Privacy Policy

INTRODUCTION

Rhythm Pharmaceuticals, Inc. and its affiliates and subsidiaries (collectively, “Rhythm,” “we,” “our,” or “us”) have created this privacy statement (“Privacy Policy”) to describe how we collect, use, and disclose personal information, meaning information about you that is personally identifiable, as you interact with us online through rhythmtx.com and all other Rhythm websites and applications that link to this policy (collectively, the “Online Services”) or that you provide to us through other means. Please read this Privacy Policy carefully before using the Online Services or otherwise sharing your personal information with us. 

INFORMATION WE COLLECT

Information You Provide. We and our service providers may collect any information that you provide when you use the Online Services or otherwise interact with us, including when you contact us with questions or requests for information or submit information to participate in a study or research initiative or use social media to interact with us, or to share something from our Online Services with others. The information that you provide us may include, but is not limited to:

  • your name, phone number, email address, physical address, and other contact information;
  • symptoms, diagnoses, and other information to help assess the prevalence, impact, and progression of certain medical conditions, and/or your eligibility, or that of someone for whom you provide care, for participation in a study or research initiative; and
  • other information you provide when you contact us, including any health-related information.

Information Automatically Collected. We and our authorized service providers may automatically collect certain technical information over time and across different websites about your use of the Online Services, such as your Internet Protocol address or other device identifier, browser type, operating system, the pages you view on the Online Services, the pages you view immediately before and after you access the Online Services, your movement between different Rhythm websites, and the search terms you enter on the Online Services. This information allows us to recognize you and personalize your experience, and to improve the Online Services and the services and information we provide. We and our service providers may collect this information using “cookies,” which are small text files that the Online Services save on your computer using your web browser, or similar technologies. Please see “Your Choices,” below, for more information.

Information We Receive From Third Parties. We may combine the information we collect from you with information that we receive about you from other sources, such as public databases, providers of demographic information, joint marketing partners, social media platforms, and other third parties.

Recruitment and Job Applications. You may provide us with personal information, such as that contained on a resume or a curriculum vitae, in connection with a job application or inquiry. We may use this information throughout Rhythm for the purpose of employment consideration or your inquiry. We may keep your information on file for future consideration.

USE OF COLLECTED INFORMATION

We may use the information we collect for a number of purposes, including to:

  • Administer patient support programs;
  • Provide you with products, services, or information you request;
  • Provide you with information about our services or required notices;
  • Respond to your inquiries;
  • Deliver educational and promotional materials that may be of interest to you;
  • Administer participation in special events, programs, offers, surveys, and other market research;
  • Customize your experience when using the Online Services, such as by providing interactive or personalized elements and providing you with content based on your interests;
  • Improve our websites, patient support programs, and other products and services and/or develop new products or services;
  • Perform quality control activities, conduct data analyses, and develop references for other users and/or health care providers to better understand symptoms or conditions;
  • Generate and analyze aggregate traffic patterns throughout the Online Services;
  • Diagnose website technical problems;
  • Protect our, your, or others’ rights and property;
  • Protect someone’s health, safety, or welfare;
  • Comply with a law or regulation, court order, or other legal process;
  • Detect, prevent, and respond to fraud, intellectual property infringement, violations of our Terms of Use, violations of law, or other misuse of our services.

As noted above, we may use your personal information for marketing purposes, but we will not rent, sell, or share your personal information for third parties to directly market to you for their own purposes, unless we have your permission or as otherwise permitted by applicable law. See the “Your Choices” section below for information about your choices related to marketing.

Where required by applicable law, we will ask for your consent to collect your information.

We may use aggregate or de-identified information (i.e., information that does not personally identify you) for any purpose, except where prohibited by law.

DISCLOSURE OF COLLECTED INFORMATION

Service Providers. We may share your information with third parties that provide services to us in connection with our business operations. It is our policy to require our service providers to keep the information confidential and to not use the information outside of our business relationship.

Other Parts of Our Business and Our Business Partners. We may share your information with other parts or departments at Rhythm or with our business partners for events or activities that we provide jointly, such as a research study. In such cases, our business partners are limited to using your information for the purposes of the joint event or activity.

Mergers, Acquisitions and Bankruptcy. If Rhythm should ever file for bankruptcy or merge with another company, or if Rhythm should decide to buy, sell, or reorganize some part or all of its business, Rhythm may disclose your information to prospective or actual purchasers. It is Rhythm’s practice to seek appropriate protection for information disclosed in these types of transactions.

As Required by Law and Other Legal-Related Disclosures. We may disclose your personal information if we believe in good faith that disclosure is necessary: (a) to comply with the law, such as to report possible adverse events or to respond to legal process (e.g., court order, subpoena, search warrant) or other legal requirements of any governmental authority; (b) to protect the integrity of the Online Services; (c) to protect and defend our, your, or others’ rights, property, safety or interests; or (d) to detect, prevent, or respond to fraud, intellectual property infringement, violations of our Terms of Use, violations of law, or other misuse of the Online Services.

Aggregate and De-Identified Information. We may disclose aggregate or de-identified information for any purpose, except where prohibited by law.

YOUR CHOICES
Rhythm takes reasonable steps to keep personal information up-to-date for the purposes for which the information was collected. In addition, certain laws may give you the right to request that we provide you access to or delete the personal information we maintain about you. If you wish to inquire about, make changes to, or request deletion of the personal information we have collected about you, please submit a request to privacy@rhythmtx.com. We will take steps to comply with your request in accordance with applicable law.

Marketing. If you no longer wish to receive marketing communications from us, please submit a request to privacy@rhythmtx.com or use the unsubscribe mechanism in our promotional emails. Please note that you may not opt-out of receiving non-promotional, administrative messages, including messages relating to your account, technical notices, transactional confirmations, safety information, or other similar emails.

COOKIES AND SIMILAR TECHNOLOGIES. 

We and our service providers may collect information by automated means such as cookies, web beacons, log files, and similar technology. A “cookie” is a file that websites send to a visitor’s internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an internet tag, pixel tag, action tag, or clear GIF, is a clear graphic image that may be loaded by a web browser to record visits to a particular website or may be embedded in an email to record when the email is opened. A “log file” is a file that records how users interact with websites or a server. If you do not want the Online Services to collect information through the use of cookies, you can set your web browser to reject cookies from the Online Services. Each browser is different, so you should check your browser’s “Help” menu to learn how to change your cookie preferences. If you reject or block cookies from the Online Services, however, the Online Services may not function as intended.

Google Analytics. We may use third-party web analytics services on the Online Services, including Google Analytics. The analytics providers that administer these services use technologies such as cookies, web beacons, and log files to collect information to help us analyze how visitors use our Online Services and improve the overall performance and user experience of the Online Services. These analytics providers may also collect information about your use of other websites over time, if those other websites also use the same analytics providers. To learn more about how Google Analytics uses your information and what choices you have, please visit https://www.google.com/policies/privacy/partners/.

Do Not Track. Some browsers may transmit “do-not-track” signals to websites with which the browser communicates. Our websites do not currently respond to these “do-not-track” signals or other mechanisms that provide a method to opt out of the collection of information across websites and over time.

ADDITIONAL COLLECTION AND USE

To administer special programs or provide certain services, we may need to collect and use information other than as described in this Privacy Policy. In these cases, we will provide further explanation and, where required by applicable law, will ask for your additional consent before collecting and using your information for those programs and services.

SECURITY
We take steps to ensure that your personal information is treated securely and in accordance with this Privacy Policy. Rhythm has put in place physical, technical, and administrative safeguards to protect personal information, consistent with legal obligations and industry practices. However, no information system can be 100% secure, so we cannot guarantee the absolute security of any information you provide to us.

By using the Online Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Online Services.

LINKS TO THIRD-PARTY SITES
The Online Services may contain links to third-party sites. Please be aware that Rhythm is not responsible for and cannot control the privacy practices of these other sites. We encourage you to read the privacy policies for these other sites prior to using such sites, as they may differ from ours.

CHILDREN’S INFORMATION

Under Age 16. Our services, including the Online Services, are not directed to, nor do we knowingly collect information from, children under the age of 16 without verifiable parental consent. This does not affect health information about minors that a healthcare professional or caregiver using the Online Services may provide in connection with our services directed to those individuals. If we learn that a child under the age of 16 has submitted personally identifiable information online without parental consent, we will take all reasonable measures to delete such information from our databases and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required or allowed by law). If you become aware that your child or any child under your care has provided us with information without your consent, please contact us at the contact information listed below.

Under Age 18. Minors under 18 years of age may have the personal information that they provide to us online deleted by contacting us at the contact information listed below, requesting deletion.  Please note that, while we make reasonable efforts to comply with such requests, deletion of your personal information does not ensure complete and comprehensive removal of that data from all systems.

INTERNATIONAL DATA TRANSFERS AND PROCESSING
Rhythm may transfer your personal information to affiliates, business partners, and service providers that are located in countries other than where you live. Those countries may have different standards that apply to how personal information may be used and protected. Rhythm has put in place appropriate safeguards in accordance with applicable legal requirements to ensure that data is adequately safeguarded and protected irrespective of the country. For more information on the appropriate safeguards in place, please contact us at the details below.

ADDITIONAL PRIVACY DISCLOSURES FOR EUROPEAN RESIDENTS

Rhythm Pharmaceuticals, Inc. is the data controller responsible for the processing of your personal information through the Online Services. The European Union representative of Rhythm is MyData-TRUST. You can contact Rhythm using the information in the “Contacting Us” section below.

Legal Bases for Processing of Your Personal Information. Rhythm collects and processes your personal information on the following legal bases:

  • With your consent, for example, by responding to your communications or when we need to collect and process special categories of personal data;
    • If our processing is based on your consent, you may withdraw your consent for that processing at any time. Your withdrawal of consent does not affect the lawfulness of processing that was performed before you withdrew your consent.
  • On the basis of the performance of a contract with you, for example, by providing you the products or services that you request from us.
  • On the basis of our legitimate business interest. Examples of our legitimate interests that may be served include:
    • Improving the quality of our services and business activities;
    • Monitoring and improving our Online Services and IT systems;
    • Verifying your eligibility to receive products or services;
    • Evaluating your interests and preferences to better target our communications and advertisements to you;
    • Protecting the privacy, security, and safety of our business, our property, and others;
    • Ensuring compliance with internal policies and other obligations; and
    • Pursuing or defending legal claims or for other use in legal proceedings.
  • On the basis of a legal obligation, for example, to respond to a government inquiry or to comply with record-keeping obligations;
  • To protect the vital interests of your or another person; or
  • As needed to carry out a task in the public interest.

When Rhythm requests your personal information, you do not have to provide it. However, if you choose to not give us your personal information, we may not be able to provide you with all of our products and services.

Transfers Outside of the European Economic Area. While processing your personal information, we may transfer it to a country outside of the European Economic Area. The European Commission has created a list of countries that it has determined meet certain data privacy standards. If we make a transfer to a country that is not on that list, we will do so based on the Standard Contractual Clauses approved by the European Commission.

Retention of Your Personal Information. As a general matter, we will keep your personal information for as long as necessary to fulfill the purpose for which it was collected. If a law requires us to retain your information for a longer period of time, we will comply with that law. We will also retain your personal information as necessary to protect our legal rights.

Your Rights and Choices. As a resident in the European Economic Area, you have rights with respect to your personal information. The rights that you may exercise depend on the circumstances that surround the collection and processing of your personal information. Depending on those circumstances, you may have the following rights:

  • To request access to your personal information;
  • To rectify personal information that is inaccurate or incomplete;
  • To request a copy of your personal information in electronic format so that it can be transferred to third parties;
  • To object to the processing of your personal information;
  • To restrict processing of your personal information;
  • To erasure of your personal information; and
  • To lodge a complaint with a supervisory authority.

You may exercise these rights by contacting us using the information provided in the “Contacting Us” section below.

YOUR CALIFORNIA PRIVACY RIGHTS

This Privacy Policy describes how we may share your information for marketing purposes, as described above. California residents are entitled to request and obtain from us once per calendar year information about any of your personal information shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information and for any other questions about our privacy practices and compliance with California law, please contact us as explained below.


CHANGES TO THIS PRIVACY POLICY

Rhythm reserves the right to change this Privacy Policy at any time. If we update this Privacy Policy, we will notify you by posting a new Privacy Policy on this page. If we make any revisions that materially change the ways in which we use or share the information previously collected from or about you, we will make reasonable efforts to provide notice (such as by sending you an email or posting a notice on this website prior to the changes becoming effective) and obtain any necessary consent to any such new uses as may be required by law. We encourage you to review this Privacy Policy each time you visit this website.

CONTACTING US

If you have any questions about this Privacy Policy or our use of your personal information, you can contact privacy@rhythmtx.com.

Effective Date: May, 2021