Privacy Shield Policy
This Privacy Shield Policy (the “Policy”) sets forth the privacy principles that Intercept Pharmaceuticals, Inc. and its subsidiaries (collectively, “Intercept”) follow with respect to Personal Information received from the European Economic Area (EEA).
Intercept has certified that it adheres to the US-Swiss Safe Harbor Framework and the US-EU Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability, as set forth by the US Department of Commerce. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.
This Policy applies to the processing of Personal Information that Intercept receives in the United States concerning individuals who reside in the EEA. This Policy does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes to prevent identification of individual persons).
Intercept employees who handle Personal Information from the EEA are required to comply with the principles stated in this Policy.
Intercept may collect Personal Information about healthcare professionals, including clinical investigators and their staff; Intercept suppliers, contractors, and their personnel; and Intercept’s current, prospective and former employees. Information collected includes curriculum vitae data, business contact information and other non-sensitive information. Sensitive information may be collected in certain instances, including from patients or potential patients, with the consent of the individual or where required by applicable law. In some instances, prospective patients or their family members may choose to provide Personal Information to Intercept via our websites in order to request information.
PURPOSES OF PROCESSING
Intercept processes Personal Information to facilitate the development and commercialization of its products and for its business purposes. Personal Information may be used for purposes of clinical research, business development, marketing and sales, regulatory affairs, procurement, human resources management, and other Intercept business activities.
Intercept transfers personal data to third-party processors providing a variety of services, including, but not limited to, clinical trial operations, payroll, systems hosting, and sales and marketing activities.
ONWARD TRANSFERS TO THIRD PARTIES
Intercept will take measures to obtain assurances from third party service providers that process Personal Information on Intercept’s behalf that they will process such information in a manner consistent with Intercept policies and Privacy Shield Principles. Intercept remains responsible under the Privacy Shield Principles if third party service providers that Intercept engages to process Personal Information on its behalf do so in a manner inconsistent with the Privacy Shield Principles, except where Intercept is not responsible for the event giving rise to the damage. Intercept will take measures to only disclose Personal Information that is necessary for the third parties to provide the agreed upon services to Intercept. Where Intercept has knowledge that a third party business partner is using or disclosing Personal Information in a manner contrary to Intercept’s privacy policies or Privacy Shield Principles, Intercept will take reasonable steps to prevent or stop the use or disclosure.
Intercept may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Upon request, and as required by Privacy Shield Principles and applicable law, Intercept will provide individuals with reasonable access to Personal Information about them. Intercept will also take reasonable steps to allow individuals to review Personal Information for the purposes of correcting, amending or deleting such information in instances where it Personal Information is demonstrated to be incomplete or inaccurate.
Individuals can contact Intercept at firstname.lastname@example.org in order to request access or to make inquiries regarding limiting the use and disclosure of Personal Information about them.
Intercept is subject to the investigatory and enforcement powers of the US Federal Trade Commission (“the FTC”).
Any questions or concerns regarding the use or disclosure of Personal Information should be directed to the Intercept addresses provided below. Intercept will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information by reference to Privacy Shield Principles.
In addition, Intercept has agreed to participate in the following independent dispute resolution procedure in the investigation and resolution of complaints to resolve disputes pursuant to the Privacy Shield Principles:
Information about how to file a complaint with the JAMS Privacy Shield program can be found at: https://www.jamsadr.com/eu-us-privacy-shield
With regard to Personal Information of Intercept employees in the EU, Intercept agrees to cooperate with competent EU authorities.
An individual may invoke binding arbitration, at his or her own cost, subject to procedures set forth by the Privacy Shield.
CHANGES TO THIS POLICY
This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. Intercept will provide appropriate notice about such amendments.
Intercept Pharmaceuticals, Inc.
Legal Affairs Department
450 West 15th Street, Suite 505
New York, NY 10011
T: +01 646-747-1000
Intercept Pharma Europe Ltd.
2 Pancras Square
London, NC1 4AG
T: +44 (0) 20 3805 7600