Privacy Policy

Third-Party Websites: If one of our websites contains links to other websites controlled by third parties, including social media, you should be aware that we are not responsible for the privacy practices of those or any other third-party sites and they are not covered under this privacy policy. If you have questions about how those websites collect and use your personal information when you visit them, you should carefully read the privacy policies of those websites. You agree that we are not responsible for the availability of such websites and do not review or endorse and shall not be liable, directly or indirectly, for:

• How these websites treat your personal information
• The content of such websites
• The use that others make of these websites

User Age Requirements and Children’s Privacy: Incyte does not knowingly collect personal information directly from minors—persons under the age of 13 or another age of a minor as defined by the applicable law of your jurisdiction—other than when required to comply with the law or for safety or security reasons. If you are a parent or guardian of a minor who has provided personal information without your knowledge or consent, you may submit a request to remove the minor’s information by emailing us at privacy@incyte.com. If we become aware that anyone under the age of 13 has submitted personal information to our site, we will delete it and we will not use it for any purpose whatsoever.

Cookies: We use cookies and other tracking technologies (collectively, “Cookies”) on our websites, which utilize various files sent from our servers to your computer hard drive. Some Cookies are mandatory and strictly necessary in order to make the website work and some are optional and placed with your consent. You can learn more about Incyte’s collection of Cookies in our Cookie Policy².

Mobile Device Information: If you access an Incyte website from a phone or other mobile device, the mobile services provider may transmit uniquely identifiable mobile device information to us, which allows us to then collect mobile phone numbers and associate them with the mobile device identification information. Some mobile phone service providers also operate systems that pinpoint the physical location of devices, and we sometimes receive this information as well. We use this information in the same way that we use personal information collected by Google Analytics as described above.

Voluntarily Submitted Information: If you participate in certain activities on our websites, mobile applications or social media accounts, you may need to provide us with personal information such as your name, email address, mailing address, phone number or fax number. For example, if you choose to send us an email or fill out an online form, you are voluntarily providing personal information to us. If you choose not to provide your personal information, you may not be able to participate in those activities; however, you will still be able to access information available on the website to the general public.

² Please note that certain applicable laws place limitations on the use of certain cookies. Please refer to the annex at the end of this Privacy Policy for the country in which you live for more information.

Scope       
This Data Privacy Framework Statement governs all personal information received by Incyte in the United States from Incyte’s operations and business partners in the EEA, United Kingdom and Switzerland. As used in this Data Privacy Framework Statement, “personal information” has the meaning given to it under the applicable local law of the country from which it was originally collected. Generally, it means information that identifies or can directly or indirectly lead to the identification of an individual, including such things as an individual’s name, address, telephone number, fax number, email address, social security number and date of birth.

Data Privacy Framework Principles       
The Data Privacy Framework is predicated on seven core Principles:

• Notice
• Choice
• Accountability for Onward Transfer
• Security
• Data Integrity and Purpose Limitation
• Access
• Recourse, Enforcement and Liability

We adhere to and have implemented policies and procedures regarding these core Principles in the following ways:

Notice. Herein we disclose our participation in the Data Privacy Frameworks and our commitment to subject to the Principles all personal data received from the European Economic Area, United Kingdom and Switzerland in reliance on the Data Privacy Frameworks. When we collect personal information from individuals in the EEA, United Kingdom and Switzerland, we tell them in clear and conspicuous language about the types of personal information being collected, the purposes of our collection and the nature of our intended uses, the requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements and, where applicable, we tell them about the U.S. entities or U.S. subsidiaries of the organization also adhering to these Principles. We also advise them of the types of third parties—such as vendors with cloud-based software licensed in support of our operations and clinical research organizations—to whom we further disclose such information, the purposes for which we disclose to such third parties, and the choices and means, if any, we offer for limiting use and disclosure, as well as how to contact us with inquiries or complaints, including any relevant establishment in the European Economic Area, United Kingdom and Switzerland that can respond to such inquiries or complaints and the availability of independent dispute resolution bodies. We use a variety of different context-specific means to provide such policy information. For instance, in our research activities, we use industry-standard informed consent forms.

Choice. We will offer those individuals whose personal information we have collected a choice. They may “opt-out” to having their personal information disclosed to third parties and/or used for purposes other than for the purposes for which it was originally collected or subsequently authorized. For the types of personal information that the laws of Switzerland, the United Kingdom and the EEA countries deem “sensitive,” rather than having to opt-out after the fact, we afford affected individuals, at the time of collection, an opportunity to “opt-in” and specifically consent to have their information disclosed to third parties or used for purposes other than those for which it was originally collected or subsequently authorized. Just as we do in fulfilling our Policy obligations, we use a variety of different, context-specific means to provide the choices described here or otherwise required by the Data Privacy Framework. If you wish to exercise your rights, please complete the information in this data subject request form. Upon receipt of the completed form, we will process your request within the timelines required under applicable privacy laws. If additional information is necessary to process your request, we will contact you using the contact information that you provide in the data subject request form.

Accountability for Onward Transfer. Our accountability for the personal information we receive and subsequently transfer to third parties is described in the Privacy Framework Principles. In summary, we remain responsible and liable under the Privacy Framework Principles if third-party agents that we engage to process your personal information on our behalf do so in a manner inconsistent with the Principles, unless we can prove that we are not responsible for the event that gives rise to any harm you may incur.

Security. At a minimum, we take reasonable and appropriate precautions to protect the personal information in our possession from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the personal data.

Data Integrity and Purpose Limitation. We only use the personal information we collect in ways that are consistent with the purposes for which it was originally collected or for which we subsequently obtained authorization from the affected individuals. We take reasonable steps to ensure that the information is reliable for its intended use, accurate, complete and current. To accomplish this, we necessarily rely on individual data subjects to exercise their Access rights to keep us apprised of any changes in their personal information.

Access. If an individual from whom we have collected data writes to us and asks to have access to their personal information, we will take all reasonable steps to ensure such access is granted. Obviously, the relevant information must be in our possession or under our reasonable control for us to do so. Once such access is granted, affected individuals have the right under the Data Privacy Framework to have us correct, amend or delete their information where it is determined to be factually inaccurate. There are, however, certain limitations to an individual’s rights to such access. These include situations where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy, or where the rights of persons other than the individual would be violated.

Recourse, Enforcement and Liability. We implement processes and procedures to verify our compliance with this Data Privacy Framework Statement. If individuals believe that we are not compliant, or if they have other complaints related to this Data Privacy Framework Statement or our conduct under it, we encourage those individuals to contact us using the contact information listed at the end of this Data Privacy Framework Statement. We commit to investigate and attempt to remedy all such valid complaints.

Dispute Resolution. In compliance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework Principles, Incyte commits to resolve complaints about your privacy and our collection or use of your personal information. European Union, United Kingdom or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Incyte at:

Incyte Biosciences International Sàrl       
Attention: Global Data Privacy Officer            
Rue Docteur-Yersin 12, 1110, Morges,            
Switzerland            
privacy@incyte.com          
 

Incyte has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints [bbbprograms.org] for more information and to file a complaint. This service is provided free of charge to you.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Data Privacy Framework Panel.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Incyte commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

Limitation of Principles       
Adherence to this Data Privacy Framework Statement may be limited to the extent required to satisfy legal obligations (including, but not limited to, subpoenas and court orders) and/or meet national security, law enforcement or public interest requirements. We may be required, under certain circumstances, to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. The law also provides certain express exceptions and variations to our obligations under this Data Privacy Framework Statement. For instance, some of the access and consent principles are modified for pharmaceutical companies like us who use personal information to engage in ongoing research for the good of the public health.

Changes to this Data Privacy Framework Statement       
We reserve the right to change or update this policy from time to time. Please check our site periodically for such changes since all information collected is subject to the policy in place at that time. Typically, we will indicate the effective/amendment date at the beginning of this policy. If we feel it is appropriate, or if the law requires, we will also provide a summary of changes we have made near the end of a new policy.

Canada                 

Quebec              
If you are a resident of Quebec, please read this section.

Scope of Policy

This Policy applies to Incyte Biosciences Canada Corporation and any other affiliates from time to time (collectively, Incyte Biosciences Canada Corporation or “we” or “us”) in respect to processing activities that are subject to federal and provincial privacy legislation.

Accountability

Incyte Biosciences Canada Corporation is responsible for personal information under its control. We have designated a Privacy Officer who is responsible for Incyte Biosciences Canada Corporation compliance with this Policy. Incyte Biosciences Canada Corporation will, on request, provide information regarding its complaint procedures.

For further information about our Privacy Policy, please use our data subject request webform or you may contact:

Nicholas Apruzzi, Canada Privacy Officer                 
1801 Augustine Cut-off                 
Wilmington, Delaware 19803                  
USA                 
privacy@incyte.com

European Economic Area (EEA), United Kingdom and Switzerland

If you live, work or travel in the EEA, Switzerland or the United Kingdom (UK)—or visit an EEA, Swiss or UK website—please read this section to learn more about the General Data Protection Regulation (GDPR) or UK Data Protection Act and how it applies to the personal data collected and used by Incyte as described in this Privacy Policy.

Your personal information will be used for the purposes listed below. We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis, as described below, to do so. The legal basis we rely upon may impact which rights you have in relation to your personal information (see section below on those rights for more details).

Where we rely upon a "legitimate interest" as our legal basis, we make sure that our interest is not outweighed by any impact on your rights and freedoms. We do this by using your personal information in a way which is proportionate and respects your privacy.

WHERE IS YOUR PERSONAL INFORMATION USED OR STORED?

We may transfer your personal data to other countries outside of your location. Your personal data may be transferred:

• To Switzerland and Japan: Switzerland and Japan are considered as providing adequate data protection standards by the European Union (for further details, see here)
• To other countries where data protection standards have not been determined to be adequate by the European Union: these countries include the United States, India, and China. In these cases, we will ensure that any recipients of your personal data are bound by contract to the European, Swiss and UK data protection standards

Cookies. Incyte uses only Strictly Necessary cookies in countries where the respective Data Protection Authority has deemed other categories of cookies are unlawful, example being France.

WHAT ARE YOUR RIGHTS?

You have a number of rights which apply to our use of your personal data. The availability of some of these rights depends upon our lawful basis for processing your personal data, and your rights may also be subject to certain conditions and restrictions. Your rights may include:

• To obtain access to your personal data together with information about how and on what basis that personal data is processed
• To rectify inaccurate personal data (including the right to have incomplete personal information completed)
• To erase your personal data in limited circumstances where it is no longer necessary in relation to the purposes for which it was collected or processed
• To restrict processing of your personal data where:
  • the accuracy of the personal data is contested
  • the processing is unlawful but you object to the erasure of the personal data
  • we no longer require the personal data for the purposes for which it was collected, but it is required for the establishment, exercise or defense of a legal claim
• To challenge processing which we have justified on the basis of a legitimate interest
• To object to decisions which are based solely on automated processing (to the extent that these are taken) and to restrict processing based on your objection
• To obtain a portable copy of your personal data or to have a copy transferred to a third-party controller
• To obtain more information as to safeguards under which your personal data is transferred outside of the EEA (if relevant)
• To lodge a complaint with the data protection/supervisory authority noted below

We may ask you for additional information to confirm your identity and for security purposes before disclosing the personal data requested to you.

WHO CAN YOU CONTACT REGARDING YOUR RIGHTS?

Data Controller: The entity that determines why and how your personal data is processed is called a Controller. For online visitors, this is the Incyte organization or affiliate whose website you are visiting. A list of all Incyte companies is available here. For Incyte organizations or affiliates located outside of the EEA, Incyte has elected Incyte Biosciences Distribution BV as its legal representative.

Data Protection Officer Incyte: privacy@incyte.com

Data Protection Authority/Supervisory Authority: The Data Protection Authority/Supervisory Authority for the processing of your personal data is the authority located in the country of the Incyte organization or affiliate whose website you are visiting or the country where you live, work, or the place of the alleged infringement. More information about how to contact these authorities in the European Union can be found here. For Switzerland information, please visit the office of the Federal Data Protection and Information Commissioner. For United Kingdom information, please visit the Information Commissioner’s Office (ICO).

United States                 

Supplemental U.S. State Privacy Notice             

If you are a resident of a U.S. state that has adopted comprehensive privacy legislation (the “U.S. Privacy Law(s)”), please read this section to learn more about how the U.S. Privacy Laws apply to the personal information collected and used by Incyte as described in this Privacy Policy.

This Supplemental U.S. State Privacy Notice (“Supplemental Notice”) applies only to our collection and use of Personal Information from residents of states with U.S. Privacy Laws.

This notice also includes additional disclosures for compliance with the Washington My Health My Data Act that applies to Incyte’s activities. These disclosures are included at the end of this Supplemental Notice. The remaining portions of this Supplemental Notice do not apply to Washington consumers.

This notice does not apply to our collection and use of “Consumer Health Data,” as that term has been defined under consumer health data privacy legislation. If you have questions about our collection and use of Consumer Health Data, please see our Consumer Health Data Privacy Notice, as well as our separate supplement with additional disclosures required by certain states.

Some portions of this Supplemental Notice apply only to Consumers of particular states. In those instances, we have indicated that such language applies only to those Consumers.

Please note that this Supplemental Notice does not apply to individuals with whom we interact in an employment-related context or a business context. For our disclosures applicable to California Consumers with whom we interact in those contexts, please see our Job Candidates and Business Contacts notices above.

A. Definitions

• "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or household. Personal Information includes "personal data" as that term is defined in the U.S. Privacy Laws. Personal Information also includes "Sensitive Personal Information," as defined below, except where otherwise noted.
• "Sensitive Personal Information" means Personal Information that reveals a Consumer’s social security, driver’s license, state identification card, or passport number; account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious beliefs, or union membership; contents of email or text messages; and genetic data. Sensitive Personal Information also includes Processing of biometric information for the purpose of uniquely identifying a Consumer and Personal Information collected and analyzed concerning a Consumer’s health, sex life, or sexual orientation. Sensitive Personal Information also includes "sensitive data" as that term is defined in the U.S. Privacy Laws.
• "Third-Party" has the meanings afforded to it in the U.S. Privacy Laws.
• "Vendor" means a service provider, contractor, or processor as those terms are defined in the U.S. Privacy Laws.

To the extent other terms used in this Supplemental Notice are defined terms under the U.S. Privacy Laws, they shall have the meanings afforded to them in those statutes, whether or not capitalized herein. As there are some variations between such definitions in each of the U.S. Privacy Laws, the definitions applicable to you are those provided in the statute for the state in which you are a Consumer. For example, if you are a California Consumer, terms used in this Supplemental Notice that are defined terms in the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”) shall have the meanings afforded to them in the CCPA as this Supplemental Notice applies to you.

B. Collection & Processing of Personal Information

We, and our Vendors, collect the following categories of Personal Information about Consumers. We also have collected and Processed the following categories of Personal Information about Consumers in the preceding 12 months:

1. Identifiers, such as name, alias, online identifiers, account name, physical characteristics or description;
2. Contact and financial information, including phone number, address, email address, financial information, medical information, health insurance information;
3. Characteristics of protected classifications under state or federal law, such as age, gender, race, physical or mental health conditions, and marital status;
4. Commercial information, such as transaction information and purchase history;
5. Biometric information;
6. Internet or other electronic network activity information, such as browsing history and interactions with our websites or advertisements;
7. Geolocation data, such as device location;
8. Audio, electronic, visual and similar information, such as call and video recordings;
9. Professional or employment-related information, such as work history and prior employer;
10. Inferences drawn from any of the Personal Information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics; and
11. Sensitive personal information, including:
    1. Personal Information that reveals:
       1. Social security, driver’s license, state identification card, or passport number;
       2. Account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials for allowing access to an account;
       3. Precise geolocation;
       4. Racial or ethnic origin, religious or philosophical beliefs, or union membership;
       5. Contents of a Consumer’s email and text messages, unless the business is the intended recipient thereof; or
       6. Genetic data, including Raw DNA sequence data, genotypic and phenotypic information generated from sequence analysis, and self-reported health data submitted to an entity that is analyzed in connection with raw sequence data.
    2. Biometric data Processed for the purpose of uniquely identifying a Consumer;
    3. Personal Information collected and analyzed concerning a Consumer’s health conditions, treatment and medications

C. Purposes for Processing Personal Information

We, and our Vendors, collect, Process, and disclose the Personal Information (excluding Sensitive Personal Information) described in this Supplemental Notice

To manage our relationship with you.
We will use your Personal Information:

• To respond to your requests
• To improve, our level of service
• To provide our products and services to you
• To promote our products and services
• To manage your account, if necessary
• To provide you with information when you request it, or when we believe it may be of interest to you
• To invite you to provide your views on our products and services, participate in research or attend events
• To report any product adverse events that you notify us about
• To consider your application for employment
• To perform analytics and understand your preferences
• To provide access where required to our sites and facilities
• To gain insights and feedback on our products and services in order to correct or improve them
• For other purposes that may be detailed on a website or mobile application which will be described at the time the information is collected

To manage and improve our processes and our business operations.
We will use your Personal Information:

• To manage our network and information systems’ security
• To manage our workforce effectively
• To prepare and perform management reporting and analysis, including analytics and metrics
• For our own administrative and quality assurance purposes

To achieve other purposes.
We will use your Personal Information:

• To follow applicable laws and regulations
• To respond to lawful requests from competent public authorities
• To tell you about changes to our terms, conditions and policies
• To exercise our rights or defend Incyte against potential, threatened or actual litigation
• To protect Incyte’s or your vital interests, or those of another person
• To disclose any transfers of value made to you in relation to expert services that you provide to us
• For the purpose of authorship of a scientific publication
• To respond to and handle your queries or requests
• When we sell, assign or transfer all or part of our business

We may also deidentify any Personal Information we collect about you. When we do so, we take reasonable measures to ensure that the information cannot be associated with a consumer or household, and we maintain and use the information in deidentified form. We will not attempt to reidentify the information, except that we may attempt to reidentify the information solely for the purpose of determining whether our deidentification processes satisfy applicable legal requirements. After it has been deidentified, the information is no longer Personal Information and is not subject to this Privacy Policy.

We, and our Vendors, collect and Process the Sensitive Personal Information described in this Supplemental Notice only for:

• Performing the services or providing the goods reasonably expected by an average Consumer who requests those goods or services;
• Preventing, detecting, and investigating security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted Personal Information;
• Resisting malicious, deceptive, fraudulent, or illegal actions directed at us and prosecuting those responsible for those actions;
• Ensuring the physical safety of natural persons;
• Short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a Consumer’s current interaction with us, provided that we will not disclose the Consumer’s Personal Information to a Third Party and will not build a profile about the Consumer or otherwise alter the Consumer’s experience outside of their current interaction with us;
• Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf;
• Verifying or maintaining the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by us, and improving, upgrading, or enhancing the service or device that is owned, manufactured by, manufactured for, or controlled by us; and
• Collecting or Processing Sensitive Personal Information where such collection or Processing is not for the purpose of inferring characteristics about a Consumer.

Retention of Personal Information. Incyte will keep your Personal Information for as long as needed or permitted for the purpose(s) for which it was obtained and consistent with applicable law. In some cases, we may also retain your Personal Information in order to resolve queries or disputes that may arise from time to time.

D. Categories of Personal Information We Disclose to Vendors & Third Parties

We disclose and have disclosed the following categories of Personal Information to Vendors and Third Parties for a business purpose in the past twelve months:

1. Identifiers, such as name, alias, online identifiers, account name, physical characteristics or description;
2. Contact and financial information, including phone number, address, email address, financial information, medical information, health insurance information;
3. Characteristics of protected classifications under state or federal law, such as age, gender, race, physical or mental health conditions, and marital status;
4. Commercial information, such as transaction information and purchase history;
5. Biometric information;
6. Internet or other electronic network activity information, such as browsing history and interactions with our websites or advertisements;
7. Geolocation data, such as device location;
8. Audio, electronic, visual and similar information, such as call and video recordings;
9. Professional or employment-related information, such as work history and prior employer;
10. Education information, as defined in the federal Family Educational Rights and Privacy Act, such as student records and directory information;
11. Inferences drawn from any of the Personal Information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics; and
12. Sensitive personal information, including:
    1. Personal Information that reveals:
       1. Social security, driver’s license, state identification card, or passport number;
       2. Account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials for allowing access to an account;
       3. Precise geolocation;
       4. Racial or ethnic origin, religious or philosophical beliefs, or union membership;
       5. Contents of a Consumer’s email and text messages, unless the business is the intended recipient thereof; or
       6. Genetic data.
    2. Personal Information collected and analyzed concerning a Consumer’s health

E. Sale, Sharing, & Processing for Purposes of Targeted Advertising

• Disclosure for California Consumers: We Sell and Share internet or other electronic network activity information, such as browsing history and interactions with our websites or advertisements, and we have Sold and Shared this category of Personal Information in the past twelve months. We Sell and Share this Personal Information to marketing and analytics providers to analyze and better understand consumers’ needs, preferences, and interests, and to advertise and promote our products and services. We do not have actual knowledge that we Sell or Share Personal Information of California consumers under 16 years of age. For purposes of the CCPA, a “Sale” is the disclosure of Personal Information to a Third Party for monetary or other valuable consideration, and a “Share” is the disclosure of Personal Information to a Third Party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration. California Consumers have the right to opt out of the Sale and Sharing of their Personal Information and can do so via our data subject request webform or by calling us toll free at 1-855-446-2983.
• Disclosure for Consumers in Other States with U.S. Privacy Laws: We Sell internet or other electronic network activity information, such as browsing history and interactions with our websites or advertisements, and process this category of Personal Information for purposes of Targeted Advertising, as the terms “Sell” and “Targeted Advertising” are defined under the U.S. Privacy Law applicable in each state. We Sell this Personal Information to marketing and analytics providers to analyze and better understand consumers’ needs, preferences, and interests, and to advertise and promote our products and services. Consumers of these states may exercise the opt-out rights applicable to them via our data subject request webform or by calling us toll free at 1-855-446-2983.

F. Sources from Which We Collect Personal Information

We and our Vendors collect Personal Information in a variety of ways, including from:

• You directly or an authorized representative
• Government entities
• Public records
• Research partners
• Data resellers
• Marketing vendors
• Business service providers
• Other Third Parties, when they disclose Personal Information to us

G. Categories of Entities to Whom We Disclose Personal Information

We disclose, and have disclosed in the past twelve months, the categories of Personal Information listed in Section B for the purposes listed in Section C of this Supplemental Notice, as described below:

• We engage vendors to provide us with website, hosting, content development and marketing services either to help us in our business, or to perform functions we would otherwise perform ourselves. These companies will have access to your information, including your Personal Information, as part of the work they perform
• We may disclose information to regulators, which may include data protection authorities, and with courts and law enforcement to comply with all applicable laws, regulations and rules and requests of law enforcement, regulatory and other governmental agencies
• We may disclose Personal Information to Third Parties at your direction or with your consent
• We may disclose Personal Information to Third Parties via Cookies, including information about visitors to our website, website traffic patterns, and website usage
• If, in the future, we sell or transfer some or all of our business or assets to a third party, or invite investment in our company, we may disclose information to a potential or actual third-party purchaser of our business or assets

H. Data Subject Rights

• Exercising Data Subject Rights. Consumers who reside in states with U.S. Privacy Laws have certain rights with respect to the collection and use of their Personal Information. Those rights vary by state. For compliance with California’s and Colorado’s requirements, we provide information below regarding the data subject rights available to California and Colorado Consumers. Consumers who reside in other states with U.S. Privacy Laws have similar rights and can find more details by referencing the U.S. Privacy Law applicable to them.
• Data Subject Rights Disclosure for California Consumers: California Consumers have the following rights regarding our collection and use of their Personal Information, subject to certain exceptions.

  • Right to Receive Information on Privacy Practices: You have the right to receive the following information at or before the point of collection:

    • The categories of Personal Information to be collected;
    • The purposes for which the categories of Personal Information are collected or used;
    • Whether or not that Personal Information is Sold or Shared;
    • If the business collects Sensitive Personal Information, the categories of Sensitive Personal Information to be collected, the purposes for which it is collected or used, and whether that information is Sold or Shared; and
    • The length of time the business intends to retain each category of Personal Information, or if that is not possible, the criteria used to determine that period.

    We have provided such information in this Supplemental Notice, and you may request further information about our privacy practices by contacting us as at the contact information provided below.

  • Right to Deletion: You may request that we delete any Personal Information about you we that we collected from you.
  • Right to Correction: You may request that we correct any inaccurate Personal Information we maintain about you.
  • Right to Know: You may request that we provide you with information about what Personal Information we have collected about you, including:
    • The categories of Personal Information we have collected about you;
    • The categories of sources from which we collected such Personal Information;
    • The business or commercial purpose for collecting, Selling, or Sharing Personal Information about you;
    • The categories of Third Parties to whom we disclose such Personal Information; and
    • The specific pieces of Personal Information we have collected about you.
  • Right to Receive Information About Onward Disclosures: You may request that we disclose to you:
    • The categories of Personal Information that we have collected about you;
    • The categories of Personal Information that we have Sold or Shared about you and the categories of Third Parties to whom the Personal Information was Sold or Shared; and
    • The categories of Personal Information we have disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
  • Right to Opt-Out of the Sale and Sharing of Your Personal Information and Right to Limit the Use of Your Sensitive Personal Information. California residents also have the right to opt out of the Sale and Sharing of their Personal Information. You also have the right to limit the use of your Sensitive Personal Information to the purposes authorized by the CCPA. We do not use Sensitive Personal Information for purposes beyond those authorized by the CCPA, and we have not used Sensitive Personal Information of California Consumers in the preceding twelve months for purposes beyond those authorized by the CCPA.
  • Right to Non-Discrimination: You have the right not to be discriminated against for exercising your data subject rights. We will not discriminate against you for exercising your data subject rights.
• Exercising Data Subject Rights. Consumers who reside in states with U.S. Privacy Laws have certain rights with respect to the collection and use of their Personal Information. Those rights vary by state. For compliance with California’s requirements, we have provided detailed information herein regarding the data subject rights available to California Consumers. Colorado consumers have rights to access, correct, and delete their Personal Information, obtain their Personal Information in a portable format, and opt-out of the processing of their Personal Information for Targeted Advertising, Sale, and profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer. Please note, however, that we do not use Personal Information for profiling in furtherance of decisions that produce legal or similarly significant effects. Residents of other U.S. states with U.S. Privacy Laws have similar rights, including rights to access, delete, correct, and opt-out of certain types of processing of Personal Information.
  You may exercise the data subject rights applicable to you under the U.S. Privacy Laws by contacting our Privacy Office. Please contact Incyte via our data subject request webform.
• Verification of Data Subject Requests. We may ask you to provide information that will enable us to verify your identity in order to comply with your data subject request. Further, when a Consumer authorizes an agent to make a request on their behalf where permitted by U.S. Privacy Laws, the agent may make such request via the methods listed above. We may require the agent to provide proof of signed permission from the Consumer to submit the request, or we may require the Consumer to verify their own identity to us or confirm with us that they provided the agent with permission to submit the request. In some instances, we may decline to honor your request if an exception applies under applicable law. We will respond to your request consistent with applicable law.
• Opt-Out Preference Signals. We recognize opt-out preference signals that we are required to recognize for compliance with applicable law. Where required by U.S. Privacy Laws, we treat such opt-out preference signals as a valid request to opt-out of Sale, Sharing, and processing for purposes of Targeted Advertising, as applicable, for the browser or device through which the signal is sent and any consumer profile we have associated with that browser or device, including pseudonymous profiles. Further, if we know the identity of the consumer from the opt-out preference signal, we will also treat the opt-out preference signal as a valid request to opt out of Sale and Sharing for such consumer. Consumers may use opt-out preference signals by downloading or otherwise activating them for use on supported browsers and setting them to send opt-out preference signals to websites they visit. We process opt-out electronic preference signals through functionality in our cookie banner.
• Non-Discrimination. We will not discriminate against you for exercising your data subject rights. For example, we will not deny goods or services to you, charge you different prices or rates, or provide a different level of quality for products or services as a result of you exercising your data subject rights.
• Appeals. Consumers of certain states have the right to appeal our decisions on their data subject requests. This section does not apply to California Consumers, or to Consumers who reside in other states where the applicable U.S. Privacy Law does not give them the right to appeal Controllers’ decisions regarding data subject rights. To appeal our decision on your data subject requests, you may contact our Privacy Office at privacy@incyte.com or by calling toll free at 1-855-446-2983. Please enclose a copy of or otherwise specifically reference our decision on your data subject request, so that we may adequately address your appeal. We will respond to your appeal in accordance with applicable law.

I. Other Disclosures

• California Residents Under Age 18. If you are a resident of California under the age of 18 and a registered user of our website, you may ask us to remove content or data that you have posted to the website by writing to privacy@incyte.com. Please note that your request does not ensure complete or comprehensive removal of the content or data as, for example, some of your content or data may have been reposted by another user.
• California Shine the Light. California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about the personal information (if any) disclosed to third parties for direct marketing purposes in the preceding calendar year. We do not disclose to third parties for their own marketing purposes the categories of personal information listed in California’s “Shine the Light” law, such as names, addresses, email addresses, and telephone numbers.
• Financial Incentives for California Consumers. We do not provide financial incentives to California Consumers who allow us to collect, retain, Sell, or Share their Personal Information. We will describe such programs to you if and when we offer them to you.

J. Changes to our Supplemental Notice.

We reserve the right to amend this Supplemental Notice in our discretion and at any time. When we make material changes to this Supplemental Notice, we will notify you by posting an updated Supplemental Notice on our website and listing the effective date of such updates.

Cookie Settings