SAREPTA WEBSITE PRIVACY POLICY

Last Reviewed: February 2023

INTRODUCTION

Sarepta Therapeutics, Inc. ("Sarepta", "Company" or "We") respects your privacy and is committed to protecting your personal information through our compliance with this policy. This policy describes the types of personal information we may collect from you or that you may provide when you visit www.sarepta.com, http://www.duchenne.com/ or any social media site, mobile sites, or online application owned and/or operated by the Company, including any content, functionality and services offered on or through these sites or channels (our "Websites"), and our practices for collecting, using, maintaining, protecting and disclosing that personal information.

This policy applies to personal information.  “Personal information” is any information—as electronically or otherwise recorded—that can be used to identify a person or that we can link directly to an individual, such as name, address, email address, or telephone number, as applicable.  This policy applies only to personal information we may collect:

  • on our Websites;
  • through e-mail, text and other electronic messages between you and our Websites;
  • through mobile and desktop applications downloaded from our Websites, which may provide dedicated non-browser-based interaction between you and our Websites; and
  • when you interact with our advertising and applications on third-party websites and services, but only if those applications or advertising include links to this policy.

We may have other unique privacy policies that apply to certain specific situations, such as if you participate in a clinical trial we sponsor.  To the extent you were provided with a different privacy notice or policy that applies, that notice or policy will govern our interactions with you, not this one.

This policy does not apply to information collected by:

  • us offline or through any other means not included in the above-provided definition of our Websites; or
  • any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website.

Please read this policy carefully to understand our policies and practices regarding your personal information and how we will treat it. If you do not agree with our policies and practices, you should not use our Websites or register for the services and information we offer. By accessing or using our Websites, you agree to this privacy policy.

Please be aware that personal information we collect and process from the Websites may be transferred and maintained outside of your state, province, country, including in and to the United States.  Please note that the laws of the United States pertaining to the use and protection of personal information may differ from that of other countries.

CHANGES TO OUR PRIVACY POLICY

We will post any changes we make to our privacy policy on this page. If we make material changes to how we treat your  personal information, we will notify you by email to the primary email address specified in your account and/or through notices on our Websites. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date, active, and deliverable email address for you, and for periodically visiting our Websites and this privacy policy to check for any changes. Your continued use of our Websites after we make changes to our privacy policy is deemed to be acceptance of those changes, so please check the policy periodically for updates.

CHILDREN UNDER THE AGE OF 16

No one under age 16 may provide information on our Websites. Our Websites are not directed at minors under 16 and we do not knowingly collect, maintain, disclose, or otherwise process personal information of minors below the age of 16 without the permission of such minor’s parents or legal guardians. If you believe we have any personal information from or about a minor under 16 without parental or guardian consent, please contact us at [email protected] so that we may identify and delete that personal information.

INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT PROCESS, AND SHARE IT

  • “Personal information” is any information—as electronically or otherwise recorded—that can be used to identify a person or that we can link directly to an individual, such as name, address, email address, telephone number, or credit card number, as applicable. Personal information in some jurisdictions can include information that indirectly identifies a person even absent other identifying information.
  • Personal information may include information considered sensitive in some jurisdictions, such as biometric information, genetic information, medical and health information, financial account information, geolocation, ethnic or racial origin, information concerning your sex life or your sexual orientation, and other information.
  • We will process any personal information we collect in accordance with applicable law and as described in this privacy policy (unless, as explained above, a separate policy or notice governs).  
  • Below is a summary of how we collect, process, and use personal information and the potential recipients of your personal information, and how we have done so in the preceding 12 months.  Some jurisdictions require us to state the legal bases for processing your personal information, which are included below, but please note that not all jurisdictions may recognize all legal bases.
Examples of the types of personal information we process: Where do we get the personal information? Why do we process the personal information What are the legal bases for processing? Who receives the personal information?*

Identity and contact information, such as:

  • first and last name
  • email address
  • postal address
  • phone number
  • username and password

Other personal information, such as:

  • age
  • gender
  • marital status
  • disability
  • date of birth

Visual Information, such as:

  • pictures and videos

Technical Information, such as:

  • Internet Protocol (IP) addresses (which may identify your general geographic location or company)
  • browser type and browser language
  • device type
  • advertising IDs associated with your device (such as Apple’s Identifier for Advertising (IDFA) or Android’s Advertising ID (AAID))
  • date and time you used the Websites
  • Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving the Websites
  • activity on the Websites
  • data collected from cookies or similar technologies****
  • geolocation information

Anonymized / De‑identified Data
Anonymized data is data for which your individual personal characteristics have been removed such that you are not identified and the information is no longer considered Personal Data under data protection laws.

 

  • you directly
  • your devices
  • third parties

 

  • to respond to your inquiries for information, and to provide you with information about Sarepta and its products and services, by email, regular mail, text message or phone according to your preferences
  • to present our Websites and their contents to you according to your preferences
  • to develop statistics and analysis to improve and further develop our Websites and the information and services we may offer from time to time
  • to request your participation in Sarepta surveys and other market research which can include requests for demographic, geographic or other personal information as well as questions regarding a patient’s medical condition and other data which Sarepta may use to create useful services and information for users of our Websites and for other lawful business purposes
  • to fulfill any other purpose for which you provide it
  • to provide you with notices
  • to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, our Terms of Use and for billing and collection
  • to notify you about changes to our Website or any products or services we offer or provide through it
  • to allow you to participate in interactive features on our Websites
  • in any other way we may describe when you provide the information
  • to identify and authenticate you
  • to detect security incidents
  • to protect against malicious or illegal activity
  • for short-term, transient use
  • for administrative purposes
  • for quality assurance
  • for the purposes of our legitimate interests
  • to comply with a legal obligation
  • in preparation for or to perform a contract
  • in circumstances in which we have requested and received consent and for other purposes that may be required or allowed by law*

  • Our affiliates, subsidiaries, and related companies
  • partners that assist us in administering our business***

 

*The legal bases we rely upon include those enumerated in Articles 6 and 9 of the European Union’s General Data Protection Regulation (GDPR), depending on the type of Personal Data.

**We do not sell or share your personal information for cross-context behavioral advertising.

***In limited circumstances, recipients may include, (1) in the event of a sale, assignment, or transfer, to the buyer, assignee, or transferee; and, (2) government or regulatory officials, law enforcement, courts, public authorities, or others when permitted by this Policy or required by law.

****Please see our Notice on Cookies for more information on how we use cookies and similar technologies.

User-Generated Information

You also may provide information to be used, published or displayed (hereinafter, "posted") on public areas of our Websites, or to be transmitted to other users of our Websites (collectively, "User-Generated Information"). When you provide User-Generated Information, you do so at your own risk. Although in some cases you may be able to establish certain privacy settings for your User-Generated Information that is posted on our Websites, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of our Websites with whom you may choose to share your User-Generated Information. Therefore, we cannot and do not guarantee that your User-Generated Information will not be viewed by unauthorized persons.

Information Collected Automatically

The information about you that we collect automatically does not identify you personally, but rather only by reference to the device you use to access our Websites. This information tells us about your usage of our Websites, which helps us to improve our Websites and to deliver a better and more personalized service to you. By enabling us to take into account your Website usage patterns and preferences, this information helps us to customize our Websites according to your individual interests, to speed up your searches, and to recognize you when you return to our Websites.

The technologies we use for this automatic data collection may include:

  • Cookies (browser or flash cookies). A browser cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. Certain features of our Websites may also use local stored objects (or flash cookies) to collect and store information about your preferences and navigation to, from and on our Websites. You are able to limit access of flash cookies to your computer with add-ons and other tools available online. If you limit access of cookies, you may be unable to access certain parts of our Websites. Unless you have adjusted your settings so that it will refuse cookies, our system will issue cookies when you direct your browser to our Websites.
  • Web Beacons. Pages of our Websites and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

For more information about these technologies and how to manage or opt out of them, please see our Notice on Cookies.

Although the information we collect automatically does not personally identify you, we may link that information to information that does personally identify you that we otherwise collect as described in this policy.

Website Analytics

The Websites may use Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies to analyze use patterns and may collect information about your use of the website, including your IP address. More information on Google Analytics can be found here: www.google.com/policies/privacy/partners/. If you would like to opt-out of having your data used by Google Analytics, please use the Google Analytics opt-out available here: https://tools.google.com/dlpage/gaoptout/.  Please note that we make no representations regarding the functionality of Google opt-out mechanisms, and further, opting out of Google Analytics will not preclude the use of your data by other analytics services that we may use.

CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION

We strive to provide you with reasonable choices regarding the collection and use of information about you. For example, you may: (1) choose not to provide personal information on our Websites, (2) set your browser preferences and use web tools available to block the cookies sent in connection with your use of our Websites, (3) follow the instructions to unsubscribe from our services included on our Websites and the communications sent to you, and/or (4) email a request to unsubscribe from our services to [email protected].

YOUR RIGHTS REGARDING YOUR PERSONAL DATA

Please note that in many circumstances, we cannot effectively do business with you without processing some Personal Data about you (e.g., your contact information).  

You may have a right under your area’s data protection law to the following rights with respect to some or all of your Personal Data:

  • to request access to your Personal Data;
  • to request that we rectify or erase your Personal Data;
  • to request that we restrict or block the processing of your Personal Data;
    • this includes the right to opt out of solicitations
  • to provide your Personal Data directly to another, i.e., a right to data portability;
  • when we previously obtained your consent, to withdraw consent to processing; and
  • to lodge a complaint with the data protection authority in your area.

You can make a request with respect to your Personal Data by (1) emailing us at [email protected] (2) mailing us at 215 First Street Cambridge, MA 02142; or (3) calling us at 1-888-SAREPTA (1-888-727-3782).  We will make reasonable efforts to respond promptly to your requests in accordance with applicable laws.  We may, after receiving your request, require additional information from you to honor the request and verify your identity.  Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.

Kindly note that, if you delete your User-Generated Information from any of our Website, copies of your User-Generated Information may remain viewable in cached and archived pages, or might have been copied or stored by other Website users. Proper access and use of information provided on our Website, including User-Generated Information, is governed by our Terms of Use.

DATA SECURITY

We have implemented measures designed to secure your personal information from unauthorized access, use, alteration and disclosure. All information you provide to us is stored on our secure servers behind firewalls.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Websites. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our Websites.

HOW LONG YOUR PERSONAL INFORMATION WILL BE RETAINED

We generally retain personal information for as long as needed for the specific purpose or purposes for which it was collected.  In some cases, we may be required to retain personal information for a longer period of time by law or for other necessary business purposes.  Whenever possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the specified retention period.

CONTACT INFORMATION

To ask questions or comment about this privacy policy and our privacy practices, contact us at:

Sarepta Therapeutics
Attn: Corporate Communications
215 First Street
Cambridge, MA 02142
1-888-SAREPTA (1-888-727-3782)
[email protected]