Last update : 12 May 2021
We (Galapagos NV located Generaal De Wittelaan 11 A3, 2800 Mechelen, “Galapagos”, “we,” or “us”) are committed to ensure the protection of personal data of all individuals who are currently collaborating with us, including patients and patient representatives. Your personal data are handled and protected with the utmost care, in accordance with the requirements imposed by European and local data protection laws.
In this privacy notice we explain the principles that we apply, in our capacity as a controller, when we process patients and patient representative’s personal data. It applies to all personal data that is collected and processed in any format, whether electronic or paper.
1. The personal data we collect
We process the personal data us only for specific purposes and only if we have a legal basis to do so.
|Our purpose||Categories of personal data we collect from you||Our legal basis to process your personal data|
|Get your input and insights in patient-related matters||
||Our legitimate interest to receive information on patient related matters in order to develop medicines|
|Get your testimony about your disease||
Your explicit consent
2. How long we keep your personal data
We will keep your personal data as long as we have a legitimate reason to keep it unless you withdraw your consent to process your personal data. We frequently review the personal data we hold and delete it when we no longer need it.
3. Sharing your personal data with third parties
We obtain assistance or call on third parties as virtual platforms (e.g.Within3) for the abovementioned purpose. These third parties will be required to process your personal data only in accordance with our instructions and must maintain reasonable security of your personal data.
It may occur that data about you is shared within the Galapagos group of companies if this is necessary to achieve specific purposes. We take appropriate measures to ensure that all the entities of the Galapagos group are submitted to the same or equivalent data protection rules. If the entity is located outside the EEA, we will take the necessary measures to ensure the equivalent protection as within the EEA.
As a general rule, the data that we collect from you is not transferred outside the EEA. If we, in exceptional circumstances, do transfer data outside the EEA, we will appropriately inform you about this and we will ensure it is protected employing the following safeguards:
4. Security of your personal data
We acknowledge our responsibility to ensure an appropriate level of security with regard to your personal data. Therefore, we have implemented various technical and organizational security measures in order to protect the personal data against loss, alteration, accidental or unlawful destruction, unauthorized disclosure of, or access to the personal data.
5. Your rights
When we collect and use your personal data, you enjoy a number of rights which include:
Unless specified otherwise, you can exercise those rights by sending a request to firstname.lastname@example.org. After verifying your identity and applicability criteria, we will ask a general rule, provide you with information on action taken within one month of receipt of the request.
6. Changes to this Privacy Notice
Changes to this Privacy Notice can be made from time to time, in accordance with European and local data protection laws. When we change the content of this Privacy Notice, we will change the date and version number of the ‘last update’ of this Privacy Notice.
If you have any questions or comments with regard to the contents of this Privacy Notice or if you want to exercise one of your rights in relation to the data processed by us, you can contact our Data Protection Office by sending an email to email@example.com.