Effective February 1, 2019
This Privacy Notice describes the privacy practices of Decibel Therapeutics, Inc. (“Decibel”, “we”, “us” or “our”), including how we collect, use, share and otherwise process Personal Data, and explains the rights and choices available to individuals with respect to their information.
Decibel may provide additional privacy notices to individuals at the time we collect their data. For example, we often provide a specific privacy notice to participants in research studies or clinical trials (collectively, “Research”) during the consent process that describes our privacy practices in connection with conducting Research. This type of an “in-time” notice will govern how we may process the information you provide at that time.
Please note this Privacy Notice applies to Decibel’s processing of job applicants personal data, but does not apply to Decibel’s processing of employee or contractor personal data.
THE INFORMATION WE COLLECT AND USE
When we use the term “Personal Data,” we mean any information that can be used to identify you, directly or indirectly, as an individual person.
We collect Personal Data about the following types of individuals: physicians and other health care professionals, clinical trial investigators, Research participants, researchers, contractors, consultants, job applicants, volunteers, and other individuals who interact directly with Decibel or its business partners, including users of our website.
We collect and use Personal Data in the following ways:
Data Provided By You
We collect and use Personal Data that you provide to us in the following ways:
- Communications. If you communicate with us through the website or by email, mail, phone, text, chat, or any other paper or electronic form, we collect your contact information, such as your name, address, email address and phone number, the content of the communication, including any self-identified medical history or medical condition, and the metadata associated with the communication. We use this information to investigate and respond to your inquiries and to communicate with you. At your request, we may use information you provide in your communications to contact you with information regarding Research, to evaluate your eligibility for the Research and, as appropriate, to invite you to participate in Research. If you wish to stop receiving email messages from us, please see the “Privacy Preferences” section below.
- Newsletters. If you sign up for a newsletter, we collect your contact information, disease state of interest and communication preferences. We use this information to manage our communications with you. If you wish to stop receiving email messages from us, please see the “Privacy Preferences” section below.
- Registration. If you register in our database as someone with a medical condition or disease state, we collect your contact information, demographic information, such as country, age range, gender, marital status or zip code, communication preferences and information about your or your family’s medical history, including any disease state diagnoses or treatments. Depending on your preferences, we may use registration information to contact you with information regarding Research, to evaluate your eligibility for the Research and, as appropriate, to invite you to participate in Research. If you wish to stop receiving email messages from us, please see the “Privacy Preferences” section below.
- Comment Submissions. If you submit publicly-accessible comments on the website, we collect your name, email and the information you supply in the comment. This information allows us to communicate with you about your comment and to display your comment online. Please be aware that any stories, comments or other information that you submit on a public forum will be publicly accessible. If you wish to delete your comment, please contact us using the information in the “Contact Us” section below.
- Employment Applications. If you submit an application for employment, we collect your contact and demographic information, education, work and research history, employment needs and interests, and any other information you choose to provide. We use this information to evaluate your eligibility and candidacy for employment, to communicate with you before, during and after the relevant application process and to facilitate the application process and any pre-contractual steps needed prior to employment.
- Events. If you register for any Decibel event, such as a training, lecture, seminar, workshop or open house event, we collect your contact and demographic information, including education information and medical or other professional credentials. We require these details in order to register you in the program, administer the event, contact you about your experience and to inform you about future events that may be of interest to you.
- Business Partners. If you are a business partner or service provider, such as a health care professional partnering with Decibel on Research, or otherwise providing services to Decibel, we may collect your contact information, professional credentials, educational and professional history, institutional affiliations, background checks, performance reviews, and information need for the purposes of compensation. We use this information to communicate with you, to staff, administer and facilitate Research, to comply with regulatory monitoring and reporting obligations and to identify and engage with thought leaders and external experts.
Data We Obtain from Third Party Sources
We collect Personal Data from the following third party sources.
- Business Partners and Service Providers: We collect information about individuals from our business partners and service providers, including healthcare professionals, contract research organizations, market research providers, industry and patient groups and associations, and recruiters. The information may include contact information, demographic information, health and medical information, educational and professional history, institutional affiliations, background checks and performance reviews. We use this information to administer and facilitate Research, coordinate events and programs, conduct market research and to identify potential employment candidates.
- Publicly Available Sources: We collect information about individuals from publicly available sources, such as public comments on Decibel and its operations on social media platforms (for example, Facebook, Twitter, and Instagram) or publicly available research. This information enables us to conduct market research about the company and industry trends, analyze public interactions with Decibel, identify experts and improve our programs, events, and other offerings.
Data We Collect Automatically
We use certain technologies on the website to collect information about the device or browser you use to navigate our website.
The technologies we use may include the following:
- Web Logs: Like most websites, we automatically gather certain information about our website traffic and store it in log files. This information includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use log data to analyze trends on our website, manage and administer the content, security and availability of our website, improve the content, overall performance and user experience on the website, and for fraud protection and to protect our rights and the rights and safety of individuals.
Other Uses of Personal Data:
In addition to the uses described above, we may use your Personal Data for the following purposes:
- Maintaining, improving and delivering the website;
- Communicating with you to provide technical or administrative support;
- Developing new resources and services;
- Conducting, managing and growing our business;
- Defining and managing appropriate patient engagement activities, and patient support programs;
- Paying for services that physicians, researchers and other individuals may provide to us;
- Preventing, investigating and providing notice of fraud, unlawful or criminal activity, unauthorized access to or use of Personal Data, the website or our data systems, and to meet legal, regulatory, judicial and company policy obligations;
- For any other lawful, legitimate business purposes.
HOW WE SHARE AND DISCLOSE PERSONAL DATA
We share Personal Data in the following ways:
- Service Providers: We share Personal Data with third-party service providers who perform services on our behalf, such as health care professionals, contract research organizations or other medical institutions conducting research on our behalf, data storage and analytics providers, recruiters, background check providers, event coordinators, market research providers, technology providers (including technology support providers, email communications providers and web developers).
- Research: We may disclose Personal Data to third-party medical institutions and research institutes for those organizations to perform independent research as permitted by law.
- Regulatory or Legal Requirements, Safety and Terms Enforcement: We may disclose Personal Data to governmental regulatory authorities as required by law, including in connection with monitoring, review and approval of our studies, products and services, and adverse event reporting, in response to their requests for such information or to assist in investigations. We may also disclose Personal Data to third parties in connection with claims, disputes or litigation, when otherwise required by law, or if we determine its disclosure is necessary to protect the health and safety of you or us, to protect against fraud or credit risk, or to enforce our legal rights or contractual commitments that you have made.
- Business Transfers: We may disclose Personal Data as part of a corporate business transaction, such as a merger, acquisition, joint venture, financing, or sale of company assets and may transfer Personal Data to a third party as one of the business assets in such a transaction. We may also disclose Personal Data in the event of insolvency, bankruptcy, or receivership.
If you have opted in to our email communications (or where permitted by law, if you have provided us or we have obtained your contact information for the purposes of marketing communications), you may choose to opt-out of receiving further commercial messages from us by following the unsubscribe instructions in the email you received. In addition, you can manage your email preferences by contacting us at firstname.lastname@example.org. Please note that you may continue to receive certain transactional or administrative email communications from us.
If you have provided consent for our processing of your health-related data, including your self-identification as someone with a medical condition or disease state, you may withdraw such consent at any time and request the erasure of your data by contacting us at email@example.com. A withdrawal of your consent does not affect the lawfulness of our use of the data prior to the withdrawal. Please note that, in certain cases, we may continue to process your Personal Data after you have withdrawn consent if we have a legal requirement to do so. For example, we may retain certain information if we need to do so to comply with independent legal obligations.
You may contact us to update Personal Data we have about you by contacting us at firstname.lastname@example.org.
The website is not intended for, or directed to, children under the age of 13. We do not knowingly receive Personal Data from children under the age of 13. If you are under the age of under the age of 13, do not provide us with any Personal Data either directly, through any website forms, or by any other means. If you become aware that your child has provided us with Personal Data, please contact us at email@example.com.
SECURITY OF PERSONAL DATA
We strive to put in place measures to protect the Personal Data that we process in connection with the Services. However, we cannot 100% guarantee the security of Personal Data that we process in connection with our business, or that your Personal Data will not be unlawfully accessed by third parties. You can also take additional measures to protect yourself and your information, such as keeping log-in credentials and passwords confidential.
If you are located in the European Economic Area (“EEA”) or Switzerland, these following additional disclosures apply to the processing of your Personal Data.
- Data Subject Rights: Upon request, we will provide you with information about whether we hold any of your Personal Data, along with any details required to be provided to you under applicable law. In certain cases, you may also have a right to:
- Rectify any of your Personal Data that is inaccurate;
- Restrict or limit the ways in which we use your Personal Data;
- Object to the processing of your Personal Data;
- Request the deletion of your Personal Data; and
- Obtain a copy of your Personal Data in an easily accessible format.
To submit a request, please contact us using the information in the “Contact Us” section below. We will respond to your request within a reasonable timeframe.
You have the right to lodge a complaint with your national data protection authority (i.e., supervisory authority, https://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm).
- Legal Basis for Processing: In this section, we identify the lawful grounds we rely on for processing Personal Data.
|Consent||If Decibel relies on consent for the processing of Personal Data, we will provide transparent notice of the purposes for which we seek such consent at the time we collect your Personal Data.
If Decibel wishes to process any special categories of Personal Data as set out in Article 9(1) of the EU’s General Data Protection Regulation, Decibel may obtain your explicit consent for such processing.
For information on how to withdraw consent, please see the “Privacy Preferences and Retention” section of the Privacy Notice.
|Contractual Necessity||Decibel processes Personal Data to fulfill our contracts with our business partners and service providers, such as for rendering payment or communicating with health care professionals or consultants.|
|Legal Obligation||Decibel may process Personal Data as specifically required by applicable legal obligations, such as laws and regulations that require Decibel to process Personal Data for purposes of obtaining medical research approvals and spend transparency disclosures.|
|Public Interest||Decibel may process Personal Data for scientific or historical research purposes, or statistical purposes in the public interest, as authorized by applicable law.
If Decibel wishes to process any special categories of Personal Data as set out in Article 9(1) of the EU’s General Data Protection Regulation, it may do so when necessary for scientific research purposes.
|Legitimate Interests||Decibel may process Personal Data subject to its own legitimate interests, such as to develop, administer and support our research; to operate, evaluate and improve our business; to facilitate and manage patient advocacy and engagement programs; to promote scholarly research; to support our recruitment activities; or to facilitate a sale of assets or merger or acquisition.
|Compatible purposes||Decibel may also process Personal Data for purposes that are compatible with those described above. Such purposes may include scientific research.|
- Data Retention. We retain Personal Data for as long as necessary to carry out the purposes of processing described in this Privacy Notice, unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights. The criteria used to determine the period for which Personal Data about you will be stored varies depending on the legal basis under which we process such personal data:
|Consent||For the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain personal data about you erased (see Data Subject Rights section above).|
|Contractual Necessity||For the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the limitation period for legal claims that could arise from the contractual relationship.|
|Legal Obligation||For the duration of any legal required retention period, or as needed to preserve evidence for known, threatened or suspected legal claims, actions or other proceedings.|
|Public Interest||For the period of time necessary to fulfill the purposes of the business process in the public interest.|
|Legitimate Interests||For a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of the data subjects.|
International Data Transfers. Information collected through our website or otherwise sent to us electronically is maintained in the United States. The countries to which we transfer Personal Data may not have the same data protection laws as the country in which you initially provided the information. By submitting Personal Data to Decibel, you agree that Decibel may maintain the information in the U.S. and share the Personal Data as described in this Privacy Notice.
- When we transfer Personal Data across borders, we consider a variety of requirements that may apply to such transfers. Specifically, we may transfer Personal Data from the EEA or Switzerland to:
- Countries that the European Commission has deemed to adequately safeguard Personal Data, and
- Third countries where the European Commission has not issued an adequacy decision and subject to appropriate or suitable safeguards, including:
- Pursuant to the recipient’s compliance with standard contractual clauses, EU-US Privacy Shield, or Binding Corporate Rules,
- Pursuant to the consent of the individual to whom the Personal Data pertains,
- To perform a contract with you or to perform a contract that we enter in your interest, and
- As otherwise permitted by applicable EEA requirements.
You may request information relating to the applicable safeguards by contacting us using the information in the “Contact Us” section below.
LINKS TO OTHER WEBSITES
As a convenience to our visitors, the website contains links to some external sites and digital services operated by third parties that we believe may offer information of interest to our website visitors. This Privacy Notice does not apply to these websites.
Our website also include features like buttons and widgets hosted by other companies (for example, the Facebook “share” button). Some of these features collect Personal Data or other information such as your IP address and your actions on our website. This Privacy Notice does not apply to the practices of these third parties. We encourage you to review the privacy notices of those third parties to learn about their Personal Data and privacy practices.
UPDATES TO THE PRIVACY NOTICE
This Privacy Notice is subject to occasional revisions. We will notify you of changes by posting the new policy on the Sites and updating the effective date of the policy. Decibel encourages visitors to check this page frequently for any changes to this Privacy Notice. Continued use of the website following such changes will indicate your acknowledgement of, and agreement to be bound by the changes.
If you have questions, comments or requests about this Privacy Notice or your Personal Data, you may contact us at:
Decibel Therapeutics, Inc.
1325 Boylston Street
Boston, MA 02215
Phone Number: (617) 935-0635
Email Address: firstname.lastname@example.org
Decibel Cookie Notice
Effective February 1, 2019
Cookies are small amounts of data which your web browser stores on your device at the request of certain websites. Cookies are then sent back to the originating web domain on your subsequent visits to that domain. Most web pages contain elements from multiple web domains so when you visit the website, your browser may receive cookies from several sources.
Cookies are useful because they allow a website to recognize a user’s device. Cookies allow you to navigate between pages efficiently, remember preferences and generally improve the user experience. They can also be used to tailor advertising to your interests through tracking your browsing across websites.
There are two primary types of cookies that are used, session cookies and persistent cookies. Session cookies are deleted automatically when you close your browser and persistent cookies remain on your device after the browser is closed (for example to remember your user preferences when you return to the site). Each cookie typically falls into one of several categories.
TYPES OF COOKIES DECIBEL USES
We describe the categories of cookies Decibel and its service providers use below.
Strictly Necessary Cookies
These cookies are essential in order to enable you to move around the Website and use its features. Without these cookies, Website pages you have asked for cannot be provided.
We make use of analytics cookies to analyze how our visitors use our Website and to monitor Website performance, including those by Google Analytics. This allows us to provide a high-quality experience by customizing our offering and quickly identifying and fixing any issues that arise. For example, we might use performance cookies to keep track of which pages are most popular, which method of linking between pages is most effective, and to determine why some pages are receiving error messages. We might also use these cookies to highlight articles or site services that we think will be of interest to you based on your usage of the website. To learn more about the use of data collection technologies by Google for analytics and to exercise choice regarding those technologies, please visit the Google Analytics Opt-Out browser add-on page.
Website Functionality Cookies
THIRD PARTY WEBSITES
Please note that this Cookie Notice does not apply to, and we are not responsible for, the cookie practices of third-party websites that may be linked to this Website.
CHANGES TO THE COOKIE NOTICE
We may update this Cookie Notice and we would encourage you to review the notice from time to time to stay informed of how we are using cookies.