INTRODUCTION
Rhythm
Pharmaceuticals, Inc. and its affiliates and subsidiaries
(collectively, Rhythm,” “we,” “our,” or “us”) has
created this privacy statement (“Privacy Policy”) to describe how
we collect, use, and disclose personal information, meaning
information about you that is personally identifiable, as you
interact with us online through rhythmtx.com, geneticobesity.com, and
all other Rhythm websites and applications that link to this policy
(collectively, the “Online Services”) or that you provide to us
through other means. By using the Online Services, you consent to the
processing of your information as described in this Privacy Policy.
Your use of the Online Services is governed at all times by the
Rhythm Terms
of Use.
INFORMATION
WE COLLECT
Information
You Provide. We
and our service providers may collect any information that you
provide when you use the Online Services or otherwise interact with
us, including when you contact us with questions or requests for
information or submit information to participate in a study or
research initiative or use social media to interact with us, or to
share something from our Online Services with others. The information
that you provide us may include, but is not limited to:
(a) your
name, phone number, email address, physical address, and other
contact information;
(b) symptoms, diagnoses, and other
information to help assess the prevalence, impact, and progression of
certain medical conditions, and/or your eligibility, or that of
someone for whom you provide care, for participation in a study or
research initiative; and
(c) other information you provide when
you contact us, including any health-related information.
Information Automatically Collected. We and our authorized service providers may automatically collect certain technical information over time and across different websites about your use of the Online Services, such as your Internet Protocol address or other device identifier, browser type, operating system, the pages you view on the Online Services, the pages you view immediately before and after you access the Online Services, your movement between different Rhythm websites, and the search terms you enter on the Online Services. This information allows us to recognize you and personalize your experience, and to improve the Online Services and the services and information we provide. We and our service providers may collect this information using “cookies,” which are small text files that the Online Services save on your computer using your web browser, or similar technologies. Please see “Your Choices,” below, for more information.
Information We Receive From Third Parties. We may combine the information we collect from you with information that we receive about you from other sources, such as public databases, providers of demographic information, joint marketing partners, social media platforms, and other third parties.
Recruitment and Job Applications. You may provide us with personal information, such as that contained on a resume or a curriculum vitae, in connection with a job application or inquiry. We may use this information throughout Rhythm for the purpose of employment consideration or your inquiry. We may keep your information on file for future consideration.
USE
OF COLLECTED INFORMATION
There
are different legal bases we may rely on to use your personal
information. These may include where the use of your personal
information may be necessary to perform a contract that you have with
us, where we have obtained your consent to use personal information,
and where the use of personal information may be in our legitimate
interests, among other legal bases permitted by applicable law.
Where required by applicable law, we will ask for your explicit consent to collect information considered to be sensitive personal information (such as health information ). You may withdraw your consent at any time by contacting us at the details below.
Consistent
with these legal bases, we may use the information we collect for a
number of purposes, including to:
• Administer patient support
programs;
• Provide you with products, services, or information
you request;
• Provide you with information about the Online
Services or required notices;
• Respond to your inquiries;
•
Deliver marketing communications, promotional materials, or
advertisements that may be of interest to you;
• Administer
participation in special events, programs, offers, surveys, and other
market research;
• Customize your experience when using the
Online Services, such as by providing interactive or personalized
elements and providing you with content based on your interests;
•
Improve our websites, patient support programs, and other products
and services and/or develop new products or services;
• Perform
quality control activities, conduct data analyses, and develop
references for other users and/or health care providers to better
understand symptoms or conditions;
• Generate and analyze
aggregate traffic patterns throughout the Online Services;
•
Diagnose website technical problems;
• Protect our, your, or
others’ rights and property;
• Protect someone’s health,
safety, or welfare;
• Comply with a law or regulation, court
order, or other legal process;
• Detect, prevent, and respond to
fraud, intellectual property infringement, violations of our Terms of
Use, violations of law, or other misuse of the Online Services.
As noted above, we may use your personal information for marketing purposes, but we will not rent, sell, or share your personal information for third parties to directly market to you for their own purposes, unless we have your permission or as otherwise permitted by applicable law. See the “Your Choices” section below for information about your choices related to marketing.
We may use aggregate or de-identified information (i.e., information that does not personally identify you) for any purpose, except where prohibited by law.
DISCLOSURE
OF COLLECTED INFORMATION
Service
Providers. We
may share your information with third parties that provide services
to us in connection with our business operations and that have agreed
to keep the information confidential.
Other Parts of Our Business and Our Business Partners. We may share your information with other parts or departments at Rhythm or with our business partners for events or activities that we provide jointly, such as a research study. In such cases, our business partners are limited to using your information for the purposes of the joint event or activity.
Mergers, Acquisitions and Bankruptcy. If Rhythm should ever file for bankruptcy or merge with another company, or if Rhythm should decide to buy, sell, or reorganize some part or all of its business, Rhythm may disclose your information to prospective or actual purchasers. It is Rhythm’s practice to seek appropriate protection for information disclosed in these types of transactions.
As Required by Law and Other Legal-Related Disclosures. We may disclose your personal information if we believe in good faith that disclosure is necessary: (a) to comply with the law, such as to report possible adverse events or to respond to legal process (e.g., court order, subpoena, search warrant) or other legal requirements of any governmental authority; (b) to protect the integrity of the Online Services; (c) to protect and defend our, your, or others’ rights, property, safety or interests; or (d) to detect, prevent, or respond to fraud, intellectual property infringement, violations of our Terms of Use, violations of law, or other misuse of the Online Services.
Aggregate and De-Identified Information. We may disclose aggregate or de-identified information for any purpose, except where prohibited by law.
YOUR
CHOICES
Rhythm
takes reasonable steps to keep personal information up-to-date for
the purposes for which the information was collected. If you wish to
inquire about, make changes to, or request deletion of the personal
information we have collected about you, please submit a request
to privacy@rhythmtx.com.
Marketing. If you no longer wish to receive marketing communications from us, please submit a request to privacy@rhythmtx.com or using the unsubscribe mechanism in our promotional emails. Please note that you may not opt-out of receiving non-promotional, administrative messages, including messages relating to your account, technical notices, transactional confirmations, safety information, or other Online Services-related emails.
Cookies and Similar Technologies. We and our service providers may collect information by automated means such as cookies, web beacons, log files, and similar technology. A “cookie” is a file that websites send to a visitor’s internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an internet tag, pixel tag, action tag, or clear GIF, is a clear graphic image that may be loaded by a web browser to record visits to a particular website or may be embedded in an email to record when the email is opened. A “log file” is a file that records how users interact with websites or a server. If you do not want the Online Services to collect information through the use of cookies, you can set your web browser to reject cookies from the Online Services. Each browser is different, so you should check your browser’s “Help” menu to learn how to change your cookie preferences. If you reject or block cookies from the Online Services, however, the Online Services may not function as intended.
Google Analytics. We may use third-party web analytics services on the Online Services, including Google Analytics. The analytics providers that administer these services use technologies such as cookies, web beacons, and log files to collect information to help us analyze how visitors use our Online Services and improve the overall performance and user experience of the Online Services. These analytics providers may also collect information about your use of other websites over time, if those other websites also use the same analytics providers. To learn more about how Google Analytics uses your information and what choices you have, please visit https://www.google.com/policies/privacy/partners/.
Do Not Track. Some browsers may transmit “do-not-track” signals to websites with which the browser communicates. Our websites do not currently respond to these “do-not-track” signals or other mechanisms that provide a method to opt out of the collection of information across websites and over time.
ADDITIONAL
COLLECTION AND USE
To
administer special programs or provide certain services, we may need
to collect and use information other than as described in this
Privacy Policy. In these cases, we will provide further explanation
and, where required by applicable law, will ask for your additional
consent before collecting and using your information for those
programs and services.
SECURITY
We
take steps to ensure that your personal information is treated
securely and in accordance with this Privacy Policy. Rhythm has put
in place physical, technical, and administrative safeguards to
protect personal information, consistent with legal obligations and
industry practices. However, no information system can be 100%
secure, so we cannot guarantee the absolute security of any
information you provide to us.
By using the Online Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Online Services.
LINKS
TO THIRD-PARTY SITES
The
Online Services may contain links to third-party sites. Please be
aware that Rhythm is not responsible for and cannot control the
privacy practices of these other sites. We encourage you to read the
privacy policies for these other sites prior to using such sites, as
they may differ from ours.
CHILDREN’S
INFORMATION
Under
Age 13
The
Online Services are not directed to, nor do we knowingly collect
information from, children under the age of 13 without verifiable
parental consent. This does not affect health information about
minors that a healthcare professional or caregiver using the Online
Services may provide in connection with our services directed to
those individuals. If we learn that a child under the age of 13 has
submitted personally identifiable information online without parental
consent, we will take all reasonable measures to delete such
information from our databases and to not use such information for
any purpose (except where necessary to protect the safety of the
child or others as required or allowed by law). If you become aware
that your child or any child under your care has provided us with
information without your consent, please contact us at the contact
information listed below.
Under
Age 18
Minors
under 18 years of age may have the personal information that they
provide to us online deleted by contacting us at the contact
information listed below, requesting deletion. Please note
that, while we make reasonable efforts to comply with such requests,
deletion of your personal information does not ensure complete and
comprehensive removal of that data from all systems.
INTERNATIONAL
DATA TRANSFERS AND PROCESSING
To
the extent that personal information is transferred out of the
country where a user or other individual whose information is
provided to us over the Online Services lives, such as to our
affiliates, business partners, and service providers in other
countries, there may be different standards that apply to how
personal information may be used and protected. Rhythm has put in
place appropriate safeguards in accordance with applicable legal
requirements to ensure that data is adequately safeguarded and
protected irrespective of the country. For more information on the
appropriate safeguards in place, please contact us at the details
below.
YOUR
CALIFORNIA PRIVACY RIGHTS
This
Privacy Policy describes how we may share your information for
marketing purposes, as described above. California residents are
entitled to request and obtain from us once per calendar year
information about any of your personal information shared with third
parties for their own direct marketing purposes, including the
categories of information and the names and addresses of those
businesses with which we have shared such information. To request
this information and for any other questions about our privacy
practices and compliance with California law, please contact us as
explained below.
CHANGES
TO THIS PRIVACY POLICY
Rhythm
reserves the right to change this Privacy Policy at any time. If we
update this Privacy Policy, we will notify you by posting a new
Privacy Policy on this page. If we make any revisions that materially
change the ways in which we use or share the information previously
collected from you through the Online Services, we will make
reasonable efforts to provide notice (such as by sending you an email
or posting a notice on this website prior to the changes becoming
effective) and obtain any necessary consent to any such new uses as
may be required by law. We encourage you to review this Privacy
Policy each time you visit this website.
CONTACTING
US
Rhythm
Pharmaceuticals, Inc. is based in the US and is the controller
responsible for the personal information that it collects and
processes. If you have any questions about this Privacy Policy, the
Terms of Use, or our use of your information collected through the
Online Services, you can contact privacy@rhythmtx.com.
Effective Date: September 24, 2018