Harmony Biosciences Website Privacy Notice

Effective Date: 9/24/2024

As the data controller, Harmony Biosciences, and its affiliates (‘Harmony’ or ‘we’ or ‘us’ or ‘our’) are committed to protecting your personal data.

When we use “you” or “your” in this Privacy Notice, we are referring to an individual whose personal data we are processing (a “data subject”).

This Privacy Notice explains how we collect, use, store, share, and otherwise process your personal data through our websites and other online and digital services. It also outlines your rights concerning your personal data and how you can contact us or the relevant regulatory authority if you have any concerns or complaints.

What is Personal Data?

When we use the term “personal data” in this Privacy Notice, we mean information that relates to an identified or identifiable individual. Some of this information may be particularly sensitive and thus require stronger safeguards. Where relevant, we will refer to this as “sensitive data” or “special category data”.

Please note that “personal data” does not include aggregated or anonymous information that cannot reasonably be associated with or linked to an individual. We collect non-personally identifiable information in aggregate form to track data such as total number of visits to our website, the number of visits to each page of our website, and the domain names of our internet service providers. We use this information, which remains in aggregate, non-personally identifiable form, to understand how our visitors use our website so that we may improve our website and the services we offer.

What personal data do we collect?

We may collect the following personal data through Harmony’s websites or online services, some of which may be considered sensitive data.

Data we may collect directly from you

  • Contact Information such as name, postal address, phone number, email address
  • Preferences such as consent and communication preferences

Data we may collect automatically

We may automatically collect other data via our websites and online services, including:

  • System and Device. We collect certain information about your device such as your computer type, operating system, device manufacturer, model, browser type, version, or screen resolution.
  • Internet Protocol (IP) Address and Geolocation. IP Address is a number that is automatically assigned to the device you are using by your Internet Service Provider (ISP). We may also collect the geolocation of your device to enable location-driven capabilities.
  • Cookies and similar tracking technologies. When you visit our websites, we may collect cookies, pixel tags, web beacons, or other similar technologies that track your activity and usage. These may include other metadata which could identify you or your device. (See Cookies and Other Tracking Technologies below for more information).

Why do we collect and use your personal data?

We use your personal data for multiple purposes and lawful bases as described in detail below.

 

Purpose Description Lawful Basis (If applicable)
Programs, Services, Interactions The personal data we receive from you via our webforms, or other online services will be used to fulfill the programs or services you request, such as to respond to your questions, contact you for a speaker program or fee-for-service engagements, or connect you to clinical trial sites or advocacy groups. Consent, such as when you consent to participation in one of our speaker programs

Legitimate interests, such as responding to your inquiries or requests

Performance of a contract (e.g., a fee-for-service agreement)
Marketing Communications & Data Analytics We may send you promotional messages about our products, programs, services, or research activities which may be of interest to you based on the information you have provided to us. We may also use automatically collected data for purposes of targeted advertising or to evaluate key performance metrics of our sites, including visitor count or user activity. Consent, such as when you sign up to receive information about one of our products
Business Operations and Service Improvements Your personal data may be used to better understand our patient and customer needs to evaluate and improve our programs, treatments, products, and services. We also use automatically collected data to administer and improve our online services or monitor and analyze the usage and security of our sites. Legitimate interests, such as to improve the quality of our services
Regulatory Compliance We will process your personal data to comply with applicable laws, such as our obligations to report information to regulators for product safety, national security, or for public interests. Legal obligations, such as complying with legal processes and statutes
Purpose Programs, Services, Interactions
Description The personal data we receive from you via our webforms or other online services will be used to fulfill the programs or services you request, such as to respond to your questions, contact you for a speaker program or fee-for-service engagements, or connect you to clinical trial sites or advocacy groups.
Lawful Basis (If applicable) Consent, such as when you consent to participation in one of our speaker programs
Legitimate interests, such as responding to your inquiries or requests
Performance of a contract (e.g., a fee-for-service agreement)
Purpose Marketing Communications & Data Analytics
Description We may send you promotional messages about our products, programs, services, or research activities which may be of interest to you based on the information you have provided to us. We may also use automatically collected data for purposes of targeted advertising or to evaluate key performance metrics of our sites, including visitor count or user activity.
Lawful Basis (If applicable) Consent, such as when you sign up to receive information about one of our products
Purpose Business Operations and Service Improvements
Description Your personal data may be used to better understand our patient and customer needs to evaluate and improve our programs, treatments, products, and services. We also use automatically collected data to administer and improve our online services or monitor and analyze the usage and security of our sites.
Lawful Basis (If applicable) Legitimate interests, such as to improve the quality of our services
Purpose Regulatory Compliance
Description We will process your personal data to comply with applicable laws, such as our obligations to report information to regulators for product safety, national security, or for public interests.
Lawful Basis (If applicable) Legal obligations, such as complying with legal processes and statutes

How may we disclose your personal data?

We may share your personal data with third parties for the following purposes:

  • Our Affiliates. We share your personal data among Harmony Biosciences Holdings, Inc. affiliates to provide you with requested services, products, and communications.
  • Service Providers. We share your personal data with third-party service providers, such as companies providing website hosting, IT services, data processing, email delivery, marketing, and other services.
  • Clinical Trial Site Personnel. If you contact us to inquire about participation in one of our clinical trials, we may share your personal data with site personnel, including healthcare providers, principal investigators, or contract research organizations.
  • Regulatory Authorities. If you contact us about your experience with our products, we may be required to submit your information to regulatory agencies across the world, such as and similar to the U.S. Food and Drug Administration (FDA).
  • Subsequent Owners. In the event of a merger, acquisition, sale, reorganization, or other transfer or sale of Harmony businesses, assets, or stock, your personal data may be shared and subsequently controlled by another entity.

We may otherwise use and disclose your personal data (i) if required by law or government order, or with a legal process, (ii) to protect and defend our rights or property, or (iii) in urgent circumstances, to protect the health and personal safety of any individual. In addition, we may disclose your personal data with any thirdparty when we believe such disclosure is necessary to defend or protect our legal, regulatory, or business interests. We may also disclose your information upon your express consent.

Cookies and Other Tracking Technologies

Cookies are small data files that may include an anonymous unique identifier. Cookies are sent to your browser from this website and stored on your device’s hard drive to collect information. These data allow us to store your preferences and settings, protect you from fraud, and analyze the performance of our services. The following types of cookies are used on Harmony’s websites:

  • Strictly Necessary Cookies. These cookies are necessary for the core and basic features of our site.
  • Performance Cookies. These cookies are used to collect information about how visitors use our website (for example, which pages visitors go to most often, and how visitors move around the site) and help us with site analysis and improvements.
  • Functional Cookies. These cookies are used to enable a better user experience on our site, remembering your preferences on our site or to display certain content.
  • Analytics Cookies. These cookies collect and analyze site usage which helps us to improve performance and modify content based on user interactions.
  • Advertising Cookies. These cookies are used to tailor which advertisements are displayed to you either on Harmony’s sites or on other sites and devices based on your interests.

In addition, the website may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us to analyze data on your use of the website (e.g., recording the popularity of certain content and verifying system and server integrity). The website may collect data about the advertisements you have seen or engaged. From time to time, we may use on our website certain third-party cookies and pixels provided by our marketing partners, including social media companies. To the extent we use such third-party cookies and pixels, you hereby agree to the terms and conditions set forth by those third parties, which may include Meta, X (formerly Twitter), TikTok, and LinkedIn, among others.

Please note that if you do not accept one or more categories of cookies, certain website features or experiences may be not available to you. For example, embedded content such as videos may not display properly.

There are several ways you can manage cookies and other tracking technologies:

  1. Cookie Preferences. Modify your preferences through our cookie banner.
  2. Browser Settings. Each browser offers different capabilities for blocking cookies and other tracking technologies. You should follow the instructions in your browser settings page.
  3. Google Analytics & Adobe Analytics. If you want to use your browser instead of our cookie settings feature to opt-out of the Google Analytics or Adobe Analytics tracking cookies, you can:
    1. Install the Google Analytics opt-out browser add-on; or,
    2. Opt-out of Adobe Analytics.
  4. Advertising Choices. You may also opt out of certain targeted advertising on the Digital Advertising Alliance’s consumer choice tool, and the Network Advertising Initiative’s tool

How do we protect your personal data?

The security of your personal data is a priority for us. We protect your personal data by implementing and maintaining reasonable physical, electronic, and procedural security measures and safeguards. If you have additional questions about how we secure your personal data, please get in touch with us.

While we strive to protect your personal data, no such security measures can guarantee complete protection from theft, loss, or other unauthorized access or use. No information system can be fully secure, and we cannot guarantee the absolute security of your personal information. Moreover, we are not responsible for the security of personal information you transmit to the website over networks that we do not control, including the internet and wireless networks, and you provide us with any personal information and data at your own risk. To the extent permitted by law, we shall not be liable or otherwise responsible for any data incident or event that may compromise the confidentiality, integrity, or security of your personal information caused by a third-party.

Personal information of children and minors

We do not knowingly collect, use, or disclose personal data from children under the age of 18 without prior parental consent. The products and services that support children are intended to be communicated and directed toward a child’s parent or legal guardian only.

If you are under the age of 18, please do not use the site or submit any personal data to us. If you believe that we have unintentionally collected personal data about your child, you can contact us, and we will address the issue promptly.

How long do we keep your personal data?

We will retain your personal data for as long as reasonably appropriate for the purposes for which it was originally collected. When determining the appropriate retention period, we consider factors such as:

  • Whether you have withdrawn your consent, and no other legal grounds for processing apply;
  • Any legal requirements for retaining personal data; and
  • The expiry of relevant statutes of limitations.

International Data Transfers

Harmony Biosciences is a global organization providing services worldwide. As a result, we may need to transfer personal data collected in connection with our services to entities in countries with different data protection standards than those in the country where you reside. However, we will use appropriate safeguards defined by applicable data protection regulations to facilitate the transfer.

If you are located in the EEA or the U.K., we will transfer your personal data internationally based on an adequacy decision where this is available. This is a decision made by the relevant authority such as the EU Commission declaring that the destination jurisdiction provides adequate data protection guarantees. You can find the list of adequacy decisions here. However, this may vary depending on where your personal data is being transferred from.

Where we cannot rely on an adequacy decision, we sign relevant clauses with third-party recipients of your personal data and conduct transfer risk assessments. If relevant, we also include restrictions on further transfers of personal data.

Please contact us by email at privacy@harmonybiosciences.com if you wish to learn more about the specific mechanisms we employ when transferring your personal data internationally.

Your Rights

Subject to certain conditions and applicable data protection law, you may have rights regarding your personal data that we collect or process:

  1. Right to be Informed. You have the right to be informed about the collection and use of your personal data. This includes information on the purposes for processing your data, the retention periods, and who it will be shared with.
  2. Right of Access. You have the right to access your personal data and supplementary information. This allows you to be aware of and verify the lawfulness of the processing.
  3. Right to Erasure. You have the right to have your personal data erased in certain circumstances, also known as deletion or the “right to be forgotten”.
  4. Right of Rectification. You have the right to have inaccurate personal data rectified or completed if it is incomplete.
  5. Right to Restrict Processing. You have the right to request the restriction or suppression of your personal data under certain conditions.
  6. Right to Data Portability. You have the right to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy, or transfer personal data easily from one IT environment to another in a safe and secure way.
  7. Right to Object. You have the right to object to the processing of your personal data in certain circumstances. This includes direct marketing, processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority, and processing for purposes of scientific/historical research and statistics (if applicable).
  8. Rights Related to Automated Decision Making and Profiling. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

If you have any questions or want to make a request regarding any of the rights listed above, please contact us by email at privacy@harmonybiosciences.com and we will respond to your request as soon as possible and, in any case, within the legal deadline established. If we receive a request from you, we may ask you to verify your identity before acting on your request to protect your personal data.

Lodging a Complaint

You may also have the right to raise a complaint regarding the processing of your personal data with a regulatory body tasked with upholding data protection laws:

  • For the EEA, a list of the national data protection authorities can be found here.

For the UK, the responsible data protection authority is the Information Commissioner’s Office (ICO), more details about which can be found on the ICO website.

Your Responsibilities

You are permitted, and hereby agree, to only provide personal information to Harmony if such personal information is accurate, reliable, and relevant to our relationship and only to the extent such disclosure will not violate any applicable data protection law, statute, or regulation or infringe upon a person’s data privacy rights or privileges. If you provide personal information (including personal information concerning a third-party) to Harmony, you expressly represent and warrant to Harmony that you have the full right and authority to provide Harmony with such personal information (including personal information concerning a third-party) and that Harmony’s use and processing of such personal information as set forth herein will not violate any person’s rights or privileges, including rights to privacy. You hereby agree to fully and completely indemnify company for any claims, harm, or damages that may arise from your provision of personal information (including personal information concerning a third-party) to Harmony.

Marketing Preferences

You may, at any time, opt-out from receiving marketing emails from us. To opt-out from such marketing, please use the “unsubscribe” or “preference” features within our email communications, contact us in accordance with the “Contact Us” section below.

Do-Not-Track Signals

Some web browsers may transmit “do-not-track” signals to the website with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they are even aware of them. Unless otherwise required by law, we currently do not take action in response to these signals.

Persons with Disabilities

Harmony strives to ensure that every person has access to information related to our Services, including this Privacy Policy. Please contact us if you would like this Privacy Policy provided in an alternative format, and we will seek to meet your needs.

How to Contact Us

The Data Controller is:
Harmony Biosciences
630 W. Germantown Pike, Suite 215
Plymouth Meeting, PA 19462
United States of America.

If you have any questions or would like to submit a complaint regarding our personal data processing, please contact us at privacy@harmonybiosciences.com.

You can also contact our Data Protection Officer (DPO) or our European Union (EU) or United Kingdom (UK) Representatives by email at dpo@harmonybiosciences.com or by postal mail at the following locations:

DATA PROTECTION OFFICER
Harmony Biosciences
Attn: Data Protection Officer
630 W. Germantown Pike, Suite 215
Plymouth Meeting, PA 19462
United States of America

EU REPRESENTATIVE
BDO AUDIBERIA ABOGADOS Y ASESORES TRIBUTARIOS, S.L.P.
Attn: Harmony Biosciences Data Protection Representative
C/San Elies, 29-35 5ª Planta, Esc. B
Barcelona, Spain
08006

UK REPRESENTATIVE
BDO LLP
Attn: Harmony Biosciences Data Protection Representative
55 Baker Street
London W1U 7EU
UNITED KINGDOM

Changes to our Privacy Notice

We may update our Privacy Notice periodically as needed to reflect our current services, policies, and practices. We will make the updated notice available on this page for your continued reference. Any changes will be effective when we post the revised Privacy Notice. This Privacy Notice was last updated as of the effective date listed above. Because privacy as it applies to the internet can rapidly change, we may make amendments to this Privacy Notice that affect the use of your personal data. We reserve the right to change the terms of this Privacy Notice at any time by posting revisions to the site. You should periodically review this Privacy Notice for changes. If you do not agree to the terms of this Privacy Notice or revisions to this Privacy Notice, please exit the site immediately.