Privacy Policy
Rhythm Pharmaceuticals, Inc. and its affiliates and subsidiaries (collectively, "Rhythm," "we," "our," or "us") have created this privacy statement ("Privacy Policy") to describe how we collect, store, use, and disclose personal information, meaning information about you that is personally identifiable, as you interact with us online through rhythmtx.ca and all other Rhythm websites and applications that link to this policy (collectively, the "Online Services") or that you provide to us through other means. Please read this Privacy Policy carefully before using the Online Services or otherwise sharing your personal information with us. BY ACCESSING OR USING THE ONLINE SERVICES OR SHARING YOUR INFORMATION WITH US THROUGH OTHER MEANS, YOU SIGNIFY THAT YOU HAVE READ, UNDERSTOOD AND CONSENT TO OUR COLLECTION, STORAGE, USE AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY.
This Privacy Policy applies to “personal information” which means information about an identifiable individual, such as name, address, birthdate, payment card information or an online identifier that could identify an individual (such as an IP address). Personal information also includes “personal health information” which means information about an identifiable individual’s health or healthcare, such as physical or mental health history, health status, symptoms, diagnosis, healthcare-related personal identification numbers, and healthcare insurance information.
This Privacy Policy applies to residents of Canada only.
INFORMATION WE COLLECT
Information You Provide. We and our service providers may collect any personal information, including personal health information, that you provide when you use the Online Services or otherwise interact with us, including when you contact us with questions or requests for information or submit information to participate in a study or research initiative or use social media to interact with us, or to share something from our Online Services with others. The personal information that you provide us may include, but is not limited to:
- your name, phone number, email address, physical address, and other contact information;
- personal health information such as symptoms, diagnoses, treatments, medical history, medical insurance details, information relating to the prevalence, impact, and progression of certain medical conditions, and/or information relating to your eligibility, or that of someone for whom you provide care, for participation in a study or research initiative;
- if you are a health care professional, we may also collect information including your professional credentials, educational and professional history, institutional and government affiliations, and other information relating to your professional practice; and
- other personal information you provide when you contact us, including any other health-related information.
Information Automatically Collected. We and our authorized service providers may automatically collect certain technical information over time and across different websites about your use of the Online Services, such as your Internet Protocol address or other device identifier, browser type, operating system, the pages you view on the Online Services, the pages you view immediately before and after you access the Online Services, your movement between different Rhythm websites, and the search terms you enter on the Online Services. This information allows us to recognize you and personalize your experience, and to improve the Online Services and the services and information we provide. We and our service providers may collect this information using tracking technologies, including “cookies,” which are small text files that the Online Services save on your computer using your web browser, or similar technologies. Please see " COOKIES AND SIMILAR TECHNOLOGIES.,” below, for more information.
Information We Receive From Third Parties. We may combine the information we collect from you with information that we receive about you from other sources, such as public databases, providers of demographic information, joint marketing partners, social media platforms, and other third parties.
Recruitment and Job Applications. You may provide us with personal information, such as that contained on a resume or a curriculum vitae, in connection with a job application or inquiry. We may use this information throughout Rhythm for the purpose of employment consideration or your inquiry. We may keep your information on file for future consideration.
USE OF COLLECTED INFORMATION
We may use the information we collect for a number of purposes, including to:
- Administer our programs and services, including our patient support programs;
- Provide you with products, services, or information you request;
- Provide you with information about our products or services or required notices;
- Respond to your inquiries;
- Deliver educational and promotional materials that may be of interest to you;
- Administer participation in special events, programs, offers, surveys, and other market research;
- Customize your experience when using the Online Services, such as by providing interactive or personalized elements and providing you with content based on your interests;
- Verify your identify and determine your eligibility to participate in our programs and services;
- Improve our websites, patient support programs, and other products and services and/or develop new products or services;
- Perform quality control activities, conduct data analyses, and develop references for other users and/or health care providers to better understand symptoms or conditions;
- Generate and analyze aggregate traffic patterns throughout the Online Services;
- Diagnose website technical problems and to maintain and improve the security and functionality of our services;
- Protect our, your, or others’ rights and property;
- Protect someone’s health, safety, or welfare;
- Comply with a law or regulation, court order, or other legal process;
- Detect, prevent, and respond to fraud, intellectual property infringement, violations of our Terms of Use, violations of law, or other misuse of our services.
- As noted above, we may use your personal information for marketing purposes, but we will not rent, sell, or share your personal information for third parties to directly market to you for their own purposes, unless we have your permission or as otherwise permitted by applicable law. See the “Your Choices” section below for information about your choices related to marketing.
Where required by applicable law, we will ask for your consent to collect your information (including through this Privacy Policy).
We may use aggregate and de-identified information (i.e., information that does not personally identify you) for any purpose, except where prohibited by law.
DISCLOSURE OF COLLECTED INFORMATION
Service Providers. We may share your personal information with third parties that provide services to us in connection with our business operations. It is our policy to require our service providers to keep the information confidential and to not use the information outside of our business relationship.
Affiliates and Other Parts of Our Business. We may also share your personal information with our affiliates and with other parts or departments at Rhythm for the purposes set out in this Privacy Policy.
Our Business Partners. We may also share your personal information with our business partners for programs, services, events or activities that we provide jointly or in collaboration, such as a research study. In such cases, our business partners are limited to using your information for the purposes of these programs, services, events or activities.
Mergers, Acquisitions and Bankruptcy. If Rhythm should ever file for bankruptcy or merge with another company, or if Rhythm should decide to buy, sell, or reorganize some part or all of its business, Rhythm may disclose your personal information to prospective or actual purchasers. It is Rhythm's practice to seek appropriate protection for information disclosed in these types of transactions.
As Required by Law and Other Legal-Related Disclosures. We may disclose your personal information if we believe in good faith that disclosure is necessary: (a) to comply with the law, such as to report possible adverse events or to respond to legal process (e.g., court order, subpoena, search warrant) or other legal requirements of any governmental authority; (b) to protect the integrity of the Online Services; (c) to protect and defend our, your, or others' rights, property, safety or interests; or (d) to detect, prevent, or respond to fraud, intellectual property infringement, violations of our Terms of Use, violations of law, or other misuse of the Online Services.
Aggregate and De-Identified Information. We may disclose aggregate and de-identified information for any purpose, except where prohibited by law.
YOUR CHOICES; WITHDRAWAL OF CONSENT
Rhythm takes reasonable steps to keep personal information up to date for the purposes for which the information was collected. In addition, certain laws may give you the right to request that we provide you access to, correct or delete the personal information we maintain about you, subject to certain limitations. If you wish to inquire about your rights or make changes to the personal information we have collected about you, please submit a request to [email protected]. We will take steps to comply with your request in accordance with applicable law.
You can withdraw your consent to our collection, use and disclosure of your personal information as described in this Privacy Policy by contacting us at [email protected], subject to certain legal or contractual restrictions. However, if you refuse to provide certain information or withdraw your consent, this may limit our ability to provide you with certain services, products and functionalities.
Marketing. If you no longer wish to receive marketing communications from us, please submit a request to [email protected] or use the unsubscribe mechanism in our promotional emails. Please note that you may not be able to opt-out of receiving certain non-promotional, administrative messages, including messages relating to your account, technical notices, transactional confirmations, safety information, or other similar emails.
COOKIES AND SIMILAR TECHNOLOGIES.
We and our service providers may collect information by automated means such as cookies, web beacons, log files, and similar technology. A "cookie" is a file that websites send to a visitor's internet-connected device to uniquely identify the visitor's browser or to store information or settings in the browser. A "web beacon," also known as an internet tag, pixel tag, action tag, or clear GIF, is a clear graphic image that may be loaded by a web browser to record visits to a particular website or may be embedded in an email to record when the email is opened. A "log file" is a file that records how users interact with websites or a server. If you do not want the Online Services to collect information through the use of cookies, you can set your web browser to reject cookies from the Online Services. Each browser is different, so you should check your browser's "Help" menu to learn how to change your cookie preferences. If you reject or block cookies from the Online Services, however, the Online Services may not function as intended.
Google Analytics. We may use third-party web analytics services on the Online Services, including Google Analytics. The analytics providers that administer these services use technologies such as cookies, web beacons, and log files to collect information to help us analyze how visitors use our Online Services and improve the overall performance and user experience of the Online Services. These analytics providers may also collect information about your use of other websites over time, if those other websites also use the same analytics providers. To learn more about how Google Analytics uses your information and what choices you have, please visit https://www.google.com/policies/privacy/partners/.
Do Not Track. Some browsers may transmit "do-not-track" signals to websites with which the browser communicates. Our websites do not currently respond to these "do-not-track" signals or other mechanisms that provide a method to opt out of the collection of information across websites and over time.
ADDITIONAL COLLECTION AND USE
To administer special programs or provide certain services, we may need to collect and use information other than as described in this Privacy Policy. In these cases, we will provide further explanation and, where required by applicable law, will ask for your additional consent before collecting and using your information for those programs and services.
SECURITY
We take steps to ensure that your personal information is treated securely and in accordance with this Privacy Policy. Rhythm has put in place physical, technical, and administrative safeguards to protect personal information, consistent with legal obligations and industry practices. However, no information system can be 100% secure, so we cannot guarantee the absolute security of any information you provide to us.
By using the Online Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Online Services.
RETENTION OF PERSONAL INFORMATION
We will retain your personal information for as long as necessary to fulfill the purposes for which it has been collected, as outlined in this Privacy Policy, or any longer retention period required by law.
LINKS TO THIRD-PARTY SITES
The Online Services may contain links to third-party sites. Please be aware that Rhythm is not responsible for and cannot control the privacy practices of these other sites. We encourage you to read the privacy policies for these other sites prior to using such sites, as they may differ from ours.
CHILDREN'S INFORMATION
We do not knowingly collect information from children (i.e. persons under the age of consent in their province or territory) without parental or guardian consent. This does not affect health information about minors that a healthcare professional or caregiver using the Online Services may provide in connection with our services directed to those individuals. If we learn that a child under the age of consent has submitted personally identifiable information online without parental or guardian consent, we will take all reasonable measures to delete such information from our databases and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required or allowed by law). If you become aware that your child or any child under your care has provided us with information without your consent, please contact us at the contact information listed below.
INTERNATIONAL DATA TRANSFERS AND PROCESSING
Rhythm may transfer your personal information to affiliates, business partners, and service providers that are located in or operate in provinces/territories and countries other than where you live. By using the Online Services or providing us with your personal information through other means, you consent that your personal information, including your personal health information, may be stored, processed, or transferred to other provinces or territories or to countries outside of Canada (including the United States where Rhythm is headquartered). This means that your personal information will be subject to the local laws of the jurisdiction where it is transferred which may not guarantee the same level of protection of personal information as the one in which you reside. In certain circumstances, foreign governments, courts, law enforcement agencies or regulatory agencies in the jurisdictions where the information is transferred may be entitled to access your personal information.
CHANGES TO THIS PRIVACY POLICY
Rhythm reserves the right to change this Privacy Policy at any time. If we update this Privacy Policy, we will notify you by posting a new Privacy Policy on this page. If we make any revisions that materially change the ways in which we use or share the information previously collected from or about you, we will make reasonable efforts to provide notice (such as by sending you an email or posting a notice on this website prior to the changes becoming effective) and obtain any necessary consent to any such new uses as may be required by law. We encourage you to review this Privacy Policy each time you visit this website.
CONTACTING US
If you have any questions about this Privacy Policy or how we manage your personal information, you can contact [email protected].
Effective Date: May, 2023