Privacy Shield

PURPOSE OF DATA COLLECTION

Agios Pharmaceuticals, Inc. (Agios) is a biopharmaceutical company that develops, produces and markets therapies to treat cancer and rare genetic diseases.  In doing so, Agios may receive personal information from or concerning individuals in the European Economic Area (EEA) and Switzerland from its: (1) clinical research subjects; (2) clinical investigators and staff conducting clinical and medical research; (3) potential clinical trial and post-market patients and their family members/caregivers; (4) adverse event reporters and subjects; (5) consumers; (6) investors and shareholders; (7) medical and healthcare professionals; (8) customers; and (9) vendors, suppliers, contractors, and business partners; and (10) government officials.

 

Information Agios May Collect

The type of information collected may include personal information such as:

  • information collected through Agios’ clinical trials, including data concerning health, race/ethnicity, names, addresses, email addresses, phone numbers, professional licenses, and dates of birth;
  • information you may send to Agios, for example, to report a problem or to submit queries, concerns or comments regarding Agios’ products;
  • information (such as, your name, email or postal address, telephone number, professional credentials, date of birth, identification number) that you provide by completing forms on Agios’ website or via another system or a vendor Agios uses for such data collection;
  • information that you may provide to Agios at an industry event or during our business interactions;
  • your log-in and password details used for systems managed by Agios or its vendors;
  • information you provide when you participate in discussion boards or other social media functions connected with Agios.

 

Privacy Policy

Agios complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland transferred to the United States pursuant to Privacy Shield.  Agios has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Agios is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

 

 

PRIVACY SHIELD PRINCIPLES

 

NOTICE

Agios will not sell or provide your personal information to any third party without notice.  When Agios directly collects personal information from EEA and/or Swiss individuals, it, as explained below, advises you about the purposes for which the information is collected and used, and your ability to limit the use and disclosure of such information, and how to contact Agios.  Agios provides this notice in clear and conspicuous language, either through this privacy statement or other means such as, informed consent forms, statements on Agios’ website and other disclosures.  Purposes for collection and use vary but may include carrying out scientific or medical research, adverse event and product complaint reporting, managing and overseeing vendors/consultants, and communicating about our products and services.

Agios’ primary focus is the discovery and development of medicines. Agios has multiple investigational therapies in clinical development, which involves the collection and processing of personal data, including data related to EEA or Swiss individuals. When you participate in scientific or medical research, your participation is completely voluntary, and requires that you explicitly consent in writing to the scope of the research to be conducted using the information we gather from and about you (“Clinical Trial Information”) which may include, but is not limited to, your medical history, disease state, information regarding biological specimens and tissue samples, and adverse events.

Agios may receive Clinical Trial Information from third parties such as contract research organizations (CROs) and clinical sites.  Agios will only use your Clinical Trial Information for the general research purposes for which it was originally collected and for research that is consistent with your original consent, or to which you have subsequently consented. Research data are often uniquely key-coded at their origin by the principal investigator so as not to reveal the identity of individual data subjects.  As a sponsor of such research, Agios may not receive the key.

 

 

CHOICE

Subject to the exceptions outlined in the Privacy Shield Supplemental Principle governing Pharmaceutical and Medical Products, and as otherwise permitted by applicable law, Agios does not use or intend to use your personal information for any purpose other than that for which it was originally collected without your consent. Where personal data are transferred to the United States, Agios may use the data for a new scientific research activity if appropriate notice and choice have been provided to you in the first instance.

Agios does not disclose personal information to third parties for purposes that are incompatible with the purposes for which it was originally collected.  Agios may occasionally transfer your personal information to third parties who act for or on behalf of Agios, or in connection with the business of Agios, for further processing consistent with purposes for which the data was originally collected.  Where disclosure of personal information to a third party is likely or necessary, further notice may be provided to you, where appropriate, at such collection points as to the intended use of the data.

We require that such third parties protect the information and, where appropriate, we will contractually require them to process data transferred only for the purposes expressly authorized by Agios. Please use the contact information listed below to request to limit the use and disclosure of your personal information.

We will provide an individual opt-out choice (for personal data) or opt-in choice (for sensitive data) before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.  To request to limit the use and disclosure of your personal information, please submit a written request to privacy@agios.com.

 

 

ONWARD TRANSFERS
Agios will not transfer personal information from or concerning individuals in the EEA and Switzerland to third parties unless such third parties have entered into a written agreement with Agios requiring that the third party provide at least the same level of privacy protection as is required by the relevant principles of the Privacy Shield.  Agios will only transfer your data to our agents, resellers or third-party service providers who need the information in order to provide services or to perform activities on behalf of Agios.  The types of companies that now or in the future may receive your personal information provide the following categories of services: clinical research, direct marketing assistance, distributors/resellers, data storage, hosting services, and sales support.  Agios does not share data with non-agent third parties.

Agios will not disclose your sensitive personal information (e.g., data concerning health, race/ethnicity) to any third party without first obtaining your explicit consent.  You may have provided such consent when you agreed to participate in a clinical trial.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Agios’ accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Agios remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Agios proves that it is not responsible for the event giving rise to the damage.

 

 

ACCESS
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States.  Upon request, we will provide you with access to the personal information that we hold about you.  You may also may correct, amend, or delete the personal information we hold about you.  An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to privacy@agios.com.  If requested to remove data, we will respond within a reasonable timeframe.

If you participate in a blinded study (a study during which participants, and often investigators, cannot be given access to information about which treatment you are receiving) you will not be provided access to the data on your treatment during the trial if this restriction has been explained when you entered the trial and the disclosure of such information would jeopardize the integrity of the research effort.

If you withdraw, or are asked to withdraw from a clinical trial of our products, your Clinical Trial Information previously to your withdrawal may still be processed along with other data collected as part of the clinical trial, if this was made clear to you in the notice at the time you consented to participate in the clinical trial.

 

 

PRODUCT SAFETY AND EFFICACY MONITORING
The Notice, Choice, Onward Transfer and Access Principles outlined above do not apply to Agios’ product safety and efficacy monitoring activities, including the reporting of adverse events and the tracking of patients/subjects using certain medicines or medical devices to the extent that the adherence to the Principles interferes with compliance with regulatory requirements, including disclosures to agencies, such as the U.S. Food and Drug Administration.

 

 

SECURITY
To protect personal information from or concerning individuals in the EEA and Switzerland, Agios has in place reasonable and appropriate technical and operational security measures to prevent unauthorized access, loss, misuse, unauthorized access, disclosure, alteration and destruction of data in its control.

 

 

DATA INTEGRITY
The personal information Agios uses or processes will be necessary for and related to the purpose for which it was obtained or collected.  Agios will not use or process the data in a manner that is incompatible with the reason it was collected or authorized to be used.  Agios will take reasonable measures to ensure that the data is accurate, complete, current, and reliable for its intended use.

 

 

ENFORCEMENT & DISPUTE RESOLUTION
In compliance with the Privacy Shield Principles, Agios commits to resolve complaints about your privacy and Agios’ collection or use of your personal information transferred to the United States pursuant to Privacy Shield.  EEA and Swiss individuals with Privacy Shield inquiries or complaints should first contact Agios at privacy@agios.com or in writing at:

 

Attention: Legal Department

Agios Pharmaceuticals, Inc.

88 Sidney Street

Cambridge, MA, 02139

Tel. 617-649-8600

 

Agios has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus.  If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.  This service is provided free of charge to EEA and Swiss individuals.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

 

 

Changes to this Privacy Shield Policy

Agios may, at any time, amend this posting consistent with the requirements of the Privacy Shield. The date at the top of this Privacy Policy will be updated accordingly.