Cytel EEA Privacy Disclosures
Last Updated: 10/03/2018
Introduction
How We Collect, Use and Retain Personal Data
How We Share and Disclose Personal Data
International Data Transfers
Children’s Privacy
Your Rights
Links to Third Party Sites and Social Media
Updates to the Disclosures
Managing Communication Preferences
Contact Us
The following additional EEA privacy disclosures (the “Disclosures”) supplement the Cytel Privacy Notice. These Disclosures apply only to how we collect, use and share the Personal Data of individuals located in the EEA that we gather through our Online Platforms as a Data Controller and that are within the scope of the European Union’s General Data Protection Regulation (“GDPR”) (collectively, the “Processing”). The “Online Platforms” include the websites, mobile apps, and other digital properties that are owned and operated by Cytel that link to these Disclosures as well as certain third-party databases. “We” or “Cytel” mean Cytel Inc. and our family of companies, including our affiliates and subsidiaries.
If you have any questions about these Disclosures or our data practices, please contact us using the options provided below.
Please read these Disclosures carefully. By using our Online Platforms, you consent to the data practices and other terms set forth in these Disclosures.
How We Collect, Use and Retain Personal Data
When we use the term “Personal Data,” we mean data that can be used to identify you as an individual person. We collect several categories of Personal Data as part of the Processing, including data you provide, data collected automatically from your device, and data we obtain from third party sources. We use and share this Personal Data for the purposes described below, including as described under Additional Uses of Personal Data.
We rely on separate and overlapping bases to process your Personal Data lawfully. By way of example only, it may be necessary for us to process your Personal Data in certain ways in order to process a transaction you have requested or otherwise in accordance with a contract between us, or in certain cases we may process your Personal Data where necessary to further our legitimate interests, where those legitimate interests are not overridden by your rights and interests.
- Data You Provide
We collect Personal Data you provide, for example when you enter the data into form fields on our Online Platforms. For example, we may collect:
|
Category of Personal Data |
Purposes of Processing |
Legal Bases for Processing |
|
Contact Information |
To communicate with you. To facilitate transactions with you and your company. To inform you of events that may interest you and to distribute materials to you in relation to such events. |
To process inquiries requested by you and meet our contractual obligations. Legitimate interests Your consent, where applicable |
|
Event Speaker Biographical Information |
To distribute promotional materials prior and after to events at which you are a speaker. |
Your consent |
|
Product Preferences |
To better understand and analyze our customer population and website visitors to deliver relevant content and product announcements, to improve our products and services including our Online Platforms and to prepare for and market events. |
Legitimate interests Your consent, where applicable |
|
Online Purchase Information |
To process event registrations for Cytel-led training and networking events, or online purchases of software licenses, where relevant. |
To process transactions requested by you and meet our contractual obligations Legitimate interests Compliance with legal obligations Your consent, where applicable |
|
Employment Application Information |
To process and evaluate job applications you submit through the Online Platforms and to communicate with you about your job applications and requests. To comply with applicable legal requirements. To onboard future employees. |
Legitimate interests Your consent, where applicable Obligations under applicable employment, social security or social protection laws, or a collective agreement |
- Data Collected Automatically
As is true of most digital platforms, we gather certain data automatically when you use our Online Platforms. This data may include browser, device, cookie and similar data that we collect as follows:
|
Category of Personal Data |
Purposes of Processing |
Legal Bases for Processing |
|
Log Files |
To track website activity and to compile website usage user interface (UI) analytics. |
Legitimate interests |
|
Cookies, Analytics and Related Technologies |
To manage our Online Platforms and email messages and to collect and track data about you and your activities on our Online Platforms. |
Legitimate interests Your consent, where applicable |
|
Location Data |
To offer you certain location-based services, such as delivering emails within your appropriate time zone, to conduct analytics to improve the Online Platforms, and to analyze user interface website data. |
Legitimate interests Your consent, where applicable |
- Additional Uses of Personal Data
In addition to the uses described above, we may use your Personal Data for the following purposes, which uses may under certain circumstances be based on your consent, may be necessary to fulfill our contractual commitments to you, and are necessary to serve our legitimate interest in the following business operations:
- Operating our business, administering the Processing;
- Contacting you to respond to your requests or inquiries;
- Processing and completing your transactions including, as applicable, order confirmation, providing you with trial products, providing white papers and case studies, processing payments for event registrations or software licenses ( where applicable) and delivering products or services;
- Providing you with newsletters, articles, product or service alerts or announcements, discount codes, event invitations, and other information that we believe may be of interest to you;
- Providing you with marketing information offers, and content and insights that are personally tailored to your interests.
- Conducting market research, surveys, and similar inquiries to help us understand trends and customer needs and attendee satisfaction where relevant;
- Correcting an offer, promotion, or advertisement;
- Administering contests and promotions or contacting you regarding a contest prize;
- Preventing, investigating, or providing notice of fraud, unlawful or criminal activity, or unauthorized access to or use of Personal Data, our Online Platforms or data systems; or to meet legal obligations;
- Enforcing our Terms of Use and other agreements; and,
- Legitimate Interests
We rely on several legitimate interests in using and sharing your Personal Data. These interests include:
- Improving and customizing the Online Platforms for you;
- Understanding how the Online Platforms are being used;
- Obtaining insights into usage patterns of the Online Platforms;
- Exploring ways to develop and grow our business;
- Administrative purposes, including but not limited to, recruiting and onboarding;
- Direct marketing;
- Ensuring the safety and security of the Online Platforms; and
- Enhancing protection against fraud, spam, harassment, intellectual property infringement, crime and security risks.
Data Retention
We will retain your Personal Data for as long as is necessary for the purposes set out in these Disclosures, subject to your right, under certain circumstances, to have certain of your Personal Data erased (see Your Rights below), unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights, all in accordance with the principles set forth in Article 5(1) of the GDPR.
Where we are processing Personal Data based on our legitimate interests, we generally will retain such data for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects.
Where we are processing Personal Data based on your consent, we generally will retain the data for the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain of your Personal Data erased (please see the Your Rights section below).
Where we are processing Personal Data based on contract, we generally will retain the data for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
In addition, we may face threat of legal claim and in that case, we may need to apply a “legal hold” that retains data beyond our typical retention period. In that case, we will retain the data until the hold is removed, which typically means the claim or threat of claim has been resolved.
How We Share and Disclose Personal Data
We share your Personal Data with third parties only in the ways described in these Disclosures. We may share your Personal Data within our family of companies, with service providers and business partners, in connection with business transfers and to comply with the law, protect health and safety and enforce our legal rights.
Service Providers: We share your Personal Data with third-party service providers who complete transactions or perform services on our behalf or for your benefit, such as for payment processing, marketing, analytics, processing employment applications and performing human resources administration or to verify customer data, such as mailing addresses.
Affiliates: We may share your Personal Data with affiliated legal entities within our family of companies for purposes and uses that are consistent with these Disclosures.
Business Partners: We may share your Personal Data with our business partners (for example Hubspot and Salesforce) for the purpose of administering our Online Platforms and customer relationship management system for the Processing.
Legal Process, Safety and Terms Enforcement: We may disclose your Personal Data to legal or government regulatory authorities as required by applicable law. We may also disclose your Personal Data to third parties as required by applicable law in connection with claims, disputes or litigation, when otherwise required by applicable law, or if we determine its disclosure is necessary to protect the health and safety of you or us, or to enforce our legal rights or contractual commitments that you have made.
Business Transfers: Your Personal Data may be disclosed as part of a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets, and could be transferred to a third party as one of the business assets in such a transaction. It may also be disclosed in the event of insolvency, bankruptcy or receivership. You will be notified via email and/or a prominent notice on any affected Online Platforms of any change in ownership or uses of Personal Data, as well as your choices regarding Personal Data about you.
International Data Transfers
Cytel may transfer your Personal Data within our family of companies and/or to the third parties discussed above. Your Personal Data may be transferred to, stored, and processed in a country other than the one in which it was collected. We may transfer your Personal Data outside the European Economic Area (“EEA”) and when we do so, we rely on appropriate or suitable safeguards recognized under data protection laws.
Such appropriate safeguards for international data transfers may include the following:
EU-U.S. Privacy Shield: In respect of some of our vendors, if we transfer any of your Personal Data from the EEA to a vendor outside the EEA who is certified under the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce, we may rely on the certification of such vendor to ensure adequate protection for your Personal Data so transferred. You can learn more about Privacy Shield by visiting https://www.privacyshield.gov/.
Adequacy Decision: We may transfer your Personal Data to Switzerland, which the European Commission has approved as providing adequate protection to personal data.
Standard Contractual Clauses: The European Commission has adopted standard data protection clauses, which provide safeguards for personal data transferred outside of the EEA. We generally use Standard Contractual Clauses when transferring Personal Data from a country in the EEA to a country outside the EEA. You can request a copy of our Standard Contractual Clauses by contacting us as set forth in the Contact Us section below.
By contract: We will transfer your Personal Data outside the EEA if the transfer is necessary to the performance of a contract between you and Cytel, or if the transfer is necessary to the performance of a contract between Cytel and a third party, and the contract was entered into in your interest.
In addition, we may transfer your Personal Data outside the EEA if the transfer is necessary to establish, exercise or defend legal claims or to protect your vital interests.
Children’s Privacy
We are committed to protecting the privacy of children. Our Online Platforms are not directed to, and we do not intend to or knowingly collect or solicit Personal Data online from children under the age of 18. If you are under the age of 18, do not provide us with any Personal Data.
Your Rights
We process all personal data in line with your rights, in each case to the extent required by and in accordance with applicable law (including in accordance with any applicable time limits and fee requirements).
Upon request, we will provide you with information about whether we hold any of your Personal Data along with any details required to be provided to you under applicable law. In certain cases, you may also have a right to:
- rectify any of your Personal Data that is inaccurate;
- to restrict or limit the ways in which we use your Personal Data;
- to object to the processing of your Personal Data;
- to request the deletion of your Personal Data, and
- to obtain a copy of your Personal Data in an easily accessible format.
To submit a request, please contact us as set forth in the Contact Us section below. We will respond to your request within a reasonable timeframe.
You also have the right to withdraw your consent to our processing of your Personal Data, where our processing is solely based on your consent. You can do this by discontinuing use of the Online Platforms, and contacting us as set forth in the Contact Us section below to request that your Personal Data be deleted. If you withdraw your consent to the use or sharing of your Personal Data for the purposes set out in these Disclosures, you may not have access to all (or any) of the Online Platforms, and we might not be able to provide you all (or any) of the Online Platforms. Please note that, in certain cases, we may continue to process your Personal Data after you have withdrawn consent and requested that we delete your Personal Data, if we have a legal basis to do so. For example, we may retain certain data if we need to do so to comply with an independent legal obligation, or if it is necessary to do so to pursue our legitimate interest in keeping the Online Platforms safe and secure.
If you have any complaints regarding our privacy practices, you have the right to lodge a complaint with your national data protection authority (i.e., supervisory authority).
Links to Third Party Sites and Social Media
The Online Platforms may include links to websites and digital services operated by third parties. These Disclosures do not apply to, and we are not responsible for the content, privacy notices or data practices of third parties that collect your data. We encourage you to review the privacy notices for those third parties to learn about their data practices.
The Online Platforms may feature “like” buttons and widgets hosted by other companies. These features may collect your IP address, which page you are visiting on our Online Platforms and may set a cookie to enable the feature to function properly. The loading, functionality and your use of the plugins are governed by the privacy notice and terms of the third party that provided the plugin.
Updates to the Disclosures
These Disclosures are subject to occasional revision, and if we make any material changes in the way we use your Personal Data, we will notify you by prominently posting notice of the changes on the Online Platforms and updating the effective date above. The updated Disclosures will be effective thirty (30) calendar days following the posting. You can determine when these Disclosures were last revised by checking the Last Updated date at the start of the Disclosures.
Managing Communication Preferences
If you have opted in to our marketing communications (or where permitted by law, if you have provided us with your contact information), we may send you email messages, direct mail offers, or other communications regarding products or services depending on the method of communication selected. You may ask us not to do so when you access our websites or mobile applications, or change your preferences by updating any accounts you have with us. At any time, you may elect to discontinue receiving commercial messages from us by submitting an opt-out request to the contact information below or by following the unsubscribe instructions in the form of the communication you received, as described below.
Printed Materials: To opt out of receiving printed marketing materials at your postal address, such as advertisements, flyers or postcards, please write to us at the address below. Please be sure to include your name and mailing address exactly as they appear on the printed marketing materials you received.
Emails: To opt out of receiving marketing communications via email, please send an unsubscribe request to the email address below or click on the unsubscribe link at the bottom of the email that was sent to you and follow the directions on the resulting web page. Please note that you may continue to receive certain transactional or account-related electronic messages from us.
Contact Us
If you have any questions, comments, requests or concerns about these Disclosures or other
Cytel, Inc.
Att: Privacy Officer
675 Massachusetts Avenue
Cambridge, MA 02139
Our data protection officer is Joanne Murphy.
Phone: (+ 1) 617 987 9486
Email: privacy@cytel.com
For purposes of the General Data Protection Regulation: Our controller entities in Europe are Cytel Statistical Services and Software UK Limited, Cytel France SARL, and Cytel Spain SL.
Cytel France SARL
63, Avenue des Champs Elysées
75008 Paris, France
T + 33 1 84 79 61 70
Cytel Spain SL
Ronda Universitat 33, 1° 1
08007 Barcelona, Spain
T +34 660 010 852
Cytel Statistical Services and Software UK Limited
Hamilton House, Mabledon Place
London, Greater London WC1H 9BB
T +44 203 911 8349