This website is Your privacy and the protection of your data is important to Cerevance, LLC and its subsidiary entities (“Cerevance”, “us” or “we”) and we recognize the responsibility you entrust in us when providing your personal information. This Privacy Policy explains how we handle and treat your data when you visit our website and engage with us, as further described below. The purpose of this Privacy Policy is to provide you with a clear explanation of what personal data we collect, and when, why, and how we collect, use, or share your personal data. It also explains your legal rights regarding such data.

We strongly urge you to read this Privacy Policy and make sure you fully understand our practices in relation to personal data before you utilize our website. After you have read this notice, if you would like further information or have any questions, you may contact us at info@cerevance.com.

(If you are located in the European Economic Area (EEA), in addition to this Privacy Policy, please consult the EEA GDPR supplemental notice below.)

owned and operated by Cerevance, LLC, a limited liability company with a business address of One Marina Park Drive, Suite 1410, Boston, MA  02210, United States, and its subsidiaries(collectively “Cerevance”, “we”, or “us”).

These Terms of Use refer to the current website you are visiting (the “Website”). All access to and use of this Website is governed by these Terms of Use. Visiting and using this Website indicates that the user (either “user” or “you” in this document) has reviewed these Terms of Use and has agreed to be bound by them as well as our Privacy Policy. The information provided on our Website is for informational purposes only. If you do not agree to these Cerevance Terms ofUse and Privacy Policy, you may not use or access this Website and are requested to leave the Website immediately.

1. Scope of this Privacy Policy

Cerevance’s company mission is to alleviate and eradicate diseases of the central nervous system through robust clinical research and solutions, with several promising products currently undergoing clinical trials.  To provide prospective patients and other interested parties with helpful information and a beneficial experience overall when visiting the Cerevance website, Cerevance may collect certain types of personal data from visitors.

This Privacy Policy applies to data received or collected through this Cerevance website, as well as from platforms and other sources related to or initiated by this website.

ALL MATERIALS POSTED ON THIS WEBSITE ARE PROVIDED “AS IS” AND WITHOUT WARRANTIES EXPRESS OR IMPLIED.  CEREVANCE AND ITS AGENTS AND THE WEBSITE CREATORS DISCLAIM TO THE FULLEST EXTENT PERMISSIBLE BY APPLICABLE LAW, ALL WARRANTIES INCLUDING WITHOUT LIMITATION ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.  CEREVANCE DOES NOT WARRANT THAT FUNCTIONS CONTAINED ON THIS WEBSITE WILL BE UNINTERRUPTED OR ERROR-FREE, THAT DEFECTS WILL OR CAN BE CORRECTED, OR THAT THIS WEBSITE OR THE SERVER ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. CEREVANCE DOES NOT PROVIDE ANY WARRANTY OR REPRESENTATION AS TO THE MATERIALS ON THIS WEBSITE IN TERMS OF THEIR CORRECTNESS, ACCURACY, RELIABILITY, OR OTHERWISE.

2. What personal data does Cerevance collect and how do we collect it?

As mentioned above, Cerevance may collect information about you including, if you voluntary provide it, personal data that can be used to identify you personally, such as your name, date of birth, home address, phone number, e-mail address, or certain personal health information.  

(For website visitors in the EEA, subject to rights for opting in or opting out of sharing data where and when applicable, this information may include sensitive personal data, such as your historical health information and other related information, to the extent you voluntary provide such data.)

3. How does Cerevance use your personal data?

With your consent, we may use your personal data to:

• Address any questions, requests, or complaints, and inform you of relevant Cerevance research or product updates that may be helpful or interesting.
• Contact you in connection with important information regarding clinical research, product updates, technical notices, relevant news, or changes to our website terms and conditions.
• With respect to career opportunities and searches on this website, send electronic messages (emails) and notices regarding opportunities in our organization.
• Track or monitor any inappropriate activities on or connected to this website.
• Comply with any legal and regulatory obligations, to the extent necessary.
• (For EEA residents, please review the EEA GDPR Supplemental Notice below.)

‍

4. With whom does Cerevance share your personal data?

We may share your personal data with other parties as described in this Privacy Policy, including following categories of third parties:

Affiliates: We may share your personal data with our corporate parent, subsidiaries, and affiliates.

Business partners / services providers: We may share your personal data with our business partners / service providers as necessary for them to provide services to us in connection with our fulfilment of the purposes set out above. For example, we may rely on service providers to: host our server and software; distribute Cerevance information updates; provide responses and answers to inquiries; etc.  Some of these third parties include Microsoft, Psynthesys, Inc., as well as other parties we may work with from time to time.

Government Agencies, Regulators and Professional Advisors: Where permitted or required by applicable law or regulation, we may also need to transfer your personal data to government agencies and regulators (such as drug regulators, tax authorities, courts, and other government authorities) to comply with our legal obligations, and to external professional advisors as necessary to defend our legal interests.

Organizations Involved in Business Transfers: In the event of a merger, reorganization, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, will be transferred to the acquiring entity or the surviving entity in a merger or other such transaction. Such information would be transferred in accordance with applicable law.

5.  De-identified or Aggregated Information

In certain cases, we may redact or delete information from your personal information to make it non-identifiable, or tabulate/combine de-identified information into aggregated form.  We may use such de-identified or aggregated data (which cannot be used to identify you) for all legitimate business purposes, such as business operations, product research, marketing, and strategy.

We may also share de-identified or aggregated information about our visitors with outside parties, such as our business partners, affiliates, national associations, or appropriately contracted parties. As referenced above, such de-identified or aggregate information does not consist of personal or identifiable information (i.e., it does not constitute “Protected Health Information” (PHI) under HIPAA, or personal data under GDPR).

6. How does Cerevance keep your personal data safe?

We are committed to keeping all personal data provided to us protected and secure, and we have implemented appropriate information security policies, rules and technical measures to protect personal data that we have under our control from unauthorized access, improper use or disclosure, unauthorized modification, and unlawful destruction or accidental loss. We have put in place procedures to deal with any suspected breach of personal data and will notify individuals and any applicable regulator of a breach where we are legally required to do so.

7. How long does Cerevance keep yourpersonal data?

We retain personal data for as long as necessary to fulfil the purposes for which we collected it, including for purposes of satisfying any legal, accounting, regulatory, monitoring, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.  When we no longer require the personal data we have collected about you, we will either delete or irreversibly anonymize it or, if this is not possible (for example because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. If we anonymize your personal data (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

8. Your Privacy Rights

As the data owner, you will maintain control over your data as governed by applicable laws and regulations.  To the extent you would like to make changes to your personal data that is maintained by Cerevance, you may contact Cerevance with an explanation of corrections or limitations to place on your personal data. For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you used to send us your request, and we may contact you or take other steps to verify your identity before implementing your request. Please note that we may not be able to accommodate every request for a change, correction, or limitation, and we may need to retain certain information for record-keeping, regulatory or legal purposes, and/or to complete any communications that you began prior to requesting any change.

(For EEA residents, please review the EEA GDPR Supplemental Notice below.)

9. International Data Transfers

We are headquartered in the United States with business locations and service providers in other countries.  Based on the specific circumstances, your personal data may cross borders and be transferred to the United States or other locations outside of your country where privacy laws may not be as protective as those in your country. We will take appropriate steps to ensure that transfers of personal data are in accordance with applicable laws (including providing notice and obtaining consent, as necessary).

(For EEA residents, please review the EEA GDPR Supplemental Notice below.)

10.     Children

Cerevance does not knowingly collect any personal data from persons under 18. If we learn that we have collected or received personal data from any person under 18 without verification of parental consent, we will delete that information.

11. Links to Other Websites

Our website, from time to time, may contain links to and from the websites of our partner organizations, networks, advertisers or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

12.     Contact us

You may contact us by sending a message to: info@cerevance.com.  You may also mail us a message or inquiry at the following address:

Cerevance, Inc.

One Marina Park Drive, Suite 1410

Boston, MA 02210 USA

Attention: Data Privacy Official

‍

13.     Changes to this Privacy Policy

We may make changes to this Privacy Policy. To ensure that you are always aware of how we use your personal data, we will update this Privacy Policy from time to time to reflect any changes to our use of personal data. We may also make changes as required to comply with changes in applicable law or regulatory requirements and emerging privacy practices. Please regularly check this document or this webpage for the latest version of this Privacy Policy.

EEA GDPR Supplemental Notice

If you are located in the European Economic Area or the United Kingdom and have provided your personal data to Cerevance through this website or otherwise, this EEA GDPR Supplemental Notice applies to you.

For questions about our Privacy Policy in the EEA, exercising your privacy rights, or to lodge a complaint in the EEA, please contact us via our Data Privacy Representative (DPR), DPO Consultancy, at dpr@dpoconsultancy.nl or send mail to the following address:

Europalaan 28b
5232 BC - ‘s-Hertogenbosch
the Netherlands

A. Who is the Controller?

Cerevance, LLC, a company based in the United States, with a business address of One Marina Park Drive, Suite 1410, Boston, MA 02210, is considered the controller of your personal data.

Cerevance’s Data Protection Official can be contacted by e-mailing info@cerevance.com, or by writing to:

Cerevance, Inc.

One Marina Park Drive, Suite 1410

Boston, MA 02210 USA

Attention: Data Privacy Official

‍

B. What is our legal basis for processing personal Data?

The purpose and legal grounds for data processing activities may include one or more of the following:

‍Provision of Information & customer service

• to facilitate, manage, and maintain communications with website visitors
• to appropriately respond to questions, inquiries, requests, or complaints
• to contact visitors and other parties regarding research, product news, technical notices, relevant data privacy or security events, and/or changes to the terms and conditions of this website

‍

Website visitor engagement and services improvement

• to develop, improve, or modify engagement services
• other legitimate interests (art. 6.1(f) GDPR)
• if applicable, consent in case of health related data (art. 9.2(a) GDPR)

‍

Marketing

• data analysis
• to send emails and notices to visitors regarding news and updates relating to our products and services
• consent (art. 6.1(a) GDPR)

‍

Internal business purposes

• audits or inspections
• compliance / fraud monitoring and prevention
• legitimate interest (art. 6.1(f) GDPR)
• if applicable, consent in case of health related data (art. 9.2(a) GDPR)

‍

Compliance with our regulatory and legal obligations

• to comply with our regulatory or legal obligations (art. 6.1(c) GDPR)
• necessary for public interest reasons(art. 9.2(i) GDPR)

We welcome submissions to this Website in the form of questions, requests, user information, and other. If you submit information to Cerevance through this Website (e.g., the “Contact Us” webpage, via email, forms and/or questionnaires), all such information may be processed and utilized by Cerevance in accordance with the Privacy Policy and consistent with applicable laws and regulations. Cerevance shall have all appropriate use for the information without compensation to the user or visitor who provided the information. You agree that you are responsible for all submissions that you provide and you, not Cerevance, shall have full responsibility of their

C. Your Rights

You have the following rights in relation to your personal data, in accordance with GDPR requirements and applicability to Cerevance as a data processor:

Right of access: You can ask us Cerevance to provide you with information about our processing of your personal data and provide reasonable access to your personal data.

Right to rectification: If the personal data we have about you is inaccurate or incomplete, you are entitled to request to have it rectified.

Right to erasure: You can ask us to delete or remove personal data where there is no lawful reason for us continuing to store or process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons that will be notified to you, if applicable, at the time of your request.

Right to restrict processing: You can ask us to suspend the processing of your personal data if: (i) you want us to establish the data’s accuracy; (ii) where our use of the data is unlawful but you do not want us to erase it; (iii) where you need us to hold the data even if we no longer require it, as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Right to object: Where we are relying on a legitimate interest for data processing but there is something about your particular situation, you have the right to object to processing if you believe it impacts on your fundamental rights and freedoms.

Right to data portability: You have the right in certain circumstances to ask us to provide you, or a third party you have chosen, with your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information for which you initially provided consent for Cerevance to use, or where we used the information to perform a contract with you.

Right to withdraw consent at any time: Where we are relying on consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing conducted before you withdraw your consent.

Right to lodge a complaint with a supervisory authority: You may submit a complaint about our use of your personal data, or our response to your requests regarding your personal data. To do this, you may contact us or submit a complaint to the Supervisory Authority in your jurisdiction: https://edpb.europa.eu/about-edpb/about-edpb/members_en.  Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the personal data, or where certain exemptions apply. In order to exercise your rights, please contact Cerevance in writing by one of the methods set out under “Contact Us” above.

D.    How does Cerevance protect personal data if transferred internationally?

We may transfer your personal data to recipients outside of the EEA and/or UK. Some of these recipients are located in countries for which either the European Commission and/or UK Government (as and where applicable) has issued adequacy decisions, in which case, the recipient’s country is recognized as providing an adequate level of data protection under UK and/or European data protection laws, and the transfer is therefore permitted under Article 45 of the GDPR.

Some recipients of your personal data may be located in countries outside the EEA and/or the UK for which the European Commission or UK Government (as and where applicable) has not issued adequacy decisions in respect of the level of data protection in such countries (“Restricted Countries”). For example, the United States is a Restricted Country. Where we transfer your personal data to a recipient in a Restricted Country, we will either:

Enter into appropriate data transfer agreements based on so-called Standard Contractual Clauses approved from time-to-time under GDPR Art. 46 by the European Commission, the UK Information Commissioner’s Office or UK Government (as and where applicable); or

Rely on other appropriate means permitted by the EU/UK GDPR, which establish that such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.

You may contact us in writing by one of the methods set out under the “Contact us” provision above, if you would like further information on the specific mechanism used for transferring your personal data outside of the EEA.

‍