Last Reviewed: April 2023
Sarepta International UK Limited ("Sarepta", "Company" or "We") respects your privacy and is committed to protecting your personal information through our compliance with this policy. This policy describes the types of personal information we may collect from you or that you may provide when you visit www.sareptatherapeutics.co.uk or any social media site, mobile sites, or online application owned and/or operated by the Company, including any content, functionality and services offered on or through these sites or channels (our "Websites"), and our practices for collecting, using, maintaining, protecting and disclosing that personal information.
This policy applies to personal information. “Personal information” is any information—as electronically or otherwise recorded—that can be used to identify a person or that we can link directly to an individual, such as name, address, email address, or telephone number, as applicable. This policy applies only to personal information we may collect:
- on our Websites;
- through e-mail, text and other electronic messages between you and our Websites;
- through mobile and desktop applications downloaded from our Websites, which may provide dedicated non-browser-based interaction between you and our Websites; and
- when you interact with our advertising and applications on third-party websites and services, but only if those applications or advertising include links to this policy.
We may have other unique privacy policies that apply to certain specific situations, such as if you participate in a clinical trial we sponsor. To the extent you were provided with a different privacy notice or policy that applies, that notice or policy will govern our interactions with you, not this one.
This policy does not apply to information collected by:
- us offline or through any other means not included in the above-provided definition of our Websites; or
- any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website.
INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT PROCESS, AND SHARE IT
- “Personal information” is any information—as electronically or otherwise recorded—that can be used to identify a person or that we can link directly to an individual, such as name, address, email address, telephone number, or credit card number, as applicable. Personal information in some jurisdictions can include information that indirectly identifies a person even absent other identifying information.
- Personal information may include information considered sensitive in some jurisdictions, such as biometric information, genetic information, medical and health information, financial account information, geolocation, ethnic or racial origin, information concerning your sex life or your sexual orientation, and other information.
- Below is a summary of how we collect, process, and use personal information and the potential recipients of your personal information. Some jurisdictions require us to state the legal bases for processing your personal information, which are included below, but please note that not all jurisdictions may recognize all legal bases.
|Examples of the types of personal information we process:||Where do we get the personal information?||Why do we process the personal information||What are the legal bases for processing?||Who receives the personal information?*|
Identity and contact information, such as:
Other personal information, such as:
Visual Information, such as:
Technical Information, such as:
Anonymized / De‑identified Data
Anonymized data is data for which your individual personal characteristics have been removed such that you are not identified and the information is no longer considered Personal Data under data protection laws.
*The legal bases we rely upon include those enumerated in Articles 6 and 9 of the UK Data Protection Act 2018, depending on the type of Personal information.
**In limited circumstances, recipients may include, (1) in the event of a sale, assignment, or transfer, to the buyer, assignee, or transferee; and, (2) government or regulatory officials, law enforcement, courts, public authorities, or others when permitted by this Policy or required by law.
You also may provide information to be used, published or displayed (hereinafter, "posted") on public areas of our Websites, or to be transmitted to other users of our Websites (collectively, "User-Generated Information"). When you provide User-Generated Information, you do so at your own risk. Although in some cases you may be able to establish certain privacy settings for your User-Generated Information that is posted on our Websites, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of our Websites with whom you may choose to share your User-Generated Information. Therefore, we cannot and do not guarantee that your User-Generated Information will not be viewed by unauthorized persons.
Information Collected Automatically
The information about you that we collect automatically does not identify you personally, but rather only by reference to the device you use to access our Websites. This information tells us about your usage of our Websites, which helps us to improve our Websites and to deliver a better and more personalized service to you. By enabling us to take into account your Website usage patterns and preferences, this information helps us to customize our Websites according to your individual interests, to speed up your searches, and to recognize you when you return to our Websites.
The technologies we use for this automatic data collection may include:
- Web Beacons. Pages of our Websites and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
For more information about these technologies and how to manage or opt out of them, please see our Notice on Cookies.
Although the information we collect automatically does not personally identify you, we may link that information to information that does personally identify you that we otherwise collect as described in this policy.
CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION
We strive to provide you with reasonable choices regarding the collection and use of information about you. For example, you may: (1) choose not to provide personal information on our Websites, (2) set your browser preferences and use web tools available to block the cookies sent in connection with your use of our Websites, (3) follow the instructions to unsubscribe from our services included on our Websites and the communications sent to you, and/or (4) email a request to unsubscribe from our services to firstname.lastname@example.org.
YOUR RIGHTS REGARDING YOUR PERSONAL DATA
Under applicable laws and subject to any legal restrictions, you may have the right to request us to:
- Provide you with further details on the processing of your personal data
- Provide you access to your personal data that we hold about you;
- Update any inaccuracies in the personal data we hold that is demonstrated to be inaccurate or incomplete
- Delete any personal data that we no longer have a lawful basis to use
- Provide you or a third party, with a copy of your data in a digital format (data portability)
- Stop a particular processing when you withdraw your consent
- Object to any processing based on the legitimate interests or public interest to process information, unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
- Restrict certain aspects of the processing of your data.
If we do not handle your request in a timely manner, or if you are not satisfied with our response to any exercise of these rights, you are entitled to lodge a complaint with the competent supervisory authority of your jurisdiction. Further information and contact details of the competent supervisory authorities can be found here: https://ico.org.uk/make-a-complaint/
We have implemented measures designed to secure your personal information from unauthorized access, use, alteration and disclosure. All information you provide to us is stored on our secure servers behind firewalls.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Websites. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our Websites.
INTERNATIONAL TRANSFERS OF PERSONAL DATA
Sarepta operates in the UK, however a considerable part of Sarepta’s operations is in the United States. Your personal data may be accessible to some Sarepta affiliates inside and outside the UK, and selected vendors and partners, established in the EU/EEA, the US or globally. Your personal data may be accessed by staff or suppliers in, transferred to and stored at, a location outside the UK. Where Sarepta processes personal information in countries that may not provide the same level of data protection as in the UK, where you are resident, Sarepta will implement reasonable and appropriate legal as well as technical and organizational security measures to ensure the security of the processing and in particular to protect your personal data from unauthorized access, use or disclosure including, but not limited to, maintaining binding contractual arrangements with all third parties processing personal data of individuals, for and on behalf of Sarepta, as well as executing, where necessary, adequate data transfer mechanisms, for any cross-border data transfers from your country to controller or processors established in third countries, as adopted and approved by the competent supervisory authorities.
HOW LONG YOUR PERSONAL INFORMATION WILL BE RETAINED
We generally retain personal information for as long as needed for the specific purpose or purposes for which it was collected. In some cases, we may be required to retain personal information for a longer period of time by law or for other necessary business purposes. Whenever possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the specified retention period.
Sarepta is responsible for the processing of your personal information as it decides why and how it is processed, thereby acting as the “Controller”.
If you have any questions about our Privacy Notice or want to contact our Data Protection Officer, please contact us via email at email@example.com.