Privacy Policy

PRAXIS PRECISION MEDICINES INC.
PRIVACY POLICY

Last Updated: [May 19, 2022]

This Privacy Policy (“Privacy Policy”) describes the data protection practices of Praxis Precision Medicines Inc. and any affiliates (collectively, “Praxis,” “we,” “our,” or “us”), including when you visit a Praxis website that links to this Privacy Policy, such as including, but not limited to, www.praxismedicines.com (our “Sites”), participate in one of our clinical research studies (the “Studies”), or otherwise provide personal information to Praxis. We refer to the Sites, Studies, and other services provided by Praxis together in this Privacy Policy collectively as the “Services.” Please note that our Sites, Studies and other Services may provide privacy policies, informed consent forms and other types of just-in-time notices that supplement this Privacy Policy and describe the processing of your personal information in relation to the Services.

This Privacy Policy does not apply to our processing of information about employees or job applicants. This Privacy Policy also does not apply to the processing of data by our clinical research organization (“CRO”) partners during the course of our Studies.

Please read this Privacy Policy carefully to understand our policies and practices regarding your Personal Information. Praxis is not a healthcare provider and communications sent to our Site cannot replace the relationship you have with a physician or another healthcare practitioner.

The date the Privacy Policy was last updated is listed above. The Privacy Policy may change from time to time, so please check this Privacy Policy periodically for updates.

Region-Specific Disclosures

We may choose or be required by law to provide additional disclosures relating to the processing of personal information in certain countries, regions, or states. Please refer below to disclosures that may be applicable to you.

European Economic Area, United Kingdom, or Switzerland. If you are based in the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“UK”), please click here for our European Privacy Notice.
Nevada. Under Nevada law, Nevada residents may opt-out of the “sale” of their personal information, where the information is exchanged for monetary consideration. We do not engage in such activity; however, if you are a Nevada resident, you may submit a request to opt-out of potential future sales under Nevada law by emailing us a [email protected].

Informed Consent

To participate in our Studies, you must first review and sign an informed consent and authorization form (“Informed Consent”) for the Study. By completing the form, you consent to the collection, use, and sharing of your information as described in this Privacy Policy and as outlined in the Informed Consent. To the extent anything in this Privacy Policy conflicts with the Informed Consent, the terms of the Informed Consent will control.

THE INFORMATION WE COLLECT AND THE SOURCES OF SUCH INFORMATION

We collect information about you when you voluntarily provide it to us, when you access the Site, participate in our Studies, and use our Services, or if other sources provide it to us, as further described below. Please note that we need certain types of information, so that we can provide the Services to you. If you do not provide us with such information, or ask us to delete it, you may no longer be able to access or use part or all of our Services.

Information You Provide to Us

We collect a variety of information that you provide directly to us. The specific types of information we collect will depend upon the Services you use, how you use the Sites or Services, and the information you choose to provide.

The types of data we collect directly from you include, without limitation:

Contact information, including first name, last name, date of birth, email address, postal address or telephone number;
Demographic information, including your gender, age, ethnic origin, and race;
Physical and mental health history and information, such as your height, weight, heart rate and BMI; current and previous physical and mental health diagnosis and testing; current and previous use of certain medications; certain family history; information about your pain; mobility, diet and exercise information, information; disability information; and health habits. This information may be collected through health questionnaires, logged through wearable devices or by other means;
Inquiry information, including Information about your customer service and maintenance interactions with us; and/or
Other information, if any, as described in the Informed Consent or any additional information that you choose to directly provide to us.

Information We Collect Through Automated Means

Our Sites. When you use our Sites, we collect and analyze information such as your IP address, browser types, browser language, operating system, the state or country from which you accessed the Services, software and hardware attributes (including device IDs) referring and exit pages and URLs, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the terms you use in searches on our sites, the date and time you used the Services, error logs, and other similar information.

Our Studies. When you participate in our Studies, we may collect certain data about you automatically including sensor information, technical data (e.g., information about your app usage, app version and installation ID, device identifier, and technical data about your device), and any other information described in the Informed Consent.

Location Information. When you use the Services, we and our service providers may automatically collect general location information (e.g., IP address, city/state and or postal code associated with an IP address) from your computer or mobile device. This information allows us to enable access to content that varies based on a user’s general location.

Our Use of Cookies and Similar Online Tools. To collect the information discussed in this Section, we and our service providers use web server logs, cookies, tags, beacons, SDKs, tracking pixels, and other similar tracking technologies (collectively, “cookies”). For example, we use Google Analytics to collect information about the use of our Site, what pages you access, when they are accessed, and what other websites were accessed prior to using the Site. To learn more about the use of data collection technologies by Google for analytics and to exercise choice regarding those technologies, please visit the Google Analytics Opt-Out browser add-on page available here. To manage cookies, an individual may change their browser settings to: (i) notify them when they receive a cookie, so the individual can choose whether or not to accept it; (ii) disable existing cookies; or (iii) automatically reject cookies. For information on how to do this, access the “help” menu on your internet browser, or access http://www.aboutcookies.org/how-to-control-cookies. Please note, however, that disabling our cookies may mean that you will not be able to take full advantage of our Site.

Information We Collect From Social Media and Other Content Platforms

When you “like” or “follow” us on LinkedIn or other social media sites, as applicable, we may collect some information about you including your name, email address, and any comments or content you post relevant to us. We also collect your information if you sign up for one of our promotions or submit information to us through social media sites. The data we receive is dependent upon an individual’s privacy settings with the network. Individuals should always review and, if necessary, adjust their privacy settings on third-party websites and networks before sharing information with us or the social media platform.

Information We Receive From Other Sources

We work closely with third parties (including but not limited to, third party intermediaries, such as vendors, physicians, medical professionals, research organizations, or pharmacies with whom we partner to provide you with the Services as well as their respective health care service providers, sub-contractors in technical, advertising networks, analytics providers, and search information providers). Such third parties will sometimes provide us with additional information about you.

HOW WE USE YOUR INFORMATION

In connection with providing to you the Services, we may use your information for our business purposes to:

Carry out, improve, and manage the Services.
Engage in internal research to understand the effectiveness of our Services, improve our Services, and better understand our user base. If we publish or provide the results of this research to others, such research will be presented in a de-identified and aggregate form such that individual users cannot be identified.
Carry out the Studies, including:
- Recruiting and enrolling you into a Study;
- Conducting the Study;
- Seeking authorization from regulatory agencies to apply for approval of the Study drug or other drug candidates and diagnostics;
- Developing new tests, procedures, and commercial products; and
- For any other uses described in the Informed Consent.
Communicate with you about the Services, your use of the Services, or your inquiries related to the Services or Praxis and send you communications to meet your needs.
Communicate with you about Praxis, inquiries related to the Praxis team, opportunities with the Praxis team or careers with Praxis and respond to your communications to meet your inquiries.
Ensure that content from our Services is presented in the most effective manner for you and for your computer or device, allow you to participate in interactive features of our Services (when you choose to do so), and as part of our efforts to keep our Services safe and secure.
Measure or understand the effectiveness of advertising and content we serve to you and others, and to deliver and customize relevant advertising and content to you.
Help us better understand your interests and needs, such as by engaging in analysis and research regarding use of the Services.
Comply in good faith with any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others.
Establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others.

Combined Information. For the purposes discussed in this Privacy Policy, we may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use and share such combined information in accordance with this Privacy Policy.

Aggregate/De-Identified Data. We may aggregate and/or de-identify any information collected through the Services so that such information can no longer be linked to you or your device(s) (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including for research and marketing purposes.

HOW WE SHARE AND DISCLOSE YOUR INFORMATION

We may share your information for our business purposes in the following ways:

Affiliates and Subsidiaries. We may share information we collect within any Praxis member or group (i.e., our subsidiaries and affiliates, including our ultimate holding company and its subsidiaries) to deliver products and services to you, ensure a consistent level of service across our products and services, and enhance our products, services, and your customer experience.
Service Providers. We provide access to or share your information with select third parties who use the information to perform services on our behalf. They provide a variety of services to us, including billing, consulting, analytics, research, data storage, IT and security, fraud prevention, payment processing, and auditing and legal services. These entities may also include health care organizations, pharmacies, and other third parties we use to support our business or in connection with the administration and support of the Services. These third parties are contractually obligated to maintain the confidentiality of your personal information consistent with the terms of this Privacy Policy and to comply with the applicable data protection laws.
Study Team. If you participate in a Study, we share your personal information with the study team that conducts the Study, as well as the organizations that support the study team.
Institutional Review Boards. If you participate in a Study, we may share personal information with the ethics committee or institutional review board that approved the Study.
Government and Regulatory Authorities. We may share personal information with government and regulatory authorities, as required by law, including the U.S. Department of Health and Human Services, the Food and Drug Administration, the European Medicines Agency, and other federal or state government agencies.
Other Approved Study Researchers. If you participate in a Study and it is permitted by the Informed Consent, we may share personal information with certain third-party researchers who are approved may access limited information. The categories of approved study researchers, the type of information they may have access to, and the purposes that they may use the information for will be described in more detail in the Informed Consent.
Protection of Praxis and Others. By using the Services, you acknowledge and agree that we may access, retain and disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such access, retention or disclosure is reasonably necessary to: (a) comply with legal process (e.g. a subpoena or court order); (b) enforce our Terms of Use, this Privacy Policy, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; (d) respond to your requests for customer service; and/or (e) protect the rights, property or personal safety of Praxis, its agents and affiliates, its users and/or the public. This includes exchanging information with other companies and organizations for fraud protection, and spam/malware prevention, and similar purposes.
Business Transfers. As we continue to develop our business, we may buy, merge, or partner with other companies. In such transactions, (including in contemplation of such transactions) user information may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third-party, customer information (including your email address) would likely be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable laws, we will comply with such restrictions.
Consent. We may also disclose your information in other ways you direct us to and when we have your consent.
Aggregate/De-Identified Information. We reserve the right to share Aggregate/De-Identified Data at our discretion.
Other. We may also use your data in other ways consistent with this Privacy Policy, as described in the Informed Consent, and as otherwise permitted or required by applicable laws.

YOUR MARKETING CHOICES

You may instruct us not to use your contact information, to contact you by email, postal mail, or phone regarding our Services by contacting us at [email protected] or at the address listed below. In commercial email messages, you can also opt out by following the instructions located at the bottom of such emails. Please note that, regardless of your request, we may still use and share certain information as permitted by this Privacy Policy or as permitted or required by applicable law. For example, you may not opt out of certain operational emails, such as those reflecting our relationship or transactions with you.

THIRD PARTY SERVICES

This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices, including data privacy and security process and standards of any unaffiliated third parties using the Services, the manufacturer of your mobile device and other IT hardware and software, and any other third-party mobile application, website, or service to which our Services may contain a link. These third parties may at times gather information from or about you. Once you leave Praxis’s Site, we have no control over the privacy practices of these third parties. The collection, use, and disclosure of your information will be subject to the privacy policies of the third-party website or services, and not this Privacy Policy. We urge you to read the privacy and security policies of these third parties prior to sharing any information.

HOW WE PROTECT YOUR INFORMATION

Praxis takes a variety of technical and organizational security measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the internet, and no means of electronic or physical storage, is absolutely secure.

REVISIONS TO OUR PRIVACY POLICY

We reserve the right to change this Privacy Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Services, or advances in technology. We will make the revised Privacy Policy accessible through the Services, so you should review it periodically. You are responsible for periodically monitoring and reviewing any updates to the Privacy Policy. If we make a material change to the Privacy Policy, we will provide you with appropriate notice in accordance with legal requirements. Your continued use of our Site or Apps after such amendments (and notice, where applicable) will be deemed your acknowledgment of these changes to this Privacy Policy.

CONTACTING US

Praxis is committed to resolving questions or concerns about your privacy and our collection or use of your information. If you have a specific question or concern about your privacy rights with respect to your information you can contact us by emailing us at [email protected].

If you have any questions about this Privacy Policy or Praxis’s privacy practices, please contact us at:

Praxis Precision Medicines Inc.
99 High Street, 30^th Floor
Boston, MA 02110
[email protected]

EUROPEAN PRIVACY NOTICE

SCOPE OF DISCLOSURES

While we are based in the United States, our Services may be accessed by residents of the European Economic Area (“EEA”), Switzerland, and the United Kingdom (“UK”). The following European Privacy Notice applies to our processing of personal data of residents of the EEA, Switzerland, and the UK (“you”).

Praxis is the controller of the personal data we hold about you in connection with your use of the Services. This means we determine and are responsible for how your personal data is used.

Please note that this European Privacy Notice does not apply to personal data processed by our CRO partners during our Studies. Such processing of your personal data is done in accordance with the privacy notices of our CRO partners.

PERSONAL DATA DISCLOSURES

Personal Data We Collect and How We Use It

We collect, use and otherwise process personal data as set out in the “The Information We Collect and the Sources of Such Information” and “How We Use Your Information” sections of our Privacy Policy. If you choose not to provide such personal data, you may not be able to use the Sites, participate in the Studies, or otherwise engage in the Services.

Legal Basis of Processing

We will generally use and process your information on the basis of your explicit consent, our legitimate interests or legal obligations, and for scientific research purposes or for reasons in the public interest in conducting clinical trials and performing valuable scientific and medical research pursuant to Articles 6 and 9 of the General Data Protection Regulation (“GDPR”) and/or the UK GDPR.

Retention of Your Personal Data

We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.

The criteria used to determine the period for which personal data about you will be retained varies depending on the legal basis under which we process the personal data:

Legitimate Interests	Where we are processing personal data based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects
Consent	Where we are processing personal data based on your consent, we generally will retain the information for the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain of your data erased (please see the Your Privacy Rights section below)
Contract	Where we are processing personal data based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship
Legal Obligation	Where we are processing personal data based on a legal obligation, we generally will retain the information for the period of time necessary to fulfil the legal obligation
Legal Claim	We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal data, as well as the potential risk of harm from unauthorized use or disclosure of your personal data.

Recipients of Personal Data

We may share your personal data with the recipients as set out in the “How We Share and Disclose Your Information” section of our Privacy Policy.

DATA STORAGE & PROCESSING (International Transfers)

Your personal information may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations, including the United States. In the event of such a transfer, we ensure that: (i) the personal data is transferred to countries recognised as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission. If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of this European Privacy Notice.

YOUR PRIVACY RIGHTS

You have the following rights with respect to the personal data that we hold:

1. - Access your personal data;
  - Delete, or request deletion or erasure of, your personal data without delay if the continued processing of that personal information is not justified;
  - Object to or restrict processing of your personal data;
  - Request portability of your personal data;
  - Object to automated decision making; and
  - Correct or update your personal data that is inaccurate or incomplete.

If we ask you to provide personal data to us to comply with a legal requirement or enter into a contract, we will inform you of this and let you know whether providing us with your personal data is required and if not, the consequences of not sharing your personal data with us.

Similarly, if we collect and use your personal information in reliance on our or a third party’s legitimate interests and those interests are not already listed above (see “How We Share and Disclose Information” Section of our Privacy Policy), we will let you know what those legitimate interests are.

Right to Withdraw Consent

Where we rely on your consent for processing of your personal data, you also have the right to withdraw your consent to such processing, subject to certain limitations at law. Where applicable, you may withdraw your consent by contacting us at [email protected].

Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Submitting Requests

General:

VeraSafe Ireland Ltd. is our designated representative in the European Union and United Kingdom

All communications, inquiries or requests surrounding your information rights or complaints under European Union General Data Protection Regulation (European commission Regulation 2016/679 or “GDPR”) can be addressed to the attention of VeraSafe with copy [email protected]. VeraSafe should only be contacted on matters related to the processing of personal data of EU data subjects.

To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative or via telephone at: +420 228 881 031.

If you are located within the United Kingdom, VeraSafe United Kingdom Ltd., can be contacted in addition to or instead of [email protected], only on matters related to the processing of personal data.

To make such an inquiry, please contact VeraSafe United Kingdom, Ltd., using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003.

Alternatively, VeraSafe United Kingdom Ltd. can be contacted at:

VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom

Right to Lodge a Complaint

You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner’s Office and the Swiss Federal Data Protection and Information Commissioner.