This Privacy Policy applies when you access Amylyx Together for ALS website (the “Site”). By accessing or using our Site you agree that you have read, understand and will be bound by this Privacy Policy.
Data Controller
For the processing of your personal data as described in this Privacy Policy, the controller within the meaning of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and UK General Data Protection Regulation (collectively, the “GDPR”) is Amylyx Pharmaceuticals EMEA B.V. (hereinafter “Amylyx”, “we”, “our”). Should you have any questions concerning data protection, or to exercise your rights, please contact Amylyx at the contact details set out at the end of this privacy policy.
Personal Data We Collect
For the purpose of this Privacy Policy, “personal data” means any information related to you as an identified or identifiable natural person.
In general, you can visit the Site without telling us who you are. However, if you contact us, we collect certain types of information, which may include your name, address, or e-mail address, that we will use according to the purpose for which you provide it to us. We will also collect personal data automatically, including the IP-address of users visiting the Site, the Internet domain address from which people visit us and information about how our visitors navigate the Site. We may use tools such as cookies, as described below, to collect such information.
Personal data that you may provide through our Website or we might otherwise process includes:
- Personal and business contact information, such as your full name, job title, email address, role and country;
- IP-address which reveals approximate location (country);
- Usage information, such as information about how you use the Site and interact with us, including information collected via cookies and similar technologies as set out in our cookie policy (including website analytics tools on our Site to retrieve information from your browser, including the website you came from, the search engine and the keywords you used to find our Site, the pages you view within our Site, your browser add-ons, and your browser’s width and height). For more information on our use of cookies, please see the section “Use of Cookies” below;
- Profile information, such as your interests and preferences.
Use of Cookies
To ensure the correct functioning of the Site and to provide customized and personalized services, Amylyx uses cookies and similar tools to store and sometimes track information, which may include personal data about you. To the extent required under applicable laws, we will ask for your consent to place cookies on your device that are not strictly necessary, if you do not agree or no longer wish to accept such cookies, you may withdraw your consent or you may disable them by following the instructions for your browser. Some web browsers may also offer users of the Sites the ability to disable receiving certain types of cookies, please see your browsing settings for more information on how this can be done. To learn more about our use of cookies, including your options, please see our Cookie Notice.
Use of Your Personal Information
We will process your personal information for the following purposes and according to the specified legal basis:
- Making the Site available to you; processing of personal data is necessary to enter into and/or perform a contract with you (Art. 6 (1) b) of the GDPR).
- Responding to your inquiries, comments and requests; processing of your personal data is necessary to serve our legitimate business interests (Art. 6 (1) f) of the GDPR) to respond to your questions;
- Protecting the security and integrity of the Site (including, by deploying log files to monitor access to and traffic in order to detect and prevent malicious activity or invalid traffic); processing of your personal data is necessary to serve our legitimate interests (Art. 6 (1) f) of the GDPR) of keeping our systems and services safe and secure.
- Protecting Amylyx’s rights or property; processing of your personal data is necessary to conduct our business and defend our interests against legal claims and in legal proceedings (Art. 6 (1) f) of the GDPR).
- To support and improve the Site functionality, display content that is customized to your interests and preferences through the use cookies; processing is necessary (a) on an aggregate user level (e.g. through web analytics), to support and improve the functionality of and better understand usage patterns relating to our websites and how you access different features of our website for analytics purposes and can make the Site more intuitive and easier to use; and (b) on an individual level, obtain insights regarding your preferences and interests by tracking your browsing behavior on the Site. The setting of cookies on your browser will be subject to your consent (Art. 6 (1) a) of the GDPR) except for strictly necessary cookies and processing of information from these cookies will only occur only to the extent that you have accepted the placement of those cookies on your browser.
- Complying with applicable regulatory and legal requirements, responding to legal, court, or regulatory investigations or requests for information; processing your personal data is necessary to a) comply with a legal obligation (Art. 6 (1) c) of the GDPR) under UK, EU and member state law or b) serve our legitimate interests (Art. 6 (1) f) of the GDPR) to comply with the laws and regulations that govern our business outside Europe.
- Performing research and analysis aimed at improving our products, services, communications and technologies; processing of your personal data is necessary to serve our legitimate interests (Art. 6 (1) f) of the GDPR) of improving or developing products and services.
Sharing Your Personal Information
Amylyx may disclose your personal to third parties of trust for the business purposes described above or when we are required to share personal data according to applicable law, including to:
- Our affiliates, business partners with whom we collaborate, joint venture partners, and strategic collaboration partners.
- Service providers that provide services to help us with our business activities, such as providers to help perform statistical analysis, host our Site, respond to communications you send to us, or provide customer support.
- Public authorities, law enforcement, government agencies, courts, or other third parties to protect ourselves, our employees, or others, to protect our or a third party’s property, to investigate fraud, or as required by law, such as to comply with a subpoena or similar legal process.
- Third parties in the event Amylyx is involved in an actual or contemplated merger, acquisition, or sale of all or a portion of its assets, or in the unlikely event of bankruptcy. If this occurs, we will inform you of such business transfers in accordance with applicable laws.
Transfer of Personal Data Outside Europe
Amylyx has its Global headquarter in the U.S., which means that your personal data is transferred to or accessible from countries outside the EU, UK or Switzerland. In addition, we may transfer your personal data to third party service providers based in a third country. When transferring personal data to a third country, we will adhere to the rules that apply to such transfers. In particular, before the transfer, we will verify if the recipients are based in countries that offer an adequate level of protection (Art. 45 GDPR) or if there is a legal instrument providing appropriate safeguards (Art. 46 GDPR) to your personal data (e.g. Standard Contractual Clauses as approved by the European Commission or the Information Commissioner Office in the UK).
When we are not able to provide enough safeguards to the privacy and confidentiality of your personal data, we will seek your prior consent (Art. 49 GDPR).
If you have questions about the international transfer of your personal data or the appropriate safeguards that we have taken to protect you, please send an email to privacy@amylyx.com.
Data Retention
We will only retain your personal data for as long as reasonably necessary for the purpose for which we are processing it or as long as we are required to retain it in accordance with applicable laws. We could retain your data for longer if we would need to perform a contractual or legal obligation. In case of a legal complaint or dispute, we would retain your personal data until a final, non-appealable, decision has been issued by the competent court.
When we no longer require your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), securely store your personal data and isolate it from any further processing until deletion is possible.
If you have questions on the retention of your personal data, please send an email to privacy@amylyx.com.
Your rights in relation to our processing of your personal data
According to GDPR, you have the following rights in relation to your personal data:
- The right to information and to access your personal data;
- The right to request the rectification, restriction, erasure or portability of your personal data. Depending on the purpose of processing, some of those rights may be restricted or excluded, for example when processing is performed for statistical purposes or reasons of public interest;
- The right to object to our processing of your personal data; and
- The right to submit a complaint with a data protection authority in your place of habitual residence or where you consider a breach of data protection law has occurred.
Where the processing of your personal data is based on your consent, you have also the right to amend or withdraw your consent at any time with effect for the future. Please note that if you withdraw your consent, we might still need to process certain personal data relating to you if there are other valid legal grounds, for example to comply with a legal obligation, to perform a contract with you or to pursue a legitimate business interest.
You further have the right to object at any time to any processing of your personal data we perform to pursue a legitimate business interest.
If you want to exercise any of the above rights, please contact us at privacy@amylyx.com.
Contact Information and Data Protection Officer
For any question regarding this Privacy Policy you can contact Amylyx at:
Amylyx Pharmaceuticals EMEA B.V.
Barbara Strozzilaan 201
1083 HN Amsterdam
the Netherlands
Amylyx has also appointed a data protection officer (DPO), who can be contacted by writing to privacy@amylyx.com, including for questions regarding how we collect, store and use your personal data.
Changes to this Privacy Policy
Amylyx reserves the right to change this Privacy Policy from time to time with changes effective as of the date indicated on the updated policy. Where we are required to do so, we will take reasonable steps to inform you of changes that will have a substantial impact on your rights. Your continued use of the Site after we have made such modifications will constitute your acknowledgment of the modified Privacy Policy.
Effective as of 12 December 2022