European Economic Area (EEA) Privacy Notice
Effective Date: 1st April, 2020
BioMarin Pharmaceutical Inc. (“BioMarin,” “we,” “us,” or “our”) respects the privacy of visitors to our websites and online services and values the confidence of our customers, partners, patients, and employees.
This Privacy Notice sets forth BioMarin’s practices regarding the collection, use, and disclosure of information that you may provide through the websites and online services that we operate and that link to this Privacy Notice, as well as through any of our offline services that reference this Privacy Notice (collectively, the “Services”). Please read the entire Privacy Notice before using our Services.
Collection of Information
We may ask you for some or all of the following types of information when you register with our Services, access various content or features, submit photos and other content, or directly contact us with questions or feedback:
- Contact information, such as name, email address, postal address, company name (sole traders) and telephone number;
- User name and password;
- Demographic information, such as age information and gender;
- Communications preferences;
- Search queries;
- Stories, comments, photos, and other information posted in our interactive online features; and
- Correspondence and other information that you send to us.
We also may collect certain information automatically when you visit the Services, including:
- Your browser type and operating system;
- Your Internet Protocol (IP) address, which is the number automatically assigned to your computer whenever you access the Internet and that can sometimes be used to derive your general geographic area;
- Other unique identifiers, including mobile device identification numbers;
- Sites you visited before and after visiting the Services;
- Pages you view and links you click on within the Services;
- Information collected through cookies and other technologies;
- Information about your interactions with email messages, such as the links clicked on and whether the messages were opened or forwarded; and
- Standard server log information.
We may use first- or third-party cookies, and similar technologies to automatically collect this information. Cookies are small bits of information that are stored by your computer's web browser. You can decide if and how your computer will accept a cookie by configuring your preferences or options in your browser. You may also click on “Cookie Preferences” on our websites to manage your choices. However, if you choose to reject cookies, you may not be able to use certain online products, services or features on the Services.
Some Internet browsers include the ability to transmit “Do Not Track” signals. Since uniform standards for “Do Not Track” signals have not yet been adopted, BioMarin does not process or respond to “Do Not Track” signals
Use of Information
Our legal basis to process your information includes processing that is necessary for legitimate business interests, including but not limited to the following examples:
- Providing you with the products, promotions, services, and information you request;
- Maintaining or administering the Services, performing business analyses, or for other internal purposes to improve the quality of our business, the Services, and other products and services we offer;
- Processing employment applications and inquiries;
- To take precautions against potential liability on the part of BioMarin
To ensure that we are appropriately balancing BioMarin's legitimate interests against your rights and interests, you are entitled to object to such processing at any time as described under “Your Personal Data Rights” below.
We may also process your information in order to comply with our legal obligations, perform a contract between us and you, establish and defend any legal claims, and in some cases our basis for processing will be because you have consented to our use of your information.
Where we rely on consent, you may withdraw this consent at any time by completing the Data Subject Request Form, link provided below. You acknowledge that where BioMarin as a regulatory obligation to retain your personal information, the withdrawal of your consent will not limit the ability of BioMarin to continue processing your personal information in line with that legal basis.
We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect.
- Corporate Parents and Affiliates. We may share your information with our corporate parents and other affiliated entities for a variety of purposes, including business, operational, and marketing purposes (in compliance with consent). For more information on those entities, see www.biomarin.com/contact.
- Service Providers. We may share your information with service providers that perform certain functions or services on our behalf pursuant to the purposes set out in this Privacy Notice (such as to host the Services, manage databases, perform analyses, or send communications for us). In these cases, BioMarin ensures adequate security is observed by third parties and affiliates processing personal information on behalf of BioMarin, subject to processing agreements in line with the GDPR requirements.
- In Connection With a Transfer of Assets. If we sell all or part of our business, or make a sale or transfer of assets, or are otherwise involved in a merger or business transfer, or in the event of bankruptcy, we may transfer your information to one or more third parties as part of that transaction.
- Aggregate Information. We may disclose to third parties information that does not describe or identify individual users, such as aggregate website usage data or demographic reports.
We may allow third parties to place and read their own cookies, web beacons, local shared objects, and similar technologies to collect information through the Services. For example, our third-party service providers may use these technologies to collect information that helps us with traffic measurement, research, and analytics. Local shared objects (sometimes referred to as “Flash cookies”) are similar to standard cookies except that they can be larger and are downloaded to a computer or mobile device by the Adobe Flash media player. Please note that you may need to take additional steps beyond changing your browser settings to refuse or disable local shared objects and similar technologies. For example, local shared objects can be controlled through the instructions on Adobe’s Setting Manager page. If you choose to refuse, disable, or delete these technologies, some of the functionality of the Services may no longer be available to you.
Sensitive Personal Data
BioMarin will not normally receive Sensitive Personal Data through its website. This is defined by BioMarin as:
- Demographic data (e.g. sex, race, colour, ethnic or national origin, religion, philosophical or political beliefs, trade union membership and criminal proceedings); and
- Medical data
If you choose to provide us with Sensitive Personal Data, BioMarin will apply appropriate safeguards to keep this data secure. BioMarin would require your explicit consent to the processing of sensitive personal data
Social Networking Services
BioMarin has worked with certain third-party social media providers to offer you their social networking services through our Services. For example, you can use third-party social networking services, including but not limited to Facebook, Twitter, and others, to share information about your experience on our Services with your friends and followers on those social networking services. These social networking services may be able to collect information about you, including your activity on our Services. These third-party social networking services also may notify your friends, both on our Services and on the social networking services themselves, that you are a user of our Services or about your use of our Services, in accordance with applicable law and their own privacy policies. If you choose to access or make use of third-party social networking services, we may receive information about you that you have made publicly available to those social networking services, including information about your contacts on those social networking services.
Security and Retention
We maintain reasonable security procedures to help protect against loss, misuse or unauthorized access, disclosure, alteration or destruction of the information you provide through the Services. However, no data transmission over the Internet or stored on a server can be guaranteed to be 100% secure. As a result, while we strive to protect your information and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online and cannot be responsible for the theft, destruction, or inadvertent disclosure of your information. In the event that we believe that the security of your information may have been compromised, we will endeavour to give you appropriate notice as quickly as possible, including by email, and in accordance with applicable laws.
You are responsible for maintaining the confidentiality of your account password and for any access to or use of the Services using your password, whether or not authorized by you. Please notify us immediately of any unauthorized use of your password or account or any other breach of security.
Your information will be retained only for so long as reasonably necessary for the purposes set forth in this Privacy Notice, in accordance with applicable laws.
BioMarin respects the privacy of children, and we are committed to complying with the EU General Data Protection Regulation (GDPR) and applicable local data protection legislation. The Services do not knowingly collect, use, or disclose personal information from children without prior parental consent.
If you have questions concerning our information practices with respect to children, please contact us using the Data Subject Request form, see link under “Your Personal Data Rights”
BioMarin operating as a global entity will be required to process and transfer personal data within BioMarin businesses. Some of these transfers may be outside the EEA, to countries that may not provide the same level of data protection as the EEA, to the USA and elsewhere. Transfers may also involve your personal data being sent to third party service providers outside of the EEA. Regardless of whether the transfers are to a third party, or within the BioMarin group, appropriate safeguards will be applied as required by applicable law, for example EU-approved “standard contractual clauses” to ensure that any transferred personal information remains protected and secure.
Links to Third-Party Content
As a convenience to our visitors, the Services may link to a number of sites, services, and other content that are operated and maintained by third parties. These third parties operate independently from us, and we do not control their privacy practices. Such links do not constitute an endorsement by BioMarin of the content or the persons or entities associated therewith. This Privacy Notice does not apply to third-party content. We encourage you to review the privacy policies of any third party to whom you provide information.
Your Personal Data Rights
You have certain rights to the personal information that BioMarin holds about you. Subject to certain legal limitations, these rights include the following:
The right of access to your personal information plus additional ancillary information such as the origin of such data, the purposes for which it has been collected, processed and transferred and the recipients of such data.;
- The right to rectify or erase your personal information (right to be forgotten);
- The right to restrict the processing of your personal information;
- The right of data portability. i.e. the right to have your data returned to you or to a third party in certain cases;
- The right of objection where BioMarin is relying on its legitimate interests as explained above; and
- The right to withdraw consent at any time
- The right to object to automated decision making, including profiling (BioMarin does not carry out either of these practices)
To exercise any of the above rights, if you wish to stop receiving emails or other communications from us, you may make a request by either contacting us (refer to contact details below) or by completing the Data Subject Request form here.
You will also have the option of removing your e-mail address from our database on each occasion that you receive an automated e-mail alert, by clicking on the unsubscribe link.
BioMarin will assess your request in accordance with its Data Subject Rights Request Procedure, subject to applicable laws and exceptions, and will respond within the relevant legal time limits.
This Privacy Notice may be revised from time to time as we add new features and services, as laws change, and as industry privacy and security best practices evolve. We display an effective date on the policy in the upper left corner of this Privacy Notice so that it will be easier for you to know when there has been a change. If we make any material change to this Privacy Notice regarding use or disclosure of personal information, we will provide advance notice through the Services. Small changes or changes that do not significantly affect individual privacy interests may be made at any time and without prior notice.
Contact Information or Complaints
If you feel your data protection rights have been infringed by BioMarin, you have the right to complain to your local data protection supervisory authority. The lead supervisory authority for BioMarin in Europe is the Data Protection Commission (see www.dataprotection.ie).
If you have any questions about this Privacy Notice, you may contact our European Affiliate Data Protection Officer:
2 Grand Canal Square
Tel + 353 1 479 4300