Privacy Policy

We use this Privacy Notice to tell you what personal data we collect from you and what we do with it as an HCP registering for and attending Incyte’s CML One meeting in November 2022.

When we collect your personal data:

  • We take or require appropriate technical, physical, and organisational measures (such as multifactor password authentication, encryption, access restriction, etc.) to protect your personal data from misuse or unauthorized alteration, loss, or access;
  • We collect and use your personal data only for the purpose(s) for which we collect it;
  • We only collect the personal data that we need; and
  • We keep your personal data up to date and ensure that it is accurate.

This Privacy Notice is effective July 1, 2021.

What personal data do we collect and use and how long is it stored?

 1.     Registration & Meeting Attendance

  • We collect and use the following personal data:
    • Your name, email address, professional designation (optional), affiliation, job title (optional), and cell phone number (source, directly from you);
    • Your travel plans for the meeting (departure and destination airports, departure dates and times, date/time of arrival in Madrid (optional), airline and flight code (optional), frequent flyer number (optional), whether a hotel is required (source: directly from you);
    • Your optional responses to a brief survey on your clinical experiences with CML (source, directly from you). Your name and location will not be shared with your survey responses.
  • We collect this personal data in order to process your registration (demographic data) and provide you with relevant meeting materials and session details, provide travel arrangements as needed (travel plans), and enhance the content of the meeting (survey responses).
  • We collect and use this personal data as necessary based on your consent during the registration process.
  • We keep and use your information for as long as necessary for the administration of our relationship during the meeting but no longer than ninety days after the last contact with you.

Do you need to provide us with your personal data?

In order to register for the meeting, you will need to provide us with some personal data as noted above.  Use of the meeting’s smart wearable badge system is voluntary and you are therefore not obliged to provide us with any personal data for that purpose.

Who do we share your personal data with?

Your personal data is shared by Incyte with:

  • Third party consultants, service providers, partner companies contracted by or on behalf of Incyte or its affiliates, wherever located;

Where is your personal data used or stored?

We transfer your personal data to other countries outside of the European Economic Area.  Your personal data is transferred:

  1. To Switzerland: Switzerland is considered as providing adequate data protection standards (for further details, see here http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32000D0518&from=EN ).
  1. To countries where data protection standards have not been determined to be adequate by the European Union: these countries include the United States (where not made under Privacy Shield), United Kingdom, India, and China. In these cases we will ensure that any recipients of your personal data are bound by contract to the European data protection standards.

What are your rights?

You have a number of rights which apply to our use of your personal data.  The availability of some of these rights depends upon our lawful basis for processing your personal data and your rights may also be subject to certain conditions and restrictions.  You may have the right:

  • to obtain access to your personal data together with information about how and on what basis that personal data is processed;
  • to rectify inaccurate personal data (including the right to have incomplete personal data completed);
  • to erase your personal data in limited circumstances where it is no longer necessary in relation to the purposes for which it was collected or processed or where you object to or withdraw your consent.  This right may also apply where the processing was unlawful;
  • to restrict processing of your personal data where:
    • the accuracy of the personal data is contested;
    • the processing is unlawful but you object to the erasure of the personal data;
    • we no longer require the personal data for the purposes for which it was collected, but it is  required for the establishment, exercise, or defence of a legal claim;
  • to challenge processing which we have justified on the basis of a legitimate interest;
  • to object to the processing of your personal data;
  • to object to decisions which are based solely on automated processing (to the extent that these are taken);
  • to obtain a portable copy of your personal data, or to have a copy transferred to a third party controller;
  • to obtain more information as to safeguards under which your personal data is transferred outside of the EEA (if relevant); or,
  • to lodge a complaint with the data protection/supervisory authority noted below.

We may ask you for additional information to confirm your identity and for security purposes before processing your request.

Who can you contact regarding your rights?

Data Controller:  The entity that determines why and how your personal data is processed is called a Controller.  The Controller for the processing of your personal data is Incyte Biosciences International Sàrl.  For Incyte organisations or affiliates located outside of the EEA such as Incyte Biosciences International Sàrl, Incyte has elected Incyte Biosciences, B.V. as its legal representative. Within Switzerland, Incyte Corporation and its other non-Swiss affiliates have designated Incyte Biosciences Sàrl as its legal representative for data protection purposes.

A list of all Incyte companies is available under:  http://www.incyte.com/contact-us/headquarters.aspx.

Data Protection Officer Incyte: privacy@incyte.com.

Data Protection Authority/Supervisory Authority: The Data Protection Authority/Supervisory Authority for the processing of your personal data is the authority located in the country where you live or work or where your personal data is processed.   More information about how to contact these authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en.

DOWNLOAD PDF