Epizyme is committed to ensuring that our Sites, Services, and communications are accessible to individuals with disabilities. If you need a copy of this Policy in a different format or to submit other accessibility-related requests or questions concerning barriers to accessibility, please contact us toll-free at 833-987-2349 or firstname.lastname@example.org.
II. COLLECTION OF PERSONAL INFORMATION
We may collect information from or about you when you use the Sites or Services, contact or interact with us, sign up for our mailing list(s), register for an account, and/or voluntarily submit questions, comments, feedback, requests, and other content relating to the Sites, Services, or Epizyme and its products. Additionally, we may collect information from or about you from our data and other service providers, channel partners, publicly available information, or other third parties. When you use the Sites, we may automatically collect information about you and devices that may be connected to you from the servers used to host and support the Sites. This information may include:
- information transmitted to us by your browser and operating system, including “fingerprint information” such as the website(s) from which you came (known as the referring URL);
- any Epizyme online advertisements located on third-party websites that you may have clicked to access the Epizyme Sites;
- the type of browser you use and the time, date, and location of access; and
- your user name, permissions for the Sites, device’s Internet Protocol address, the domain name of your Internet service provider, your location, your mobile device information (e.g., device model and operating system version), your page visits, your social media sharing activity, and aggregated information that cannot be used to identify you.
Unless required to comply with our legal obligations, we do not publicly disclose who sends questions or comments to or through our Sites.
We may combine all of the information we collect from or about you and use it as described in this Policy. Please note that Epizyme does not sell your personal information to third parties.
III. COOKIES, TRACKING ACTIVITY, MARKETING, AND ANALYTICS
We, along with third parties, may use HTTP cookies, local storage objects, Web beacons, pixel tags, and other tracking technologies on the Sites. Cookies are small files that are transferred to and, if allowed, stored on your computer through your web browser that enable us to recognize your browser and capture certain information. Cookies consist of two different types: session and persistent. Session cookies enable us to recognize your actions during the browsing session, are temporary, and expire when you close your browser and are not accessible or stored. Persistent cookies remain stored on your device after you close your browser until they expire or when you delete them. We use persistent cookies that are strictly necessary to the operation of the Sites (e.g., to optimize site performance and remember the cookie settings you have enabled on the Sites). You can configure your web browser to stop accepting or delete cookies, including cookies that are necessary to the functioning and accessibility of the Sites. Please note that rejecting necessary cookies may limit your ability to use the full functionality of the Sites.
Do Not Track Policy. Our Sites currently do not support “Do Not Track” requests, which means that we may collect information about your online activity both during and after your use of the Sites.
IV. HOW WE USE PERSONAL INFORMATION
The purposes for which we may use the personal information we collect include:
- Providing clinical, promotional, disease awareness, or other information and Services to you;
- Processing and responding to your questions and comments about the Sites, Services, Policy, or Epizyme;
- Contacting you to directly respond to questions or conduct market research or outreach and other communications;
- Administering, hosting, operating, and improving or changing the Sites and Services, developing and launching new products or services, or for other legitimate business purposes;
- For research and clinical purposes;
- Personalizing and enhancing your user experience on the Sites;
- Recruiting, personnel services, and human resource administration;
- Developing reports and actionable data about our user base and usage patterns for the Sites;
- Analyzing the accuracy, effectiveness, accessibility, or popularity of the Sites;
- Compiling aggregate data for internal and external business purposes;
- Preventing and monitoring fraud and abuse involving the Sites and to otherwise protect users and our business;
- Assisting law enforcement and responding to subpoenas, court orders, and other demands or requests for official information or action;
- Performing other business activities as needed or as described in this Policy;
- Transferring personal information in connection with a merger, acquisition, transfer of assets, or other organizational restructuring; and
As explained elsewhere in this Policy, personal information that we collect may be processed, stored, used, or retransmitted by our business partners in providing services related to the Sites (such as administrative or technical support for maintenance, servicing, and upgrading of products, software, hosting services, customer service, data conversion or migration, and analytical services).
V. HOW WE MAY SHARE PERSONAL INFORMATION
Your personal information may be disclosed to third parties in accordance with our Policy. Please note that a user may choose not to share certain information consistent with this Policy. We may share your personal information with the following types of entities:
- Third-party service providers to perform support functions for the Sites, Services, or our business, such as vendors that help us with safety reporting or storing medical information, e-mail marketing, site analytics, social media sharing, customer engagement and relationship management, functions related to analyzing and improving the Sites’ usefulness, reliability, user experience, operation, data storage, and as otherwise described in this Policy. In addition, if you are a health care professional, Epizyme may validate your licensure status and other information against available databases that include licensed health care professionals.
- Third parties involved in business changes. If we become involved in a merger, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution, change of control, or other restructuring or corporate transaction, or if the ownership of all or substantially all of our shares, assets, or business otherwise changes, we may transfer your personal information to third parties in connection therewith.
- Our affiliates and subsidiaries, meaning companies related to Epizyme by common ownership or control, for everyday business purposes. Our affiliates and subsidiaries will be required to collect, process, use, and maintain your information in accordance with this Policy.
- Government authorities and other third parties. If we believe that disclosure of information is necessary to comply with legal requirements or regulatory and sub-regulatory guidance applicable to Epizyme and cooperate with the requests or directives of government authorities; investigate, prevent, remediate, or take action regarding illegal activities, fraud, the rights, reputation, safety, and property of Epizyme or others, or violations of our policies or agreements with Epizyme; respond to claims and legal process; and/or protect against potential legal liability. If you contact us regarding your experience using any of our commercial or investigational products, we may use the information you provide in reports to the U.S. Food and Drug Administration (“FDA”) and as otherwise legally required (e.g., government audit of manufacturers). We may also use the information to contact your health care professional to follow up on an adverse or unexpected event involving our products. You understand and acknowledge that Epizyme may not be legally permitted to comply with your request to change or remove personal information that was communicated to Epizyme by a health care professional or a consumer regarding an adverse drug reaction involving Epizyme’s products.
We may also share aggregated data relating to users of the Sites with affiliated or unaffiliated third parties. These data do not contain individually identifiable information about any user.
VI. INFORMATION SECURITY AND PROTECTION
Epizyme implements and maintains reasonable information technology security procedures and practices appropriate to the nature of the information it collects and maintains. No cybersecurity measures are infallible to a breach or loss of data, however.
VII. INTERNATIONAL TRANSFERS
The Company is headquartered in the United States. Any information collected through the Sites is processed and stored in the United States. The information you provide through our Sites will be transferred to or from the United States. By using our Sites, Services, and products, you consent to the collection, international transfer, storage, and processing of your information by or for the Company. If you use our Sites or Services outside of the United States, you consent to the transfer of your data to the United States. Do not use the Sites if you cannot lawfully access them or transfer your data to the United States.
VIII. YOUR PRIVACY RIGHTS
Depending on your state of residency and the information we collect about you and for what purpose, you may have certain rights to control our use, maintenance, and disclosure of your personal information. We also offer you the ability to manage the types of communications you receive from us and change your communication preferences.
You can also control your exposure to most interest-based advertising through the Digital Advertising Alliance, a group that has developed self-regulatory principles for interest-based advertising. Visit YourAdChoices.com for more information. In addition, some websites (such as Facebook) offer the ability to opt out of interest-based advertising.
Under Nevada Law
Under Nevada law, you may opt out of the sale of your personal information by contacting us. Epizyme, however, does not sell your personal information.
Under California Law
You may have rights under the California Consumer Privacy Act (“CCPA”), as described in this section of our Policy. The provisions of the CCPA do not apply to certain medical information that is governed by the California Confidentiality of Medical Information Act or protected health information governed by the Health Insurance Portability and Accountability Act, and may have more limited application to Epizyme personnel, job applicants, or other business-to-business contacts.
Rights Under the CCPA and Other California Laws
Individuals whose personal information is covered by the CCPA have the right, subject to certain limitations, to: request access to and information about your personal information that we collect and share; correct your personal information when incorrect, out of date, or incomplete; request that we delete the personal information collected from you; opt out of the sale of personal information; and be treated fairly and not be discriminated against for exercising your privacy rights.
Requests for Household Information
There may be some types of Personal Information that can be associated with a household, meaning a group of people living together in a single home. Requests for access to or deletion of household personal information must be made by and verified for each member of the household.
Your Right to Request Access to Information We Collect and Share About You
Individuals whose personal information is covered by the CCPA have a right to request that Epizyme provide the following information:
- The categories of your personal information that Epizyme has collected;
- The categories of sources from which Epizyme collected the personal information;
- The business or commercial purposes for which Epizyme collected the personal information;
- The categories of any third parties with which Epizyme has shared the personal information; and
- The specific pieces of personal information Epizyme has collected over the past year.
Such affected individuals may also submit a request to Epizyme for the following additional information:
- The categories of personal information, if any, that Epizyme has sold, categories of third parties to which Epizyme sold the information, and the categories of personal information sold to each type of third party; and
- The categories of personal information that we have disclosed or shared for a business purpose.
Our responses to any of these requests will cover the 12-month period preceding our receipt and validation of the request.
If you are a California resident, to exercise your CCPA rights to request the provision of your personal information that Epizyme collects or shares, contact Epizyme toll-free at 833-987-2349 or email@example.com.
Right to Request the Deletion of Personal Information We Have Collected from You
In addition to the foregoing, individuals whose personal information is covered by the CCPA may request the deletion of information covered by the CCPA. Upon receiving and verifying such requests, Epizyme will delete the personal information that we have collected about you, unless that information is reasonably necessary for Epizyme to (a) complete the transaction(s) for which we collected the information; (b) provide you with a product or service that you requested; (c) perform a contract that Epizyme entered into with you or based on your information; (d) detect and remediate security incidents; (e) maintain the operability, integrity, or security of Epizyme’s information systems or Sites and Services; (f) comply with or exercise rights provided under applicable law; or (g) use or share the information internally in ways that are comparable with the context in which you provided the information to Epizyme or that are reasonably aligned with privacy expectations based on your consumer relationship with Epizyme.
If you are a California resident, to exercise your right to request the deletion of your personal information, contact Epizyme toll-free at 833-987-2349 or firstname.lastname@example.org.
Please note that if you or your authorized agent request deletion of your personal information, you may not be able to access certain parts of our Sites or receive Services.
Our Process for Responding to Requests for Access or Deletion Under the CCPA
For requests of California residents for access to or deletion of personal information, we will respond in writing or verbally, if requested, as soon as practicable and in any event generally not more than 45 days after receipt and validation of the request. We may extend this period to 90 days, in which case we will explain to you or your authorized agent why we did so.
If you are legally entitled to such rights, you may designate an agent to submit a request on your behalf. The agent can be a natural person or a business entity that is registered with the California Secretary of State. If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our agent verification process. You will be required to verify your identity by providing us with certain personal information, depending on the nature of the information you require, which we will attempt to match with your information that we maintain. Additionally, we will require that you provide us with written confirmation that you have authorized the agent to act on your behalf and the scope of that authorization. The agent will also be required to provide us with proof of the agency relationship, which may be a declaration confirming and attesting to the agent’s identity and authorization by you to act on your behalf, signed under penalty of perjury. If the agent is a business entity, it will also need to submit evidence that it is registered and in good standing with the California Secretary of State. Information to identify and verify your agent can be submitted through the same mechanism and at the same time that you submit information to verify your identity. Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with the California law pertaining to powers of attorney.
Requests for Categories of Personal Information
To respond to these requests, we will ask you for at least two pieces of personal information and attempt to match those to your information that we maintain. If we cannot verify your identity with the degree of certainty required, we will not be able to respond to the request. In that case, we will notify you to explain the basis of our denial.
Requests for Specific Pieces of Personal Information
To respond to these requests, we will ask you for at least three pieces of personal information and will attempt to match those to your information that we maintain. Additionally, we may require that you provide a declaration confirming and attesting to your identity, signed under the penalty of perjury. If we cannot verify your identity with the degree of certainty required, we will not be able to respond to the request. In that case, we will notify you to explain the basis of our denial.
Requests for Deletion of Personal Information
To respond to these requests, we will ask you for at least two pieces of personal information and attempt to match those to your information at Epizyme. If we cannot verify your identity with the degree of certainty required before providing you with the information requested, we will notify you to explain the basis of our denial.
The Personal Information We Collect
The following list categorizes and describes the types of personal information that we have collected in the last 12 months.
- Personal identifiers, such as name, postal address, e-mail address, phone number, account name, registration numbers, tax identification number, Social Security number, driver’s license number, passport number, citizenship, date of birth, or other similar identifiers Unique device and online identifiers, such as IP address, device identification, or other similar identifiers.
- Professional or employment-related information, such as work history and professional background/experience.
- Internet or other electronic activity information, including information regarding an individual’s interaction with a website or application, calls and e-mails sent and received.
- Information related to your health and use of our products which may largely be governed by other regulatory regimes and exempt from the CCPA.
We collect this information from:
- Our interactions with individuals seeking to obtain or obtaining our products and Services or otherwise contacting us, including through our Sites and Services;
- Automated collection on our Sites, services, products, applications, databases, devices, information systems and networks, and through cookies;
- Service providers, business partners, and other Company contacts;
- Applicants for positions with us, current and former employees, directors, and other agents and Company consultants or contractors;
- Individuals applying for positions with us or those referring them to us, such as recruiters or referral sources; and
- Public sources.
We use the above categories of personal information for the purposes described in this Policy, including client services, business operations, marketing and promotion, information and data security, human resource management, regulatory compliance, and legal oversight.
With respect to each of the categories of data above, we may also share your personal information with:
- Federal, state, or local regulators/government agencies;
- Web hosting service providers, such as cloud storage providers;
- Company business partners and financial services providers;
- Any person to whom we transfer any of our rights or obligations under any agreement, or in connection with the sale, merger, acquisition, or consolidation of our business or other transfer of our assets, whether voluntarily or by operation of law, or who is otherwise deemed to be our successor-in-interest or transferee.
In the 12 months preceding the “Last Updated” date of this Policy, Epizyme has not sold any personal information.
You have a right not to be discriminated against for the exercise of the privacy rights conferred by the CCPA.
IX. TEXAS RESIDENTS
Pursuant to the Texas Health and Safety Code, Sec. 181.154, you are advised that if Epizyme receives from any source information that identifies you and relates to your past, present, or future physical or mental health, health care, or payment for your health care, such information may be subject to electronic disclosure by such means as file transfers or e-mail.
X. DATA RETENTION POLICY; MANAGING PERSONAL INFORMATION
The Company is a regulated entity and subject to FDA regulations mandating records retention and document controls. We may retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, and for the period(s) or purposes that are legally permitted or required of Epizyme. Additionally, we may create, maintain, or share anonymized or aggregated data, including usage or location data, for analytics purposes.
XI. LINKS TO OTHER THIRD-PARTY SITES OR SERVICES OR APPLICATIONS
The Sites may contain links to other Epizyme websites or applications or may direct users to third-party websites or applications that we do not own, operate, or control and to which this Policy does not apply.
XII. CHILDREN’S PRIVACY
Our Sites are not designed for the use of children or to collect personal information from or about children. If you are under the age of 16, please do not access or submit any personal information through the Sites.
XIII. CONTACT US
To exercise or learn more about your privacy rights or the meaning and implementation of our Policy, please contact us:
- E-mail: email@example.com
- Toll-Free Number: 833-987-2349
- Mailing Address: Epizyme, Inc., 400 Technology Square, 4th Floor, Cambridge, MA 02139
Last Updated: January 26, 2021