We use cookies to help us improve your browsing experience and understand how people use our website. Our privacy statement explains how we use cookies, and how to change your cookie settings.

Privacy Statement


I am a Healthcare Professional   I am a Patient / Patient Representative   I am a Job Applicant


Galapagos (“the Company,” “we” or “us”) values your privacy and we want to be transparent about the information we collect, why we collect it, and how the information is used. For the personal data collected through this website, Galapagos NV, Generaal De Wittelaan 11 A3, 2800 Mechelen will act as the controller. In this way, we control the process by which your personal data is collected and the purposes for which your personal data is used.

Furthermore, we want you to know your rights regarding your personal data. This Privacy Statement addresses how we handle and protect personal data collected via the Galapagos website (“the Site”) or a related website controlled by the Company or personal data collected in the provision of any support or other services (“Services”). We strongly recommend that you read this Privacy Statement and, if you have any questions, contact us via dpo@glpg.com.

We confirm that personal data will be dealt with in accordance with the Belgian, European, and relevant United States privacy laws and regulations, including Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data and the Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data - General Data Protection Regulation (GDPR).

Personal data includes any information relating to an identified or identifiable natural person (also known as a “data subject”). This may include, but is not limited to: your name, address, email address, phone number, identification number or location data. More information on personal data we collect can be found below in specific sections of this Privacy & Cookie Statement.

We use your personal data solely for the purposes of processing your requests, to conduct our business, to develop analytics and aggregated data that allow us and our partners to improve our Site and related Services, recruitment-relating purposes or to correspond with you. Below is a summary of the channels through which information is currently collected on the Site including the type of personal data collected via each channel and how that data is used.

We will only process your personal data if we have obtained your prior consent, if the processing is necessary to perform our contractual obligations or to take pre-contractual steps at your request, if the processing is necessary to comply with legal or regulatory obligations or if the processing is necessary for our legitimate interests.

When using our website to subscribe to press releases, register for clinical trial updates or merely to contact us, we may collect the following information: your name, e-mail address, company you work for and preferred language of communication, as well as other information that you choose to provide to us.


The Contact Page provides you with our office addresses, email addresses and telephone contact information should you wish to contact us. Other contact details can be found on our online reporting page or in the news section of the Site. By contacting us, you may provide us with personal data amongst other information in relation to your query or request. Based on the personal data you provide us, we may communicate with you in response to your inquiries, to provide the services you request. We will communicate with you by email or telephone, in accordance with your preference.

News via mail

To subscribe to Galapagos’ press releases, the mandatory fields required include your name and email address. This information is kept in a database which is hosted outside the EEA. We have made the necessary efforts to ensure that the processor responsible for this database has implemented sufficient technical and organisational measures to safeguard this data.

We may also use your personal data to communicate with you regarding the following:

    • with your express consent, to contact you in the future regarding studies involving the same investigative compound or new opportunities from Galapagos that may be appropriate;
    • service-related announcements on rare occasions when it is necessary to do so. For instance, if our Services are temporarily suspended for maintenance, we might send you an email;
    • inform you about important changes to this policy or Site.

From time to time, we create information portals on the Site to provide interested parties with information regarding clinical research studies. When subscribing to future updates on these portals, you may be required to fill in a registration form and provide the following personal data: your name, email address, country and preferences. We store information that we collect to create a “profile” of your preferences. We use this profile to improve the content of the Services and related products in which you have expressed an interest. We do not share your profile with third parties other than as set forth in our Terms and Conditions for any of the Services that may be in effect from time to time.

In case you are a business contact person for Galapagos, your personal data is used for business relationship management purposes such as maintaining the ongoing relationship with, e.g., our contractors, service providers, partners, consultants, etc. The personal data that is being used may include but is not limited to: your name, e-mail address, telephone number, organization related details, contact history, signature. This information may either be directly provided by you or by the organization you are related to.

Our customer database includes individuals with whom we had previous business relations including but not limited to researchers that participated in clinical trials, Key Opinion Leaders, (former-) members of the advisory and scientific boards, contacts gathered at events, and individuals that have contacted Galapagos. The database also includes publically available contact information.

In case you are a customer or prospect customer of Galapagos, your personal data is used for business development purposes such as communication on the Services and related products, organization of focus-group discussions, market studies and others. The personal data that is being used may include but is not limited to: your name, e-mail address, telephone number, organization related details, contact history with Galapagos.

Your personal data is kept for no longer than is necessary in relation to the purposes for which it is collected. We will frequently review the information we hold and when there is no longer a legal or business need for us to store it. In cases of clinical research information portals providing information on clinical research studies, your personal data will be removed once the portal is no longer live, or our Services are no longer being provided.

In order to protect the Company against any legal claims or to respond to potential inquiries, files may be stored in back-ups of the Company or in the archives in function of the applicable statutes of limitation. These archived copies will only be used if strictly required by the Company for the establishment, exercise or defense of legal claims and can, in such situations, be shared with legal advisors.

You have the possibility to exercise your rights as described in the GDPR. As a data subject, you can exercise the following rights:

  • Right to information

    You may request access to all personal data collected (including processing purposes, categories of personal data, estimated retention period) for inspection.
  • Right to rectification, erasure and restriction

    You have the right to have incorrect personal data corrected or amended and, under certain circumstances, the right to have your personal data removed from our files. You acknowledge that, if you refuse to provide certain data or ask for the erasure of your personal data, we will no longer be able to provide certain services. You also have the right, under certain circumstances, to ask for the restriction of the processing of your personal data.

  • Right to withdraw consent

    If the processing activity is based on our consent, you have a right to withdraw this consent at any point. Please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

  • Right to object

    If you no longer wish to be informed about any updates or receive direct marketing, you are entitled to make such a request by mailing to info@glpg.com or you can click on the unsubscribe link available in our e-mails. Please note that you are not entitled to object to the processing of your personal data if such personal data is necessary for the execution of the agreement between us or your company (for example: for invoicing the data subject or the data subject’s company for ordered services).

  • Right to data portability

    You have the right to receive your personal data that is processed by us, in a structured, commonly used and machine-readable format and/or to transmit that data to another controller.

  • Right to lodge a complaint

    If, at any time, you are of the opinion that we have infringed your privacy, you have the right to lodge a complaint with the supervisory authority which is responsible for the protection of personal data in the country where you reside. The contact details of the supervisory authorities in Europe, can be found here.

To exercise the above rights, you can contact Galapagos Data Protection Officer, dpo@glpg.com. After verifying your identity and data subject rights applicability criteria, we will do everything reasonably possible to comply with the request unless it will require completely unreasonable measures (e.g. technically or organizationally virtually impossible or extremely costly). We may refuse to process requests that are unreasonably repetitive or systematic.

Your personal data may be used by a parent, subsidiary, or affiliate entity within the Galapagos NV corporate family, partner entities, and the vendors and service agencies that we may engage to assist us. We will never pass your personal data to anyone else without your consent, except for (a) successors in title to our business, or (b) when required by law. We will share your personal data with providers only in the ways that are described in this Privacy Statement.

We do not sell, trade, or otherwise transfer to outside parties, personal data we collect from you without your consent, except in cases where we may share personal data for any Services that may be in effect from time to time, including, without limitation, the situations described below:

  • We may release personal data to authorized agents or third-party contractors whom we employ to perform tasks on our behalf and to the extent we need to share information with them to conduct our business or to provide products, services and offers to you. Unless we communicate with you differently, our authorized agents do not have the right to use any personal data we share with them beyond what is necessary to work with us. You hereby consent to our sharing of personal data we collect from you for the above purposes.

  • We may disclose your personal data if we believe it is necessary to investigate potential violations of our Terms and Conditions, or to enforce those Terms and Conditions.

For users residing in the European Economic Area, (“EEA”), the data that we collect from you may be transferred to, and stored at, a destination outside the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.

If we do transfer data outside the EEA, we will ensure it is protected employing the following safeguards:

  • transfer the data to a non-EEA country which has been awarded an adequacy decision by the European Commission;

  • put in place a data transfer and data processing agreement with Galapagos affiliates or third party to ensure that they protect the data with the same level of protection as required within the EEA.

We are committed to protecting the security and privacy of your information. We will use appropriate technical and organisational measures to restrict access to personal data to those of our employees, agents, contractors, or representatives who require access to such information to perform tasks assigned to them by us. All data gathered by our Services is stored by us in a secure, password-protected database. Only we and our third party processors, if any, have access to this database.

We will protect personal data provided to us by using reasonable security safeguards against loss, theft, unauthorized access, disclosure, copying, use, or modification. Although we and our third party processors implement standard security protections, we cannot guarantee the physical or electronic security of the servers and databases on which the Services are hosted. We require our partners who receive your information to agree to security requirements consistent with this Privacy Statement. If you create copies of information from the Services, we cannot protect the security and privacy of the information contained in such copies.

Galapagos uses camera surveillance on its premises for safety, security and property protection purposes. The use of surveillance cameras, management of IT equipment, monitoring and litigation management is necessary to protect Galapagos’ legitimate interests for the purposes described. Camera surveillance images are kept for thirty days, after which they are deleted. As a data subject, you have the right to exercise the rights detailed in this privacy notice.

Our Services are not aimed at people under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will take reasonable steps to remove such information from our systems and terminate the applicable account.

From time to time, this Privacy Statement may be revised. Any changes to this Privacy Statement will be indicated through the mention of effective date and version number. Continued use of our sites after changes made to our Privacy Statement indicates your consent to the use of newly submitted information.

We reserve the right to disclose personal data in the following circumstances: as required by law; if we believe that disclosure is necessary to protect ours or others’ rights, property, or safety; to comply with a judicial proceeding, court order, or legal process served on us or the Services; or in connection with an actual or proposed corporate transaction or insolvency proceeding involving all or part of the business or assets to which the information pertains. By using the Services, you consent to having any personal data you provide to us transferred to and processed in the United States. BECAUSE SOME JURISDICTIONS DO NOT PERMIT CERTAIN LIMITATIONS OR DISCLAIMERS OF LIABILITY, THESE LIMITATIONS MAY NOT APPLY TO YOU.

For questions regarding this Privacy Statement, please contact: dpo@glpg.com.