This Privacy Notice is effective as of November 13, 2019
At MyoKardia, Inc. (“MyoKardia”, “We”, “Us” or “Our”), We are committed to ensuring the privacy of our users. The Privacy Notice explains how MyoKardia collects, uses, retains and discloses Personal Data.
What is Personal Data?
Personal Data means any information relating to an identified or identifiable natural person (“Data Subject”), such as an address, telephone number, e-mail address, date of birth, gender, data concerning health or geographic location (“Personal Data”).
For the purposes of EU data protection laws, MyoKardia whose registered office is located at 333 Allerton Ave. South San Francisco, CA 94080 is the Data Controller, i.e. the company responsible for, and which controls the processing of, your Personal Data.
Data Protection Officer
For the purposes of EU data protection laws, MyoKardia appointed a Data Protection Officer (DPO).
You may contact our DPO as follows:
+32 2 896 55 53
Data Protection Representative
For the purposes of EU data protection laws, MyoKardia also appointed a Data Protection Representative (DPR).
You may contact our DPR as follows:
Boulevard lnitialis 7, B3
+32 2 896 55 53
Personal Data we may process
- Identity Data includes full name, username, and date of birth.
- Contact Data includes email address, mailing address and telephone numbers.
- Data concerning health includes genetic, biometric, and medical diagnosis.
- Financial Data includes bank account, details about payments to you, and other payment details needed to effect payments.
- Device Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access MyoKardia’s website.
- Profile Data includes your username and password, preferences, and feedback.
- Usage Data includes information about how you use MyoKardia’s website.
Purposes and legal basis of the processing activities
To answer to your questions regarding our company.
Data subject’s consent/legitimate interest of MyoKardia.
In response to your application for a job.
Data subject’s consent/processing is necessary in order to take steps at the request of the data subject prior entering into a contract.
To improve our website.
Legitimate interest of MyoKardia.
To administer our clinical trials as required by law.
Legal obligation to which MyoKardia is subject and the processing is necessary for reasons of public interest on the area of public health.
To report on our clinical trials, including data analysis, testing, research, and statistical purposes.
Legitimate interest of MyoKardia and the processing is necessary for scientific research purposes.
To protect or exercise our legal rights or defend against legal claims.
Legitimate interest of MyoKardia and processing is necessary for the establishment, exercise or defence of legal claims.
Our disclosure of your Personal Data
We want you to understand when and with whom We may share the Personal Data We collect:
- Regulatory agencies;
- Ethics Committees and Institutional Review Boards;
- MyoKardia’s related companies, such as, affiliates and subsidiaries;
- MyoKardia’s authorized agents, consultants, and vendors. MyoKardia, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include assisting MyoKardia in running its clinical trials, reviewing and interpreting data collected from our clinical trials, mailing information, maintaining databases, conducting business analytics, and processing payments. When we employ another company to perform a function of this nature, we take appropriate steps to ensure that the company is bound to duties of confidentiality, and MyoKardia implements measures to ensure that any transferred Personal Data remains protected and secure in compliance with the privacy practices and policies of MyoKardia;
- MyoKardia may be required by law to disclose your Personal Data to (i) comply with a subpoena, bankruptcy proceedings or legal obligation, (ii) protect and defend the rights or property of MyoKardia, (iii) act in urgent circumstances to protect the personal safety of clinical trial subjects or the public, or (iv) protect against legal liability.
Transfers of your Personal Data
MyoKardia will put in place appropriate safeguards to protect your Personal Data in case of transfers.
Personal Data retention
Your Personal Data will be retained only for so long as reasonably necessary for the purposes set out above, in accordance with applicable laws.
As a data subject, you have the possibility to request the exercise of the following rights:
- Right of access: you are entitled to ask Us to provide you with all the information held about you.
- Right to rectification: you are entitled to ask Us to rectify, in particular by completing or correcting, all or certain information held about you.
- Right to erasure (“right to forgotten”): you are entitled to ask Us to remove all information held about you from Our systems.
- Right to restriction of processing: you can ask Us that some of your data is not processed. They are then said to be locked.
- Right to data portability: you can have your data transmitted between your different service providers or ask to retrieve your information.
- Right to object: you may object to the processing of Personal Data concerning you.
- Right to withdraw consent: you can withdraw your consent at any time and in an easy manner.
These data subject rights may be subject to limitations and/or restrictions. Therefore, the exercise of your rights will be subject to a case-by-case analysis.
Requests should be submitted in writing to our DPO at firstname.lastname@example.org.
As a data subject, you also have the right to lodge a complaint with the competent supervisory authority in the EU Member State where you reside or work, or in the EU Member State where the alleged violation took place.
You will find the contact details of the different Data Protection Authorities at the following link:
MyoKardia takes appropriate technical and organizational measures to ensure a level of security appropriate to the risk for the rights and freedoms of natural persons, including measures to protect Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
Please contact our DPO at email@example.com if you have any questions about the processing of your Personal Data.