PRAXIS PRECISION MEDICINES INC.
Last Updated: [May 19, 2022]
We may choose or be required by law to provide additional disclosures relating to the processing of personal information in certain countries, regions, or states. Please refer below to disclosures that may be applicable to you.
- European Economic Area, United Kingdom, or Switzerland. If you are based in the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“UK”), please click here for our European Privacy Notice.
- Nevada. Under Nevada law, Nevada residents may opt-out of the “sale” of their personal information, where the information is exchanged for monetary consideration. We do not engage in such activity; however, if you are a Nevada resident, you may submit a request to opt-out of potential future sales under Nevada law by emailing us a [email protected].
THE INFORMATION WE COLLECT AND THE SOURCES OF SUCH INFORMATION
We collect information about you when you voluntarily provide it to us, when you access the Site, participate in our Studies, and use our Services, or if other sources provide it to us, as further described below. Please note that we need certain types of information, so that we can provide the Services to you. If you do not provide us with such information, or ask us to delete it, you may no longer be able to access or use part or all of our Services.
- Information You Provide to Us
We collect a variety of information that you provide directly to us. The specific types of information we collect will depend upon the Services you use, how you use the Sites or Services, and the information you choose to provide.
The types of data we collect directly from you include, without limitation:
- Contact information, including first name, last name, date of birth, email address, postal address or telephone number;
- Demographic information, including your gender, age, ethnic origin, and race;
- Physical and mental health history and information, such as your height, weight, heart rate and BMI; current and previous physical and mental health diagnosis and testing; current and previous use of certain medications; certain family history; information about your pain; mobility, diet and exercise information, information; disability information; and health habits. This information may be collected through health questionnaires, logged through wearable devices or by other means;
- Inquiry information, including Information about your customer service and maintenance interactions with us; and/or
- Other information, if any, as described in the Informed Consent or any additional information that you choose to directly provide to us.
- Information We Collect Through Automated Means
Our Sites. When you use our Sites, we collect and analyze information such as your IP address, browser types, browser language, operating system, the state or country from which you accessed the Services, software and hardware attributes (including device IDs) referring and exit pages and URLs, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the terms you use in searches on our sites, the date and time you used the Services, error logs, and other similar information.
Our Studies. When you participate in our Studies, we may collect certain data about you automatically including sensor information, technical data (e.g., information about your app usage, app version and installation ID, device identifier, and technical data about your device), and any other information described in the Informed Consent.
Location Information. When you use the Services, we and our service providers may automatically collect general location information (e.g., IP address, city/state and or postal code associated with an IP address) from your computer or mobile device. This information allows us to enable access to content that varies based on a user’s general location.
- Information We Collect From Social Media and Other Content Platforms
When you “like” or “follow” us on LinkedIn or other social media sites, as applicable, we may collect some information about you including your name, email address, and any comments or content you post relevant to us. We also collect your information if you sign up for one of our promotions or submit information to us through social media sites. The data we receive is dependent upon an individual’s privacy settings with the network. Individuals should always review and, if necessary, adjust their privacy settings on third-party websites and networks before sharing information with us or the social media platform.
- Information We Receive From Other Sources
We work closely with third parties (including but not limited to, third party intermediaries, such as vendors, physicians, medical professionals, research organizations, or pharmacies with whom we partner to provide you with the Services as well as their respective health care service providers, sub-contractors in technical, advertising networks, analytics providers, and search information providers). Such third parties will sometimes provide us with additional information about you.
HOW WE USE YOUR INFORMATION
In connection with providing to you the Services, we may use your information for our business purposes to:
- Carry out, improve, and manage the Services.
- Engage in internal research to understand the effectiveness of our Services, improve our Services, and better understand our user base. If we publish or provide the results of this research to others, such research will be presented in a de-identified and aggregate form such that individual users cannot be identified.
- Carry out the Studies, including:
- Recruiting and enrolling you into a Study;
- Conducting the Study;
- Seeking authorization from regulatory agencies to apply for approval of the Study drug or other drug candidates and diagnostics;
- Developing new tests, procedures, and commercial products; and
- For any other uses described in the Informed Consent.
- Communicate with you about the Services, your use of the Services, or your inquiries related to the Services or Praxis and send you communications to meet your needs.
- Communicate with you about Praxis, inquiries related to the Praxis team, opportunities with the Praxis team or careers with Praxis and respond to your communications to meet your inquiries.
- Ensure that content from our Services is presented in the most effective manner for you and for your computer or device, allow you to participate in interactive features of our Services (when you choose to do so), and as part of our efforts to keep our Services safe and secure.
- Measure or understand the effectiveness of advertising and content we serve to you and others, and to deliver and customize relevant advertising and content to you.
- Help us better understand your interests and needs, such as by engaging in analysis and research regarding use of the Services.
- Comply in good faith with any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others.
- Establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others.
Aggregate/De-Identified Data. We may aggregate and/or de-identify any information collected through the Services so that such information can no longer be linked to you or your device(s) (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including for research and marketing purposes.
HOW WE SHARE AND DISCLOSE YOUR INFORMATION
We may share your information for our business purposes in the following ways:
- Affiliates and Subsidiaries. We may share information we collect within any Praxis member or group (i.e., our subsidiaries and affiliates, including our ultimate holding company and its subsidiaries) to deliver products and services to you, ensure a consistent level of service across our products and services, and enhance our products, services, and your customer experience.
- Study Team. If you participate in a Study, we share your personal information with the study team that conducts the Study, as well as the organizations that support the study team.
- Institutional Review Boards. If you participate in a Study, we may share personal information with the ethics committee or institutional review board that approved the Study.
- Government and Regulatory Authorities. We may share personal information with government and regulatory authorities, as required by law, including the U.S. Department of Health and Human Services, the Food and Drug Administration, the European Medicines Agency, and other federal or state government agencies.
- Other Approved Study Researchers. If you participate in a Study and it is permitted by the Informed Consent, we may share personal information with certain third-party researchers who are approved may access limited information. The categories of approved study researchers, the type of information they may have access to, and the purposes that they may use the information for will be described in more detail in the Informed Consent.
- Business Transfers. As we continue to develop our business, we may buy, merge, or partner with other companies. In such transactions, (including in contemplation of such transactions) user information may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third-party, customer information (including your email address) would likely be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable laws, we will comply with such restrictions.
- Consent. We may also disclose your information in other ways you direct us to and when we have your consent.
- Aggregate/De-Identified Information. We reserve the right to share Aggregate/De-Identified Data at our discretion.
YOUR MARKETING CHOICES
THIRD PARTY SERVICES
HOW WE PROTECT YOUR INFORMATION
Praxis takes a variety of technical and organizational security measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the internet, and no means of electronic or physical storage, is absolutely secure.
Praxis is committed to resolving questions or concerns about your privacy and our collection or use of your information. If you have a specific question or concern about your privacy rights with respect to your information you can contact us by emailing us at [email protected].
Praxis Precision Medicines Inc.
99 High Street, 30th Floor
Boston, MA 02110
EUROPEAN PRIVACY NOTICE
SCOPE OF DISCLOSURES
While we are based in the United States, our Services may be accessed by residents of the European Economic Area (“EEA”), Switzerland, and the United Kingdom (“UK”). The following European Privacy Notice applies to our processing of personal data of residents of the EEA, Switzerland, and the UK (“you”).
Praxis is the controller of the personal data we hold about you in connection with your use of the Services. This means we determine and are responsible for how your personal data is used.
- Please note that this European Privacy Notice does not apply to personal data processed by our CRO partners during our Studies. Such processing of your personal data is done in accordance with the privacy notices of our CRO partners.
PERSONAL DATA DISCLOSURES
- Personal Data We Collect and How We Use It
- Legal Basis of Processing
We will generally use and process your information on the basis of your explicit consent, our legitimate interests or legal obligations, and for scientific research purposes or for reasons in the public interest in conducting clinical trials and performing valuable scientific and medical research pursuant to Articles 6 and 9 of the General Data Protection Regulation (“GDPR”) and/or the UK GDPR.
- Retention of Your Personal Data
We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.
The criteria used to determine the period for which personal data about you will be retained varies depending on the legal basis under which we process the personal data:
|Legitimate Interests||Where we are processing personal data based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects|
|Consent||Where we are processing personal data based on your consent, we generally will retain the information for the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain of your data erased (please see the Your Privacy Rights section below)|
|Contract||Where we are processing personal data based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship|
|Legal Obligation||Where we are processing personal data based on a legal obligation, we generally will retain the information for the period of time necessary to fulfil the legal obligation|
|Legal Claim||We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.|
In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal data, as well as the potential risk of harm from unauthorized use or disclosure of your personal data.
- Recipients of Personal Data
DATA STORAGE & PROCESSING (International Transfers)
Your personal information may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations, including the United States. In the event of such a transfer, we ensure that: (i) the personal data is transferred to countries recognised as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission. If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of this European Privacy Notice.
YOUR PRIVACY RIGHTS
You have the following rights with respect to the personal data that we hold:
- Access your personal data;
- Delete, or request deletion or erasure of, your personal data without delay if the continued processing of that personal information is not justified;
- Object to or restrict processing of your personal data;
- Request portability of your personal data;
- Object to automated decision making; and
- Correct or update your personal data that is inaccurate or incomplete.
If we ask you to provide personal data to us to comply with a legal requirement or enter into a contract, we will inform you of this and let you know whether providing us with your personal data is required and if not, the consequences of not sharing your personal data with us.
Right to Withdraw Consent
Where we rely on your consent for processing of your personal data, you also have the right to withdraw your consent to such processing, subject to certain limitations at law. Where applicable, you may withdraw your consent by contacting us at [email protected].
Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
VeraSafe Ireland Ltd. is our designated representative in the European Union and United Kingdom
All communications, inquiries or requests surrounding your information rights or complaints under European Union General Data Protection Regulation (European commission Regulation 2016/679 or “GDPR”) can be addressed to the attention of VeraSafe with copy [email protected]. VeraSafe should only be contacted on matters related to the processing of personal data of EU data subjects.
To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative or via telephone at: +420 228 881 031.
If you are located within the United Kingdom, VeraSafe United Kingdom Ltd., can be contacted in addition to or instead of [email protected], only on matters related to the processing of personal data.
To make such an inquiry, please contact VeraSafe United Kingdom, Ltd., using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003.
Alternatively, VeraSafe United Kingdom Ltd. can be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
Right to Lodge a Complaint
You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner’s Office and the Swiss Federal Data Protection and Information Commissioner.