Privacy Policy
Last Updated: December 16, 2024
Incyte Corporation (including its affiliates in its worldwide group of companies) (collectively, “Incyte,” “we” or “us”) honors its trusted relationships with patients, healthcare professionals, caregivers, consumers, employees and business partners by being transparent about how we collect, use, share, transfer and retain personal information when you visit one of Incyte’s websites, mobile applications or social media accounts¹. We encourage you to explore this webpage, and the webpages and policies to which it links, in order to learn more about our privacy practices.
¹ While this commitment sets forth the general privacy principles under which Incyte operates, some of our websites, mobile apps and social media accounts contain specific privacy policy information that relates to that particular media. Please consult this information where available.
Click below to access our privacy notices/policies relating to the areas identified.
Job Candidates
Learn what we do with your personal information when you apply for a job at Incyte.
Study Participants
Learn what we do with your personal information when you are in an Incyte-sponsored clinical trial or other research project.
Non-Research Patients
Learn what we do with your personal information when you use an Incyte drug.
Patients non participants à une étude de recherche
Patients non participants à une étude de recherche
Pazienti non partecipanti ad una sperimantazione clinica
Patients non participants à une étude de recherche
Pasienter som ikke er forskningspasienter
Pacientes não objecto de estudo
Healthcare Professionals
Learn what we do with your personal information when we interact with you as a healthcare professional.
Business Contacts
Learn what we do with your personal information when you interact with us in the course of business.
When you provide your personal information to us, we take technical, physical and organizational measures to protect it from misuse or unauthorized alteration, loss or access consistent with applicable privacy and data security laws. However, no Internet transmission is ever 100% secure, so we cannot guarantee the security of the personal information you transmit to our websites or mobile applications and any transmission is at your own risk.
Third-Party Websites: If one of our websites contains links to other websites controlled by third parties, including social media, you should be aware that we are not responsible for the privacy practices of those or any other third-party sites and they are not covered under this privacy policy. If you have questions about how those websites collect and use your personal information when you visit them, you should carefully read the privacy policies of those websites. You agree that we are not responsible for the availability of such websites and do not review or endorse and shall not be liable, directly or indirectly, for:
- How these websites treat your personal information
- The content of such websites
- The use that others make of these websites
User Age Requirements and Children’s Privacy: Incyte does not knowingly collect personal information directly from minors—persons under the age of 13 or another age of a minor as defined by the applicable law of your jurisdiction—other than when required to comply with the law or for safety or security reasons. If you are a parent or guardian of a minor who has provided personal information without your knowledge or consent, you may submit a request to remove the minor’s information by emailing us at privacy@incyte.com. If we become aware that anyone under the age of 13 has submitted personal information to our site, we will delete it and we will not use it for any purpose whatsoever.
Cookies: We use cookies and other tracking technologies (collectively, “Cookies”) on our websites, which utilize various files sent from our servers to your computer hard drive. Some Cookies are mandatory and strictly necessary in order to make the website work and some are optional and placed with your consent. You can learn more about Incyte’s collection of Cookies in our Cookie Policy².
Mobile Device Information: If you access an Incyte website from a phone or other mobile device, the mobile services provider may transmit uniquely identifiable mobile device information to us, which allows us to then collect mobile phone numbers and associate them with the mobile device identification information. Some mobile phone service providers also operate systems that pinpoint the physical location of devices, and we sometimes receive this information as well. We use this information in the same way that we use personal information collected by Google Analytics as described above.
Voluntarily Submitted Information: If you participate in certain activities on our websites, mobile applications or social media accounts, you may need to provide us with personal information such as your name, email address, mailing address, phone number or fax number. For example, if you choose to send us an email or fill out an online form, you are voluntarily providing personal information to us. If you choose not to provide your personal information, you may not be able to participate in those activities; however, you will still be able to access information available on the website to the general public.
² Please note that certain applicable laws place limitations on the use of certain cookies. Please refer to the annex at the end of this Privacy Policy for the country in which you live for more information.
Your personal information will be used for the purposes listed below.
Categories of PI Collected
Applicable Categories of Individuals
Name, Contact Information and Unique Identifiers: Identifiers, such as a real name, alias, postal address, telephone number, unique personal identifier, online identifier, device ID, Internet protocol (IP) address, email address, account name, social security number, driver’s license number, passport number or other similar identifiers—as well as demographic information—such as date of birth, place of birth, country of residence, income, family size etc., and an individual’s written or digital signature.
Employees
Candidates for Employment
Contractors
Healthcare Providers
Clinical Trial Investigators, Site Staff and Participants
Patients
Customers
Website Visitors
Caregivers
Authorized Representatives
Financial Information: Bank account number, credit or debit card number, credit reports, background checks or other financial information.
Employees
Candidates for Employment
Contractors
Healthcare Providers
Clinical Trial Investigators
Medical Information: Any information in possession of or derived from yourself, a healthcare provider, a healthcare insurer, a healthcare service plan, a pharmaceutical company or a contractor regarding an individual’s medical history, mental or physical condition, or treatment. This includes an individual’s insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual or any information in the individual’s application and claims history (including prescription information).
Employees
Candidates for Employment
Contractors
Healthcare Providers
Clinical Trial Participants
Patients
Customers
Website Visitors
Caregivers
Authorized Representatives
Protected Characteristics: Characteristics of legally protected classifications such as race, gender, age, nationality, physical or mental disability, and religion.
Employees
Candidates for Employment
Clinical Trial Participants
Patients
Purchase History and Tendencies: Information regarding products or services purchased, obtained or considered.
Healthcare Providers
Patients
Customers
Website Visitors
Caregivers
Authorized Representatives
Biometric Information: Physiological, biological, or behavioral characteristics that can establish an individual’s identity, including DNA, face, iris or retina imagery, fingerprint, voice recordings and sleep, health or exercise data that contain identifying information.
Employees
Contractors
Clinical Trial Participants
Patients
Customers
Network Activity: Internet or other electronic network activity information, such as browsing history, search history and information regarding an individual’s interaction with an internet website, application or advertisement. Includes analytics evaluation and cookies.
Employees
Candidates for Employment
Contractors
Healthcare Providers
Clinical Trial Investigators and Site Staff
Patients
Customers
Website Visitors
Caregivers
Authorized Representatives
Geolocation Data: Precise geographic location information about a particular individual or device.
Employees
Candidates for Employment
Contractors
Healthcare Providers
Patients
Customers
Website Visitors
Caregivers
Authorized Representatives
Electronic and Sensory Data: Audio, electronic, visual or similar information (e.g., a recording of a customer service call or a profile photograph).
Employees
Candidates for Employment
Contractors
Healthcare Providers
Clinical Trial Investigators, Site Staff and Participants
Patients
Customers
Website Visitors
Caregivers
Authorized Representatives
Education and Professional Information: An individual’s academic information and records, licenses, professional or employment-related information and professional interactions with Incyte.
Employees
Candidates for Employment
Contractors
Healthcare Providers
Clinical Trial Investigators, Site Staff and Participants
Website Visitors
Inferences: Inferences drawn from any of the information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.
Employees
Candidates for Employment
Contractors
Healthcare Providers
Clinical Trial Investigators, Site Staff and Participants
Patients
Customers
Website Visitors
Caregivers
Authorized Representatives
Households
We and our service providers collect personal information in a variety of ways, including from:
- You directly or an authorized representative
- Government entities
- Public records
- Research partners
- Data resellers
- Marketing vendors
- Business service providers
- Other third parties, when they disclose personal information to us
We use your personal information for the purposes we have described below in this Privacy Policy or for purposes which are reasonably compatible with the ones described. We will not use it for other purposes without your permission unless we have a legal obligation to do so.
To manage our relationship with you3.
We will use your personal information:
- To respond to your requests
- To improve our level of service
- To provide our products and services to you
- To promote our products and services
- To manage your account, if necessary
- To provide you with information when you request it, or when we believe it may be of interest to you
- To invite you to provide your views on our products and services, participate in research or attend events
- To report any product adverse events that you notify us about
- To consider your application for employment
- To perform analytics and understand your preferences
- To provide access where required to our sites and facilities
- To gain insights and feedback on our products and services in order to correct or improve them
- For other purposes that may be detailed on a website or mobile application which will be described at the time the information is collected
To manage and improve our processes and our business operations.
We will use your personal information:
- To manage our network and information systems' security
- To manage our workforce effectively
- To prepare and perform management reporting and analysis, including analytics and metrics
- For our own administrative and quality assurance purposes
To achieve other purposes.
We will use your personal information:
- To follow applicable laws and regulations
- To respond to lawful requests from competent public authorities
- To tell you about changes to our terms, conditions and policies
- To exercise our rights or defend Incyte against potential, threatened or actual litigation
- To protect Incyte’s or your vital interests, or those of another person
- To disclose any transfers of value made to you in relation to expert services that you provide to us
- For the purpose of authorship of a scientific publication
- To respond to and handle your queries or requests
- When we sell, assign or transfer all or part of our business
We may also deidentify any personal information we collect about you. When we do so, we take reasonable measures to ensure that the information cannot be associated with a consumer or household, and we maintain and use the information in deidentified form. We will not attempt to reidentify the information, except that we may attempt to reidentify the information solely for the purpose of determining whether our deidentification processes satisfy applicable legal requirements. After it has been deidentified, the information is no longer personal information and is not subject to this Privacy Policy.
3Marketing Opt-in: In some locations, by law you must opt-in before receiving materials such as newsletter or product alerts via text or email from us. Once you have opted-in, if you then decide you don’t want to receive such materials, you may opt-out at any time by following the opt-out instructions below.
Marketing Opt-out: If applicable law does not require your opt-in, you may still opt-out of receiving materials such as newsletter or product alerts by following the opt-out instructions in the email or other communication, or the opt-out details provided to you through the applicable program. You may also opt-out by accessing our data subject request form or by emailing privacy@incyte.com. When we receive your opt-out request, we will take reasonable steps in a timely manner to remove your name from our distribution lists. However, it may take a period of time to remove your name from our lists after your request and therefore you may still receive materials for a period of time after you opt-out.
Incyte is committed to ensuring that our communications are accessible to individuals with disabilities. To submit accessibility-related requests or report barriers to accessibility, please use the contact information below.
Incyte Corporation
Attention: Global Data Privacy Officer
1801 Augustine Cut-Off
Wilmington, Delaware 19803
USA
privacy@incyte.com
For EEA, UK and Swiss Residents please contact:
Incyte Biosciences International Sàrl
Attention: Data Protection Officer
Rue Docteur-Yersin 12, 1110, Morges,
Switzerland
privacy@incyte.com
We disclose your information in the manner and for the purposes described below:
- We engage vendors to provide us with website, hosting, content development and marketing services either to help us in our business, or to perform functions we would otherwise perform ourselves. These companies will have access to your information, including your personal information, as part of the work they perform
- We may disclose information to regulators, which may include data protection authorities, and with courts and law enforcement to comply with all applicable laws, regulations and rules and requests of law enforcement, regulatory and other governmental agencies
- We may disclose personal information to third parties at your direction or with your consent
- We may disclose personal information to third parties via Cookies, including information about visitors to our website, website traffic patterns, and website usage4
- If, in the future, we sell or transfer some or all of our business or assets to a third party, or invite investment in our company, we may disclose information to a potential or actual third-party purchaser of our business or assets
4Please note that certain applicable laws place limitations on the use of certain cookies. Please refer to the annex at the end of this Privacy Policy for the country in which you live for more information.
Incyte will keep your personal information for as long as needed or permitted for the purpose(s) for which it was obtained and consistent with applicable law. In some cases, we may also retain your personal information in order to resolve queries or disputes that may arise from time to time.
As technology improves the efficiency of our organization and activities, it may also increase our risk. Incyte has a robust Cybersecurity program, with a comprehensive suite of tools and processes. These include technical and administrative safeguards such as penetration testing, vulnerability assessment and remediation; privacy and cybersecurity assessment of business partners; end-to-end security tools; cloud security and protection mechanisms for patient data and intellectual property. Incyte also focuses on regularly improving cybersecurity awareness among employees and contingent workers through mandatory cybersecurity training during orientation, annual refreshers and “Cybersecurity Awareness Month” activities, which are supplemented by periodic phishing simulation testing campaigns with additional training for users who do not pass the tests.
Depending on where you are located, you may have certain rights regarding your personal information under applicable privacy and data protection laws (including but not limited to the European Union's General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA) (collectively, "Privacy Laws")
If you wish to exercise your rights, please complete the information in this data subject request form. Upon receipt of the completed form, we will process your request within the timelines required under applicable privacy laws. If additional information is necessary to process your request, we will contact you using the contact information that you provide in the data subject request form.
The information that you provide in connection with your request will be processed solely for the purpose of responding to your request.
If you are a California resident, You may also contact Incyte’s Privacy Office at +1 855-446-2983.
We live in the same connected world you do. Although headquartered in the United States, we conduct business, among other places, in Switzerland, the United Kingdom and many of the countries comprising the European Economic Area (“EEA”). Since our commitment to transparency and trust in matters of privacy does not end at the U.S. border, for information transferred from those countries to our United States operations, we comply with the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce.
Incyte has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Incyte has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, view our certification, and verify our good standing under these Frameworks please visit https://www.dataprivacyframework.gov/ [dataprivacyframework.gov].
This Data Privacy Framework Statement sets forth the privacy principles Incyte follows in connection with the transfer and protection of personal information from the European Economic Area (“EEA”), United Kingdom and Switzerland to the United States, in addition to the EU, UK and Swiss Standard Contractual Clauses we have with third parties and our Intragroup Data Transfer Agreement between our affiliates that provide the actual basis for these data transfers. The EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework were developed to provide U.S. organizations with a means of satisfying the requirements under the EU General Data Protection Regulation, UK General Data Protection Regulation and Article 6 of the Swiss Federal Act on Data Protection respectively, and Incyte continues to abide by these Frameworks while not using them as the basis for our data transfers.
Consistent with Incyte’s goal to protect personal privacy, Incyte is fully committed to complying with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information from EEA member nations, the United Kingdom and Switzerland to the United States. Incyte has certified to the Department of Commerce that it adheres to the EU-U.S., UK-U.S. and Swiss-U.S. Data Privacy Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability as set forth below (the “Principles”). The United States Federal Trade Commission (FTC) has jurisdiction over our compliance with the Data Privacy Frameworks and we are subject to the FTC’s investigatory and enforcement powers. Information regarding the Data Privacy Framework program and evidence of our certification can be found by visiting https://www.dataprivacyframework.gov/s/.
This Data Privacy Framework Statement is effective as of December 16, 2024, and has not been amended since that date.
Scope
This Data Privacy Framework Statement governs all personal information received by Incyte in the United States from Incyte’s operations and business partners in the EEA, United Kingdom and Switzerland. As used in this Data Privacy Framework Statement, “personal information” has the meaning given to it under the applicable local law of the country from which it was originally collected. Generally, it means information that identifies or can directly or indirectly lead to the identification of an individual, including such things as an individual’s name, address, telephone number, fax number, email address, social security number and date of birth.
Data Privacy Framework Principles
The Data Privacy Framework is predicated on seven core Principles:
- Notice
- Choice
- Accountability for Onward Transfer
- Security
- Data Integrity and Purpose Limitation
- Access
- Recourse, Enforcement and Liability
We adhere to and have implemented policies and procedures regarding these core Principles in the following ways:
Notice. Herein we disclose our participation in the Data Privacy Frameworks and our commitment to subject to the Principles all personal data received from the European Economic Area, United Kingdom and Switzerland in reliance on the Data Privacy Frameworks. When we collect personal information from individuals in the EEA, United Kingdom and Switzerland, we tell them in clear and conspicuous language about the types of personal information being collected, the purposes of our collection and the nature of our intended uses, the requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements and, where applicable, we tell them about the U.S. entities or U.S. subsidiaries of the organization also adhering to these Principles. We also advise them of the types of third parties—such as vendors with cloud-based software licensed in support of our operations and clinical research organizations—to whom we further disclose such information, the purposes for which we disclose to such third parties, and the choices and means, if any, we offer for limiting use and disclosure, as well as how to contact us with inquiries or complaints, including any relevant establishment in the European Economic Area, United Kingdom and Switzerland that can respond to such inquiries or complaints and the availability of independent dispute resolution bodies. We use a variety of different context-specific means to provide such policy information. For instance, in our research activities, we use industry-standard informed consent forms.
Choice. We will offer those individuals whose personal information we have collected a choice. They may “opt-out” to having their personal information disclosed to third parties and/or used for purposes other than for the purposes for which it was originally collected or subsequently authorized. For the types of personal information that the laws of Switzerland, the United Kingdom and the EEA countries deem “sensitive,” rather than having to opt-out after the fact, we afford affected individuals, at the time of collection, an opportunity to “opt-in” and specifically consent to have their information disclosed to third parties or used for purposes other than those for which it was originally collected or subsequently authorized. Just as we do in fulfilling our Policy obligations, we use a variety of different, context-specific means to provide the choices described here or otherwise required by the Data Privacy Framework. If you wish to exercise your rights, please complete the information in this data subject request form. Upon receipt of the completed form, we will process your request within the timelines required under applicable privacy laws. If additional information is necessary to process your request, we will contact you using the contact information that you provide in the data subject request form.
Accountability for Onward Transfer. Our accountability for the personal information we receive and subsequently transfer to third parties is described in the Privacy Framework Principles. In summary, we remain responsible and liable under the Privacy Framework Principles if third-party agents that we engage to process your personal information on our behalf do so in a manner inconsistent with the Principles, unless we can prove that we are not responsible for the event that gives rise to any harm you may incur.
Security. At a minimum, we take reasonable and appropriate precautions to protect the personal information in our possession from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the personal data.
Data Integrity and Purpose Limitation. We only use the personal information we collect in ways that are consistent with the purposes for which it was originally collected or for which we subsequently obtained authorization from the affected individuals. We take reasonable steps to ensure that the information is reliable for its intended use, accurate, complete and current. To accomplish this, we necessarily rely on individual data subjects to exercise their Access rights to keep us apprised of any changes in their personal information.
Access. If an individual from whom we have collected data writes to us and asks to have access to their personal information, we will take all reasonable steps to ensure such access is granted. Obviously, the relevant information must be in our possession or under our reasonable control for us to do so. Once such access is granted, affected individuals have the right under the Data Privacy Framework to have us correct, amend or delete their information where it is determined to be factually inaccurate. There are, however, certain limitations to an individual’s rights to such access. These include situations where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy, or where the rights of persons other than the individual would be violated.
Recourse, Enforcement and Liability. We implement processes and procedures to verify our compliance with this Data Privacy Framework Statement. If individuals believe that we are not compliant, or if they have other complaints related to this Data Privacy Framework Statement or our conduct under it, we encourage those individuals to contact us using the contact information listed at the end of this Data Privacy Framework Statement. We commit to investigate and attempt to remedy all such valid complaints.
Dispute Resolution. In compliance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework Principles, Incyte commits to resolve complaints about your privacy and our collection or use of your personal information. European Union, United Kingdom or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Incyte at:
Global Data Privacy Officer
1801 Augustine Cut-off
Wilmington, Delaware 19803
USA
privacy@incyte.com
For EEA, UK and Swiss Residents please contact:
Incyte Biosciences International Sàrl
Attention: Data Protection Officer
Rue Docteur-Yersin 12, 1110, Morges,
Switzerland
privacy@incyte.com
Incyte has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints [bbbprograms.org] for more information and to file a complaint. This service is provided free of charge to you.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Data Privacy Framework Panel.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Incyte commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.
Limitation of Principles
Adherence to this Data Privacy Framework Statement may be limited to the extent required to satisfy legal obligations (including, but not limited to, subpoenas and court orders) and/or meet national security, law enforcement or public interest requirements. We may be required, under certain circumstances, to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. The law also provides certain express exceptions and variations to our obligations under this Data Privacy Framework Statement. For instance, some of the access and consent principles are modified for pharmaceutical companies like us who use personal information to engage in ongoing research for the good of the public health.
Changes to this Data Privacy Framework Statement
We reserve the right to change or update this policy from time to time. Please check our site periodically for such changes since all information collected is subject to the policy in place at that time. Typically, we will indicate the effective/amendment date at the beginning of this policy. If we feel it is appropriate, or if the law requires, we will also provide a summary of changes we have made near the end of a new policy.
Contacting Us
If you have questions about this Data Privacy Framework Statement, our privacy practices, or would like to submit a complaint, please contact our Privacy Office:
Incyte Corporation
Attention: Global Data Privacy Officer
1801 Augustine Cut-off
Wilmington, Delaware 19803
USA
privacy@incyte.com
For EEA, UK and Swiss Residents please contact:
Incyte Biosciences International Sàrl
Attention: Data Protection Officer
Rue Docteur-Yersin 12, 1110, Morges,
Switzerland
privacy@incyte.com
In addition to the general policies above, Incyte follows all privacy laws in the markets where it operates, including but not limited to the below.
Canada
Quebec
If you are a resident of Quebec, please read this section.
Scope of Policy
This Policy applies to Incyte Biosciences Canada Corporation and any other affiliates from time to time (collectively, Incyte Biosciences Canada Corporation or “we” or “us”) in respect to processing activities that are subject to federal and provincial privacy legislation.
Accountability
Incyte Biosciences Canada Corporation is responsible for personal information under its control. We have designated a Privacy Officer who is responsible for Incyte Biosciences Canada Corporation compliance with this Policy. Incyte Biosciences Canada Corporation will, on request, provide information regarding its complaint procedures.
For further information about our Privacy Policy, please use our data subject request webform or you may contact:
Nicholas Apruzzi, Canada Privacy Officer
1801 Augustine Cut-off
Wilmington, Delaware 19803
USA
privacy@incyte.com
European Economic Area (EEA), United Kingdom and Switzerland
If you live, work or travel in the EEA, Switzerland or the United Kingdom (UK)—or visit an EEA, Swiss or UK website—please read this section to learn more about the General Data Protection Regulation (GDPR) or UK Data Protection Act and how it applies to the personal data collected and used by Incyte as described in this Privacy Policy.
Your personal information will be used for the purposes listed below. We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis, as described below, to do so. The legal basis we rely upon may impact which rights you have in relation to your personal information (see section below on those rights for more details).
Purpose
Legal Basis
Responding to your queries submitted to Incyte's contact details by email, telephone or mail.
Legitimate interest in responding to voluntarily submitted queries.
Using authorized features and apps to post or upload messages, comments, screen names, files and other materials. These features include comment fields on our content posted on and use of social media sites such as Facebook, Twitter, YouTube, LinkedIn, Pinterest, Instagram and any of the many other available external third-party social media platforms, as well as mobile or other apps we’ve created and distributed to let our customers and followers view our site or otherwise interact with our content.
Performance of a contract (relevant user terms) or legitimate interest in providing features which allow for user submitted content.
Sending you our newsletter, promotional materials or other materials.
Consent or, where permissible by law, Incyte’s legitimate interest in providing the information.
Enhancing your experience on our website through the processing of automatically collected information.
Consent or, where permissible by law, legitimate interest in providing a personalized user experience.
Improving the functionality of the website for the benefit of all users.
Legitimate interest in providing improved functionality to the benefit of all users.
Where we rely upon a "legitimate interest" as our legal basis, we make sure that our interest is not outweighed by any impact on your rights and freedoms. We do this by using your personal information in a way which is proportionate and respects your privacy.
WHERE IS YOUR PERSONAL INFORMATION USED OR STORED?
We may transfer your personal data to other countries outside of your location. Your personal data may be transferred:
- To Switzerland and Japan: Switzerland and Japan are considered as providing adequate data protection standards by the European Union (for further details, see here)
- To other countries where data protection standards have not been determined to be adequate by the European Union: these countries include the United States, India, and China. In these cases, we will ensure that any recipients of your personal data are bound by contract to the European, Swiss and UK data protection standards
Cookies. Incyte uses only Strictly Necessary cookies in countries where the respective Data Protection Authority has deemed other categories of cookies are unlawful, example being France.
WHAT ARE YOUR RIGHTS?
You have a number of rights which apply to our use of your personal data. The availability of some of these rights depends upon our lawful basis for processing your personal data, and your rights may also be subject to certain conditions and restrictions. Your rights may include:
- To obtain access to your personal data together with information about how and on what basis that personal data is processed
- To rectify inaccurate personal data (including the right to have incomplete personal information completed)
- To erase your personal data in limited circumstances where it is no longer necessary in relation to the purposes for which it was collected or processed
- To restrict processing of your personal data where:
- the accuracy of the personal data is contested
- the processing is unlawful but you object to the erasure of the personal data
- we no longer require the personal data for the purposes for which it was collected, but it is required for the establishment, exercise or defense of a legal claim
- To challenge processing which we have justified on the basis of a legitimate interest
- To object to decisions which are based solely on automated processing (to the extent that these are taken) and to restrict processing based on your objection
- To obtain a portable copy of your personal data or to have a copy transferred to a third-party controller
- To obtain more information as to safeguards under which your personal data is transferred outside of the EEA (if relevant)
- To lodge a complaint with the data protection/supervisory authority noted below
We may ask you for additional information to confirm your identity and for security purposes before disclosing the personal data requested to you.
WHO CAN YOU CONTACT REGARDING YOUR RIGHTS?
Data Controller: The entity that determines why and how your personal data is processed is called a Controller. For online visitors, this is the Incyte organization or affiliate whose website you are visiting. A list of all Incyte companies is available here. For Incyte organizations or affiliates located outside of the EEA, Incyte has elected Incyte Biosciences Benelux BV as its legal representative.
Data Protection Officer Incyte: privacy@incyte.com
Data Protection Authority/Supervisory Authority: The Data Protection Authority/Supervisory Authority for the processing of your personal data is the authority located in the country of the Incyte organization or affiliate whose website you are visiting or the country where you live, work, or the place of the alleged infringement. More information about how to contact these authorities in the European Union can be found here. For Switzerland information, please visit the office of the Federal Data Protection and Information Commissioner. For United Kingdom information, please visit the Information Commissioner’s Office (ICO).
United States
Supplemental U.S. State Privacy Notice
If you are a resident of a U.S. state that has adopted comprehensive privacy legislation (the “U.S. Privacy Law(s)”), please read this section to learn more about how the U.S. Privacy Laws apply to the personal information collected and used by Incyte as described in this Privacy Policy.
This Supplemental U.S. State Privacy Notice (“Supplemental Notice”) applies only to our collection and use of Personal Information from residents of states with U.S. Privacy Laws.
This notice also includes additional disclosures for compliance with the Washington My Health My Data Act that applies to Incyte’s activities. These disclosures are included at the end of this Supplemental Notice. The remaining portions of this Supplemental Notice do not apply to Washington consumers.
This notice does not apply to our collection and use of “Consumer Health Data,” as that term has been defined under consumer health data privacy legislation. If you have questions about our collection and use of Consumer Health Data, please see our Consumer Health Data Privacy Notice, as well as our separate supplement with additional disclosures required by certain states.
Some portions of this Supplemental Notice apply only to Consumers of particular states. In those instances, we have indicated that such language applies only to those Consumers.
Please note that this Supplemental Notice does not apply to individuals with whom we interact in an employment-related context or a business context. For our disclosures applicable to California Consumers with whom we interact in those contexts, please see our Job Candidates and Business Contacts notices above.
A. Definitions
- "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or household. Personal Information includes "personal data" as that term is defined in the U.S. Privacy Laws. Personal Information also includes "Sensitive Personal Information," as defined below, except where otherwise noted.
- "Sensitive Personal Information" means Personal Information that reveals a Consumer’s social security, driver’s license, state identification card, or passport number; account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious beliefs, or union membership; contents of email or text messages; and genetic data. Sensitive Personal Information also includes Processing of biometric information for the purpose of uniquely identifying a Consumer and Personal Information collected and analyzed concerning a Consumer’s health, sex life, or sexual orientation. Sensitive Personal Information also includes "sensitive data" as that term is defined in the U.S. Privacy Laws.
- "Third-Party" has the meanings afforded to it in the U.S. Privacy Laws.
- "Vendor" means a service provider, contractor, or processor as those terms are defined in the U.S. Privacy Laws.
To the extent other terms used in this Supplemental Notice are defined terms under the U.S. Privacy Laws, they shall have the meanings afforded to them in those statutes, whether or not capitalized herein. As there are some variations between such definitions in each of the U.S. Privacy Laws, the definitions applicable to you are those provided in the statute for the state in which you are a Consumer. For example, if you are a California Consumer, terms used in this Supplemental Notice that are defined terms in the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”) shall have the meanings afforded to them in the CCPA as this Supplemental Notice applies to you.
B. Collection & Processing of Personal Information
We, and our Vendors, collect the following categories of Personal Information about Consumers. We also have collected and Processed the following categories of Personal Information about Consumers in the preceding 12 months:
- Identifiers, such as name, alias, online identifiers, account name, physical characteristics or description;
- Contact and financial information, including phone number, address, email address, financial information, medical information, health insurance information;
- Characteristics of protected classifications under state or federal law, such as age, gender, race, physical or mental health conditions, and marital status;
- Commercial information, such as transaction information and purchase history;
- Biometric information;
- Internet or other electronic network activity information, such as browsing history and interactions with our websites or advertisements;
- Geolocation data, such as device location;
- Audio, electronic, visual and similar information, such as call and video recordings;
- Professional or employment-related information, such as work history and prior employer;
- Inferences drawn from any of the Personal Information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics; and
- Sensitive personal information, including:
- Personal Information that reveals:
- Social security, driver’s license, state identification card, or passport number;
- Account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials for allowing access to an account;
- Precise geolocation;
- Racial or ethnic origin, religious or philosophical beliefs, or union membership;
- Contents of a Consumer’s email and text messages, unless the business is the intended recipient thereof; or
- Genetic data, including Raw DNA sequence data, genotypic and phenotypic information generated from sequence analysis, and self-reported health data submitted to an entity that is analyzed in connection with raw sequence data.
- Biometric data Processed for the purpose of uniquely identifying a Consumer;
- Personal Information collected and analyzed concerning a Consumer’s health conditions, treatment and medications
- Personal Information that reveals:
C. Purposes for Processing Personal Information
We, and our Vendors, collect, Process, and disclose the Personal Information (excluding Sensitive Personal Information) described in this Supplemental Notice
To manage our relationship with you.
We will use your Personal Information:
- To respond to your requests
- To improve, our level of service
- To provide our products and services to you
- To promote our products and services
- To manage your account, if necessary
- To provide you with information when you request it, or when we believe it may be of interest to you
- To invite you to provide your views on our products and services, participate in research or attend events
- To report any product adverse events that you notify us about
- To consider your application for employment
- To perform analytics and understand your preferences
- To provide access where required to our sites and facilities
- To gain insights and feedback on our products and services in order to correct or improve them
- For other purposes that may be detailed on a website or mobile application which will be described at the time the information is collected
To manage and improve our processes and our business operations.
We will use your Personal Information:
- To manage our network and information systems’ security
- To manage our workforce effectively
- To prepare and perform management reporting and analysis, including analytics and metrics
- For our own administrative and quality assurance purposes
To achieve other purposes.
We will use your Personal Information:
- To follow applicable laws and regulations
- To respond to lawful requests from competent public authorities
- To tell you about changes to our terms, conditions and policies
- To exercise our rights or defend Incyte against potential, threatened or actual litigation
- To protect Incyte’s or your vital interests, or those of another person
- To disclose any transfers of value made to you in relation to expert services that you provide to us
- For the purpose of authorship of a scientific publication
- To respond to and handle your queries or requests
- When we sell, assign or transfer all or part of our business
We may also deidentify any Personal Information we collect about you. When we do so, we take reasonable measures to ensure that the information cannot be associated with a consumer or household, and we maintain and use the information in deidentified form. We will not attempt to reidentify the information, except that we may attempt to reidentify the information solely for the purpose of determining whether our deidentification processes satisfy applicable legal requirements. After it has been deidentified, the information is no longer Personal Information and is not subject to this Privacy Policy.
We, and our Vendors, collect and Process the Sensitive Personal Information described in this Supplemental Notice only for:
- Performing the services or providing the goods reasonably expected by an average Consumer who requests those goods or services;
- Preventing, detecting, and investigating security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted Personal Information;
- Resisting malicious, deceptive, fraudulent, or illegal actions directed at us and prosecuting those responsible for those actions;
- Ensuring the physical safety of natural persons;
- Short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a Consumer’s current interaction with us, provided that we will not disclose the Consumer’s Personal Information to a Third Party and will not build a profile about the Consumer or otherwise alter the Consumer’s experience outside of their current interaction with us;
- Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf;
- Verifying or maintaining the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by us, and improving, upgrading, or enhancing the service or device that is owned, manufactured by, manufactured for, or controlled by us; and
- Collecting or Processing Sensitive Personal Information where such collection or Processing is not for the purpose of inferring characteristics about a Consumer.
Retention of Personal Information. Incyte will keep your Personal Information for as long as needed or permitted for the purpose(s) for which it was obtained and consistent with applicable law. In some cases, we may also retain your Personal Information in order to resolve queries or disputes that may arise from time to time.
D. Categories of Personal Information We Disclose to Vendors & Third Parties
We disclose and have disclosed the following categories of Personal Information to Vendors and Third Parties for a business purpose in the past twelve months:
- Identifiers, such as name, alias, online identifiers, account name, physical characteristics or description;
- Contact and financial information, including phone number, address, email address, financial information, medical information, health insurance information;
- Characteristics of protected classifications under state or federal law, such as age, gender, race, physical or mental health conditions, and marital status;
- Commercial information, such as transaction information and purchase history;
- Biometric information;
- Internet or other electronic network activity information, such as browsing history and interactions with our websites or advertisements;
- Geolocation data, such as device location;
- Audio, electronic, visual and similar information, such as call and video recordings;
- Professional or employment-related information, such as work history and prior employer;
- Education information, as defined in the federal Family Educational Rights and Privacy Act, such as student records and directory information;
- Inferences drawn from any of the Personal Information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics; and
- Sensitive personal information, including:
- Personal Information that reveals:
- Social security, driver’s license, state identification card, or passport number;
- Account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials for allowing access to an account;
- Precise geolocation;
- Racial or ethnic origin, religious or philosophical beliefs, or union membership;
- Contents of a Consumer’s email and text messages, unless the business is the intended recipient thereof; or
- Genetic data.
- Personal Information collected and analyzed concerning a Consumer’s health
- Personal Information that reveals:
E. Sale, Sharing, & Processing for Purposes of Targeted Advertising
- Disclosure for California Consumers: We Sell and Share internet or other electronic network activity information, such as browsing history and interactions with our websites or advertisements, and we have Sold and Shared this category of Personal Information in the past twelve months. We Sell and Share this Personal Information to marketing and analytics providers to analyze and better understand consumers’ needs, preferences, and interests, and to advertise and promote our products and services. We do not have actual knowledge that we Sell or Share Personal Information of California consumers under 16 years of age. For purposes of the CCPA, a “Sale” is the disclosure of Personal Information to a Third Party for monetary or other valuable consideration, and a “Share” is the disclosure of Personal Information to a Third Party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration. California Consumers have the right to opt out of the Sale and Sharing of their Personal Information and can do so via our data subject request webform or by calling us toll free at 1-855-446-2983.
- Disclosure for Consumers in Other States with U.S. Privacy Laws: We Sell internet or other electronic network activity information, such as browsing history and interactions with our websites or advertisements, and process this category of Personal Information for purposes of Targeted Advertising, as the terms “Sell” and “Targeted Advertising” are defined under the U.S. Privacy Law applicable in each state. We Sell this Personal Information to marketing and analytics providers to analyze and better understand consumers’ needs, preferences, and interests, and to advertise and promote our products and services. Consumers of these states may exercise the opt-out rights applicable to them via our data subject request webform or by calling us toll free at 1-855-446-2983.
F. Sources from Which We Collect Personal Information
We and our Vendors collect Personal Information in a variety of ways, including from:
- You directly or an authorized representative
- Government entities
- Public records
- Research partners
- Data resellers
- Marketing vendors
- Business service providers
- Other Third Parties, when they disclose Personal Information to us
G. Categories of Entities to Whom We Disclose Personal Information
We disclose, and have disclosed in the past twelve months, the categories of Personal Information listed in Section B for the purposes listed in Section C of this Supplemental Notice, as described below:
- We engage vendors to provide us with website, hosting, content development and marketing services either to help us in our business, or to perform functions we would otherwise perform ourselves. These companies will have access to your information, including your Personal Information, as part of the work they perform
- We may disclose information to regulators, which may include data protection authorities, and with courts and law enforcement to comply with all applicable laws, regulations and rules and requests of law enforcement, regulatory and other governmental agencies
- We may disclose Personal Information to Third Parties at your direction or with your consent
- We may disclose Personal Information to Third Parties via Cookies, including information about visitors to our website, website traffic patterns, and website usage
- If, in the future, we sell or transfer some or all of our business or assets to a third party, or invite investment in our company, we may disclose information to a potential or actual third-party purchaser of our business or assets
H. Data Subject Rights
- Exercising Data Subject Rights. Consumers who reside in states with U.S. Privacy Laws have certain rights with respect to the collection and use of their Personal Information. Those rights vary by state. For compliance with California’s and Colorado’s requirements, we provide information below regarding the data subject rights available to California and Colorado Consumers. Consumers who reside in other states with U.S. Privacy Laws have similar rights and can find more details by referencing the U.S. Privacy Law applicable to them.
- Data Subject Rights Disclosure for California Consumers: California Consumers have the following rights regarding our collection and use of their Personal Information, subject to certain exceptions.
Right to Receive Information on Privacy Practices: You have the right to receive the following information at or before the point of collection:
- The categories of Personal Information to be collected;
- The purposes for which the categories of Personal Information are collected or used;
- Whether or not that Personal Information is Sold or Shared;
- If the business collects Sensitive Personal Information, the categories of Sensitive Personal Information to be collected, the purposes for which it is collected or used, and whether that information is Sold or Shared; and
- The length of time the business intends to retain each category of Personal Information, or if that is not possible, the criteria used to determine that period.
We have provided such information in this Supplemental Notice, and you may request further information about our privacy practices by contacting us as at the contact information provided below.
- Right to Deletion: You may request that we delete any Personal Information about you we that we collected from you.
- Right to Correction: You may request that we correct any inaccurate Personal Information we maintain about you.
- Right to Know: You may request that we provide you with information about what Personal Information we have collected about you, including:
- The categories of Personal Information we have collected about you;
- The categories of sources from which we collected such Personal Information;
- The business or commercial purpose for collecting, Selling, or Sharing Personal Information about you;
- The categories of Third Parties to whom we disclose such Personal Information; and
- The specific pieces of Personal Information we have collected about you.
- Right to Receive Information About Onward Disclosures: You may request that we disclose to you:
- The categories of Personal Information that we have collected about you;
- The categories of Personal Information that we have Sold or Shared about you and the categories of Third Parties to whom the Personal Information was Sold or Shared; and
- The categories of Personal Information we have disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
- Right to Opt-Out of the Sale and Sharing of Your Personal Information and Right to Limit the Use of Your Sensitive Personal Information. California residents also have the right to opt out of the Sale and Sharing of their Personal Information. You also have the right to limit the use of your Sensitive Personal Information to the purposes authorized by the CCPA. We do not use Sensitive Personal Information for purposes beyond those authorized by the CCPA, and we have not used Sensitive Personal Information of California Consumers in the preceding twelve months for purposes beyond those authorized by the CCPA.
- Right to Non-Discrimination: You have the right not to be discriminated against for exercising your data subject rights. We will not discriminate against you for exercising your data subject rights.
- Exercising Data Subject Rights. Consumers who reside in states with U.S. Privacy Laws have certain rights with respect to the collection and use of their Personal Information. Those rights vary by state. For compliance with California’s requirements, we have provided detailed information herein regarding the data subject rights available to California Consumers. Colorado consumers have rights to access, correct, and delete their Personal Information, obtain their Personal Information in a portable format, and opt-out of the processing of their Personal Information for Targeted Advertising, Sale, and profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer. Please note, however, that we do not use Personal Information for profiling in furtherance of decisions that produce legal or similarly significant effects. Residents of other U.S. states with U.S. Privacy Laws have similar rights, including rights to access, delete, correct, and opt-out of certain types of processing of Personal Information.
You may exercise the data subject rights applicable to you under the U.S. Privacy Laws by contacting our Privacy Office. Please contact Incyte via our data subject request webform. - Verification of Data Subject Requests. We may ask you to provide information that will enable us to verify your identity in order to comply with your data subject request. Further, when a Consumer authorizes an agent to make a request on their behalf where permitted by U.S. Privacy Laws, the agent may make such request via the methods listed above. We may require the agent to provide proof of signed permission from the Consumer to submit the request, or we may require the Consumer to verify their own identity to us or confirm with us that they provided the agent with permission to submit the request. In some instances, we may decline to honor your request if an exception applies under applicable law. We will respond to your request consistent with applicable law.
- Opt-Out Preference Signals. We recognize opt-out preference signals that we are required to recognize for compliance with applicable law. Where required by U.S. Privacy Laws, we treat such opt-out preference signals as a valid request to opt-out of Sale, Sharing, and processing for purposes of Targeted Advertising, as applicable, for the browser or device through which the signal is sent and any consumer profile we have associated with that browser or device, including pseudonymous profiles. Further, if we know the identity of the consumer from the opt-out preference signal, we will also treat the opt-out preference signal as a valid request to opt out of Sale and Sharing for such consumer. Consumers may use opt-out preference signals by downloading or otherwise activating them for use on supported browsers and setting them to send opt-out preference signals to websites they visit. We process opt-out electronic preference signals through functionality in our cookie banner.
- Non-Discrimination. We will not discriminate against you for exercising your data subject rights. For example, we will not deny goods or services to you, charge you different prices or rates, or provide a different level of quality for products or services as a result of you exercising your data subject rights.
- Appeals. Consumers of certain states have the right to appeal our decisions on their data subject requests. This section does not apply to California Consumers, or to Consumers who reside in other states where the applicable U.S. Privacy Law does not give them the right to appeal Controllers’ decisions regarding data subject rights. To appeal our decision on your data subject requests, you may contact our Privacy Office at privacy@incyte.com or by calling toll free at 1-855-446-2983. Please enclose a copy of or otherwise specifically reference our decision on your data subject request, so that we may adequately address your appeal. We will respond to your appeal in accordance with applicable law.
I. Other Disclosures
- California Residents Under Age 18. If you are a resident of California under the age of 18 and a registered user of our website, you may ask us to remove content or data that you have posted to the website by writing to privacy@incyte.com. Please note that your request does not ensure complete or comprehensive removal of the content or data as, for example, some of your content or data may have been reposted by another user.
- California Shine the Light. California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about the personal information (if any) disclosed to third parties for direct marketing purposes in the preceding calendar year. We do not disclose to third parties for their own marketing purposes the categories of personal information listed in California’s “Shine the Light” law, such as names, addresses, email addresses, and telephone numbers.
- Financial Incentives for California Consumers. We do not provide financial incentives to California Consumers who allow us to collect, retain, Sell, or Share their Personal Information. We will describe such programs to you if and when we offer them to you.
J. Changes to our Supplemental Notice.
We reserve the right to amend this Supplemental Notice in our discretion and at any time. When we make material changes to this Supplemental Notice, we will notify you by posting an updated Supplemental Notice on our website and listing the effective date of such updates.
Contact Incyte’s Privacy Office
If you have any questions about our privacy notices or practices, you may contact Incyte's Privacy Office at:
Incyte Corporation
Attention: Global Data Privacy Officer
1801 Augustine Cut-off
Wilmington, Delaware 19803
USA
privacy@incyte.com
For EEA, UK and Swiss Residents please contact:
Incyte Biosciences International Sàrl
Attention: Data Protection Officer
Rue Docteur-Yersin 12, 1110, Morges,
Switzerland
privacy@incyte.com