We use cookies to help us improve your browsing experience and understand how people use our website. Our privacy statement explains how we use cookies, and how to change your cookie settings.

Privacy Statement

Galapagos (“the Company,” “we” or “us”) values your privacy and we want to be clear about the information we collect, why we collect it, and how the information is used. For the personal data collected through this website, Galapagos NV, Generaal De Wittelaan 11 A3, 2800 Mechelen will act as the controller. In this way, we control the process by which your personal data is collected and the purposes for which your personal data is used.

Furthermore, we want you to know your rights regarding your personal data. This Privacy Statement addresses how we handle and protect personal data collected via the Galapagos website (“the Site”) or a related website controlled by the Company or personal data collected in the provision of any support or other services (“Services”). We strongly recommend that you read this Privacy Statement and, if you have any questions, contact us via dpo@glpg.com.

We confirm that personal data will be dealt with in accordance with the Belgian law of 8 December 1992 on the protection of privacy and the Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data - General Data Protection Regulation (GDPR).

Information we collect

Personal data includes any information relating to an identified or identifiable natural person (also known as a “data subject”). This may include, but is not limited to: your name, address, email address, phone number, identification number or location data.

When using our website to apply for job openings, subscribe to press releases, register for clinical trial updates or merely to contact us, we may collect the following information: your name, e-mail address and telephone number, as well as other information that you provide to us.

How we use the information we collect

We use your personal data solely for the purposes of processing your requests, to conduct our business, to develop analytics and aggregated data that allow us and our partners to improve our Site and related Services, or to correspond with you. Below is a summary of the channels through which information is currently collected on the Site including the type of personal data collected via each channel and how that data is used.

Job applications

When you apply for a position via our website, we collect the following personal data: your name, email address and your phone number. You are also required to upload your CV and a cover letter and may choose to upload a photo of yourself. This information is then entered into our human resources database which is hosted on a server in the EEA. If you have not been successful for the position for which you have applied, you will contacted via email and the personal data that was provided will be kept in the database for a maximum of three months after the date of collection. Subsequently, if we decide to keep your personal data for a longer period, we will contact you to obtain your consent.

Clinical research information portals

From time to time, we create information portals on the Site to provide interested parties with information regarding clinical research studies. When subscribing to future updates on these portals, you are required to fill in a registration form and provide the following personal data: your name, email address, country and preferences. We store information that we collect to create a “profile” of your preferences. We use this profile to improve the content of the Services and related products in which you have expressed an interest.We do not share your profile with third parties other than as set forth in our Terms and Conditions for any of the Services that may be in effect from time to time.


The Contact Page provides you with our office addresses, email addresses and telephone contact information should you wish to contact us. Other contact details can be found on our online reporting page or in the news section of the Site. By contacting us, you may provide us with personal data amongst other information in relation to your query or request. Based on the personal data you provide us, we may communicate with you in response to your inquiries, to provide the services you request. We will communicate with you by email or telephone, in accordance with your preference.

News via mail

To subscribe for Galapagos press releases, the mandatory fields required include your name and email address. This information is kept in a database which is hosted outside the EEA. We have made the necessary efforts to ensure that the processor responsible for this database has implemented sufficient technical and organisational measures to safeguard this data.


We may also use your personal data to communicate with you regarding the following:

Data retention

Your personal data is kept for no longer than is necessary in relation to the purposes for which it is collected. We will frequently review the information we hold and when there is no longer a legal or business need for us to store it. In cases of Sites providing information on clinical research studies, your personal data will be removed once the Site is no longer live, or our Services are no longer being provided.

Your rights

You have the possibility to exercise your rights as described in the GDPR. You can do this free of charge by sending an e-mail to dpo@glpg.com. As a data subject, you can exercise the following rights:

The contact details of the supervisory authorities in Europe, can be found here: https://ec.europa.eu/commission/sites/beta-political/files/national-data-protection-authorities-jan_2018_en.pdf

Conditions under which we share information

Your personal data may be used by a parent, subsidiary, or affiliate entity within the Galapagos NV corporate family, partner entities, and the vendors and service agencies that we may engage to assist us. We will never pass your personal data to anyone else without your consent, except for (a) successors in title to our business, or (b) when required by law. We will share your personal data with providers only in the ways that are described in this Privacy Statement.

We do not sell, trade, or otherwise transfer to outside parties, personal data we collect from you without your consent, except in cases where we may share personal data for any Services that may be in effect from time to time, including, without limitation, the situations described below:

International transfers

For users residing in the European Economic Area, (“EEA”), the data that we collect from you may be transferred to, and stored at, a destination outside the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.

If we do transfer data outside the EEA, we will ensure it is protected employing the following safeguards:

Information Security

We are committed to protecting the security and privacy of your information. We will use appropriate technical and organisational measures to restrict access to personal data to those of our employees, agents, contractors, or representatives who require access to such information to perform tasks assigned to them by us. All data gathered by our Services is stored by us in a secure, password-protected database. Only we and our third party processors, if any, have access to this database.

We will protect personal data provided to us by using reasonable security safeguards against loss, theft, unauthorized access, disclosure, copying, use, or modification. Although we and our third party processors implement standard security protections, we cannot guarantee the physical or electronic security of the servers and databases on which the Services are hosted. We require our partners who receive your information to agree to security requirements consistent with this Privacy Statement. If you create copies of information from the Services, we cannot protect the security and privacy of the information contained in such copies.

Cookies and Do Not Track

As is now common with most websites, our Site uses cookies to record certain information about your use of the Site. Cookies are small data files generated by a website and saved by your web browser. Any information obtained consequently is used on an anonymous, aggregated basis and you cannot be identified from it. You are not required to accept a cookie that we send to you and you can modify your browser’s settings so that it will not accept cookies. If you choose to disable cookies, you can do so specifically for the type of browser you use:


This table shows the type of cookies, the purposes for which they are used and their retention periods.

Cookie Name Purpose Retention period
(set by Google Analytics)
To help understand how visitors interact with
the websites by providing information about
the areas visited, the time spent on the
website, and any issues encountered, such as
error messages. This helps Us improve the
performance of our websites.
By default, this cookie is set to expire after 2 years
(set by Google Analytics)
This cookie is used to limit the collection of
data when there is high traffic on the site.
10 minutes
(set by Google Analytics)
To store and group the session’s activity for
each user.
25 hours
_PHPSESSID Temporarily saves the information of your
session so that you do not need to fill the form
again when you reload the page.
When the browsing session ends.
_wfvt_ [ID of website] These contain information about your general
geographic location.
When the browsing session ends.
(set by the Wordfence Security WordPress plugin)
To protect the site against malicious attacks. 24 hours
_gat_gtag_[ID of website] Identification code of website for tracking visits 2 years
scf_cookielayer_storage Saves the information regarding the fact that
you have agreed to the website's terms of use.
30 days


Certain cookies are placed by a third party, for example Google Analytics to measure the use of the website. These cookies are found in other companies’ internet tools which we use to enhance our site, for example LinkedIn and Twitter all have their own cookies, which are controlled by them. If you do not want a website to place cookies on your device, you can change the settings of your browser as abovementioned.

Our Site and Services currently do not respond to “Do Not Track” (DNT) signals.


Our Services are not aimed at people under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will take reasonable steps to remove such information from our systems and terminate the applicable account.

Changes to our Privacy Statement

From time to time, this Privacy Statement may be revised. Any changes to this Privacy Statement will be indicated through the mention of effective date and version number. Continued use of our sites after changes made to our Privacy Statement indicates your consent to the use of newly submitted information.


We reserve the right to disclose personal data in the following circumstances: as required by law; if we believe that disclosure is necessary to protect ours or others’ rights, property, or safety; to comply with a judicial proceeding, court order, or legal process served on us or the Services; or in connection with an actual or proposed corporate transaction or insolvency proceeding involving all or part of the business or assets to which the information pertains. By using the Services, you consent to having any personal data you provide to us transferred to and processed in the United States. BECAUSE SOME JURISDICTIONS DO NOT PERMIT CERTAIN LIMITATIONS OR DISCLAIMERS OF LIABILITY, THESE LIMITATIONS MAY NOT APPLY TO YOU.


For questions regarding this Privacy Statement, please contact: dpo@glpg.com.