posting consistent with the requirements of the Privacy Shield. The date at the top of this Privacy Policy will be updated accordingly.