At Alexion, we are committed to handling personal data, including the personal data of our patients and caregivers fairly and transparently in support of our mission and in accordance with the laws and regulations that govern data protection and privacy. PNHSource.com strives to provide practical and emotional support to those struggling with paroxysmal nocturnal hemoglobinuria (PNH).
Alexion Pharmaceuticals, Inc., 121 Seaport Boulevard, Boston, Massachusetts 02210, USA, and the Alexion affiliate in the country in which you are located, and our affiliates (“Alexion”, “we”, “us”) as data controllers are providing this statement of our privacy and data protection practices to inform you of the reasons that we collect data about you and how we will respect your rights. This is a statement of our privacy practices relating to how Alexion may collect, store, process and use certain information about you related to PNHSource.com; this is not a contract.
How We Collect Personal Data and Why We Use It
We collect personal data (“Personal Data”) about you both through interactions we have with you as well as from third party professional sources. We use that Personal Data in the following ways:
Respond to You: We collect your data, such as name, address, email, country, phone number, and any other Personal Data that you share when you voluntarily provide it to us via email or via the forms available on this Site.
By providing Personal Data to us, you give your consent to these being processed by Alexion for the purpose of answering your question, granting you access to the Site or some other aspects defined on the Site or requested by you. If you submit Personal Data, we may use that information to contact you by email, phone or mail depending on the contact mechanism you have indicated. This contact will be used to provide you with information you have requested or to clarify your request in order to be able to meet your request. Where you provide us with additional information that does not identify you as an individual in whatever form: documents, data, graphics, questions, suggestions, concepts, remarks or other - this will in no way be considered as confidential. The simple fact of you transmitting this non-personal data to us grants us the right to use, reproduce, diffuse or modify this data, or to transmit it in the aim of processing your request provided we do so in a manner that has removed any personal information from it.
Our Site is not intended to collect your Sensitive Personal Data. Where we collect Personal Data of a sensitive nature about you because you inadvertently or voluntarily provide your health or medical information, however, we will only process it to the extent necessary to identify it as Sensitive Personal Data. Where you provide your Sensitive Personal Data, we will contact you in order to obtain your explicit consent to further process your data. In some cases we may have other obligations to process this data outside of your explicit consent, in which case, we will process this data in accordance with our obligations ensure the quality and safety of our products (Article 9(2)(i) GDPR). To the extent we have such obligations; we will only process your data to the extent necessary to comply with these requirements.
Data obtained by third parties: Personal Data collected via social media plugins: In order to improve your browsing experience the Site allows you to share information using social media platforms, for example Facebook or Twitter. We do this by using social media plugins, which are identified by the logos of the relevant social media platform. If you chose to use these plugins, we will transfer some data to the social media platform. This will usually be related to your visit to our Site. By selecting a social media plugin, you consent to sharing of Personal Data as specified in the terms of the particular social media platform. We encourage you to review all privacy statements prior to providing any Personal Data via a social media plugin.
Data combined from more than one source: We may combine and use anonymized/de-identified data to help improve the content, functionality, and usability of the Site. This use of your data would be done so in accordance with Alexion’s Legitimate Interests to support, maintain and improve upon our Site. We may combine the data collected from you and share it with other Alexion companies and trusted third parties in order to provide you with the Services better. This processing will only occur upon your explicit consent and you are free to revoke your consent at any time.
Data about our Business Partner’s employees: Where we have a business relationship with a supplier or customer, we may have some personal data relating to their employees. This is usually limited to contact information. We will use this Personal Data for the purpose for which it was given to us or to facilitate our management of the business relationship. Where this use is based on consent, for example for marketing, your consent may be withdrawn at any time by contacting us via the details below.
To Contact or Communicate with you: Based upon your consent below, we may collect your name, your email address, your phone number, your address, etc. in order to contact you or communicate with you via email, SMS, or other electronic means. We may also tie this information with your interaction in the activity or process mentioned above. We will do this to provide you with information about Alexion, our products and services and other information that we feel may be of value to you. We will only contact you in this way based upon your consent. You may also opt-out of such communication at any time by contacting us as provided below.
Data automatically collected via the [activity, system, Site]: We may automatically collect certain types of Personal Data whenever you interact with us on the Site. Examples of such Personal Data include your IP address, geographical location, browser type, device type, operating system, etc. We may use this Personal Data to improve the quality of the Site and it is only used in an aggregated form. This depersonalized, aggregated information collected from our Site help us to understand trends and your needs. For example, we may analyze location of visitors and the pages visited on the Site and time spent related to a particular medication or disease state, and we may use that analysis of aggregate data internally or share it with others for the purposes set forth in this Privacy Notice. Alexion gathers this usage data and site information in order to maintain our Site and provide you services, which we do so under Alexion’s legitimate interests in order to support, maintain and improve upon our Site. Additionally by continuing to use our website, you consent to the processing of this Personal Data. For further information please see our Cookie and Site Usage Tracking Notice.
If you have any questions regarding the legal basis for our usage or collection of your Personal Data, please feel free to contact Alexion as provided below.
Due to the nature of its business, Alexion is subject to a range of regulation and legislation, mainly related to patient safety. As a result Alexion may be required to process Personal Data, including Sensitive Data, in order to meet its legal obligations. This data may include your name, location, health information (condition, medication/treatment, medical event, time and date of event, physician information, etc.) Where this is necessary, we will do so in a way which protects your privacy to the extent possible, including pseudonymising the information, while still complying with obligations. We will process this personal information in accordance with our legal obligations under applicable laws and process any Sensitive Data in accordance with either your Explicit Consent (GDPR Art 9(2)(a)), necessary for reasons of public interests related to public health (GDPR Art 9(2)(i)), or necessary for public interest or scientific research (GDPR Art 9(2)(j).
Personal Data Sharing and Recipients
Alexion will not disclose to third parties your Personal Data without adequate organizational and technical measures in place in order to protect your Personal Data. Third parties Alexion might work with are:
- Vendors and service providers who assist Alexion with digital management, configuration, support, and hosting, as needed.
- Third parties in connection with the sale, assignment or other transfer of an Alexion business;
- Third parties to respond to requests of government or law enforcement agencies or where required or permitted by applicable laws, court orders, or government regulations; or When needed for corporate audits or to investigate or respond to a complaint or security threat.
- Any affiliated entity, vendor or service provider, or other third party who has permitted access to or to whom we transfer Personal Data is required to keep it confidential and secure, as well as to process it only for the purposes we have informed you of in this privacy statement or for which you have consented.
Protecting Your Personal Data
Alexion takes seriously our responsibility to protect the Personal Data entrusted to us. As such, we use appropriate privacy and security controls and processes that are designed to help protect and safeguard your Data.
International Personal Data Transfer
Alexion is an international organization with affiliates and subsidiaries worldwide. Some of these have their registered offices or are located in countries not providing for the same level of data protection as the country where you reside (including in other countries that do not provide for the same level of regulatory data protection). In order to protect your privacy, where data are transferred by or on behalf of Alexion to other countries or organizations that have not been recognized as providing regulatory protection similar to your country, Alexion contractually obliges its international entities, affiliates and service providers to comply with the applicable data protection laws and principles through standard clauses that have been approved or recognized by the relevant regulators.
This Site is administered and hosted by AWS.
You may contact us to request access to your Personal Data or to receive your data in a portable form (to the extent the right to data portability is provided under your applicable law) by contacting us as provided below. To the extent provided for under applicable law, you may also inquire about correcting inaccurate information, accessing a list of providers and their data processing locations currently used by Alexion, or to raise other concerns about how we are handing Personal Data, to opt out of or suppress certain data processing or to request deletion, restrictions or withdrawal of your explicit consent. We will honor your request in accordance with the applicable laws and regulations and in a manner consistent with Alexion’s privacy commitment. In accordance with applicable law, as a result of withdrawal of your consent, your Personal Data will be deleted from Alexion records, and Alexion will ensure that this Personal Data is deleted from its associated service providers, unless the Personal Data cannot be deleted where we are required to retain it by applicable laws and regulations.
You may contact us through the following ways:
121 Seaport Boulevard
Boston, MA 02210
By email: firstname.lastname@example.org
Alexion Data Protection Officer
Veneto Privacy Services Ltd.
20-21 Saint Patricks Road
Dalkey, Co. Dublin
A96 DV76, IRELAND
By email: email@example.com
You also have the right to lodge a complaint with the privacy or data protection regulator in your country of residence.
Privacy Statement for Minors
Our Site is not intended or designed for persons under the age of 18 (hereinafter “minor”). If you are under the age of 18, you must not provide your Personal Data. We will not knowingly collect, use or disclose Personal Data from minors without the prior written consent from his/her parents and/or legal guardian.
Additional Information on Websites
If parts of the Site have particular provisions relating to privacy that differ from those stated here, those provisions will be disclosed to you on the page on which your Personal Data is collected.
Retention of your Personal Data
Alexion retains your Personal Data no longer than necessary for the purpose for which it was processed for the duration of our relationship with you, unless a longer period is required to comply with applicable laws. Retention periods may vary depending on purpose for which the Personal Data was collected and used. Some of the criteria we use to assess appropriate retention periods includes: i) the nature of your data and the activities involved, ii) the length of your interaction with Alexion, or iii) whether there are legal obligations to which we are subject.
ANY CHANGES TO THE ALEXION PRIVACY NOTICE WILL BE PROMPTLY POSTED ON THIS PAGE. THE DATE ON WHICH THE NOTICE WAS LAST UPDATED IS INCLUDED AT THE END OF THIS LEGAL STATEMENT. WE MIGHT NOT NOTIFY YOU OF ANY CHANGES TO THIS PRIVACY NOTICE, YOU SHOULD CHECK THIS PAGE PERIODICALLY FOR ANY CHANGES. BY ACCESSING AND UTILIZING THESE SITES, YOU AGREE THAT ALL DISPUTES AND OTHER MATTERS THAT MAY ARISE BETWEEN YOU OR YOUR REPRESENTATIVES AND ALEXION OR ITS EMPLOYEES, CONTRACTORS OR AGENTS IN CONNECTION WITH THESE SITES SHALL BE GOVERNED UNDER THE LAWS OF THE COMMONWEALTH OF MASSACHUSETTS, UNITED STATES OF AMERICA, UNDER THE EXCLUSIVE JURISDICTION OF THE COURTS OF THE COMMONWEALTH OF MASSACHUSETTS.
Last updated on: 06 September 2019
Alexion Cookie and Site Usage Notice
We automatically collect certain types of information whenever you interact with us on the Alexion Sites and in some e-mails we may send. Automatic technologies we use may include, for example, web server logs and IP addresses, cookies and web beacons.
Web Server Logs and IP Addresses: An IP address is a number assigned to your computer whenever you access the Internet that allows computers and servers to recognize and communicate with each other. Alexion collects IP addresses to conduct system administration and report aggregate information to affiliates, business partners, service providers and/or vendors to conduct website and Application analysis and performance reviews.
Web Beacons: On certain web pages or e-mails, Alexion may utilize a common Internet technology called a “web beacon” (also known as an “action tag” or “clear GIF technology”). Web beacons help analyze the effectiveness of websites by measuring, for example, the number of visitors to a site or how many visitors clicked on key elements of a site.
Website Analytics: Our websites may also collect certain information via website analytics tooling, including Google Analytics. Website Analytics are collection, measurement, analysis and reporting of use of a website, data use and other capabilities within a website that assist the owner of the site in better understanding and optimizing the usability of the website and its functionality. In order to accomplish these purposes, the website analytics will collect the user’s IP Address in order to track the user’s activities within the website, including moving to different pages within the website.
Limitation on Scope of Principles
Adherence by the Company to these privacy principles may be limited to the extent necessary to meet the Company’s regulatory, legal, governmental, or national security obligations.