Privacy Commitment

Last Updated: February 28, 2023

Incyte Corporation (including its affiliates in its worldwide group of companies) (collectively, “Incyte,” “we” or “us”) honors its trusted relationships with patients, healthcare professionals, caregivers, consumers, employees and business partners by being transparent about how we collect, use, share, transfer and retain personal information when you visit one of Incyte’s websites, mobile applications or social media accounts.¹ We encourage you to explore this webpage, and the webpages and policies to which it links, in order to learn more about our privacy practices.

¹ While this commitment sets forth the general privacy principles under which Incyte operates, some of our websites, mobile apps and social media accounts contain specific privacy policy information that relates to that particular media. Please consult this information where available.

When you provide your personal information to us, we take technical, physical and organizational measures to protect it from misuse or unauthorized alteration, loss or access consistent with applicable privacy and data security laws. However, no Internet transmission is ever 100% secure, so we cannot guarantee the security of the personal information you transmit to our websites or mobile applications and any transmission is at your own risk.

Third-Party Websites: If one of our websites contains links to other websites controlled by third parties, including social media, you should be aware that we are not responsible for the privacy practices of those or any other third-party sites and they are not covered under this privacy policy. If you have questions about how those websites collect and use your personal information when you visit them, you should carefully read the privacy policies of those websites. Our advertising partners may collect information about your use of our websites and apps through cookies, web beacons and similar technologies to display advertisements that are tailored to your interests on other websites and services. We are not responsible for the privacy practices of these advertising partners, we do not exchange information with them for money or anything of value, and this privacy policy does not apply to those websites. You agree that we are not responsible for the availability of such websites and do not review or endorse and shall not be liable, directly or indirectly, for:

  • How these websites treat your personal information;
  • The content of such websites; and
  • The use that others make of these websites.

User Age Requirements and Children’s Privacy: Incyte does not knowingly collect personal information directly from minors—persons under the age of 13 or another age of a minor as defined by the applicable law of your jurisdiction—other than when required to comply with the law or for safety or security reasons. If you are a parent or guardian of a minor who has provided personal information without your knowledge or consent, you may submit a request to remove the minor’s information by emailing us at privacy@incyte.com. If we become aware that anyone under the age of 13 has submitted personal information to our site, we will delete it and we will not use it for any purpose whatsoever.

Cookies: When you visit one of our websites, basic information is passively collected through your browser via use of tracking technologies (or “Cookies”) which utilize various files sent from our servers to your computer hard drive. Some Cookies are mandatory and strictly necessary in order to make the website work and some are optional and placed with your consent. You can learn more about Incyte’s collection of Cookies in our Cookie Policy

Google Analytics: Google Analytics is a service provided by Google, Inc. (“Google”). We use Google Analytics to collect statistics in order to improve our websites. Google Analytics collects and provides to us:

  • The domain name and IP address from which you accessed our site
  • The type of browser and operating system you use
  • The date, time and length of your visit
  • The specific page visited, graphics viewed and any documents downloaded
  • The specific links to other sites you accessed from our site
  • The specific links from other sites you used to access our site

In addition to using Cookie Settings you can selectively disable Google Analytics by installing the opt-out component provided by Google on your browser.

We use the personal information that Google Analytics collects to compile generic reports about popular pages on our website and to see how you (and other customers and followers) are accessing our website. We then use those reports to administer the website, make your activities more convenient and efficient, and to enhance the functionality of our website, such as by remembering certain details of your information and thereby saving you time.³

Mobile Device Information: If you access an Incyte website from a phone or other mobile device, the mobile services provider may transmit uniquely identifiable mobile device information to us, which allows us to then collect mobile phone numbers and associate them with the mobile device identification information. Some mobile phone service providers also operate systems that pinpoint the physical location of devices, and we sometimes receive this information as well. We use this information in the same way that we use personal information collected by Google Analytics as described above.

Social Plug-Ins: This website may use social plug-ins (e.g., the Facebook “Like” button) to enable you to easily share information with others. The social plug-in may place a cookie on your computer which enables the social media website to see who previously visited our website. The social plug-in also allows that social media website to receive information about your visit to particular pages on our website if you have logged into that social media before visiting us. The social plug-in may also allow the social media website to share information about your activities on our websites with other users of their site. Incyte does not collect or process personal information from these plug-ins. For further details about the information shared via a particular social media plug-in, you should refer to the social media site’s privacy policy.

Voluntarily Submitted Information: If you participate in certain activities on our websites, mobile applications or social media accounts, you may need to provide us with personal information such as your name, email address, mailing address, phone number or fax number. For example, if you choose to send us an email or fill out an online form, you are voluntarily providing personal information to us. We do not sell, rent or trade voluntarily submitted personal information with third parties. If you choose not to provide your personal information, you may not be able to participate in those activities; however, you will still be able to access information available on the website to the general public.

² Please note that certain applicable laws place limitations on the use of certain cookies. Please refer to the annex at the end of this Privacy Policy for the country in which you live for more information.
³ For more information about Google Analytics, please refer to the links below:

Incyte is committed to ensuring that our communications are accessible to individuals with disabilities. To submit accessibility-related requests or report barriers to accessibility, please use the contact information below.

Incyte Corporation
Attention: Global Data Privacy Officer
1801 Augustine Cut-Off
Wilmington, Delaware 19803 
USA
privacy@incyte.com

Your personal information will be used for the purposes listed below.

Categories of PI Collected

Applicable Categories of Individuals

Name, Contact Information and Unique Identifiers: Identifiers, such as a real name, alias, postal address, telephone number, unique personal identifier, online identifier, device ID, Internet protocol (IP) address, email address, account name, social security number, driver’s license number, passport number or other similar identifiers—as well as demographic information—such as date of birth, place of birth, country of residence, income, family size etc., and an individual’s written or digital signature.

Employees

Candidates for Employment

Contractors

Healthcare Providers

Clinical Trial Investigators, Site Staff and Participants

Patients

Customers

Website Visitors

Caregivers

Authorized Representatives

Financial Information: Bank account number, credit or debit card number, credit reports, background checks or other financial information.

Employees

Candidates for Employment

Contractors

Healthcare Providers

Clinical Trial Investigators

Medical Information: Any information in possession of or derived from yourself, a healthcare provider, a healthcare insurer, a healthcare service plan, a pharmaceutical company or a contractor regarding an individual’s medical history, mental or physical condition, or treatment. This includes an individual’s insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual or any information in the individual’s application and claims history (including prescription information).

Employees

Candidates for Employment

Contractors

Healthcare Providers

Clinical Trial Participants

Patients

Customers

Website Visitors

Caregivers

Authorized Representatives

Protected Characteristics: Characteristics of legally protected classifications such as race, gender, age, nationality, physical or mental disability, and religion.

Employees

Candidates for Employment

Clinical Trial Participants

Patients

Purchase History and Tendencies: Information regarding products or services purchased, obtained or considered.

Healthcare Providers

Patients

Customers

Website Visitors

Caregivers

Authorized Representatives

Biometric Information: Physiological, biological, or behavioral characteristics that can establish an individual’s identity, including DNA, face, iris or retina imagery, fingerprint, voice recordings and sleep, health or exercise data that contain identifying information.

Employees

Candidates for Employment

Contractors

Clinical Trial Participants

Patients

Customers

Website Visitors

Caregivers

Authorized Representatives

Network Activity: Internet or other electronic network activity information, such as browsing history, search history and information regarding an individual’s interaction with an internet website, application or advertisement. Includes analytics evaluation and cookies.

Employees

Candidates for Employment

Contractors

Healthcare Providers

Clinical Trial Investigators and Site Staff

Patients

Customers

Website Visitors

Caregivers

Authorized Representatives

Geolocation Data: Precise geographic location information about a particular individual or device.

Employees

Candidates for Employment

Contractors

Healthcare Providers

Patients

Customers

Website Visitors

Caregivers

Authorized Representatives

Electronic and Sensory Data: Audio, electronic, visual or similar information (e.g., a recording of a customer service call or a profile photograph).

Employees

Candidates for Employment

Contractors

Healthcare Providers

Clinical Trial Investigators, Site Staff and Participants

Patients

Customers

Website Visitors

Caregivers

Authorized Representatives

Education and Professional Information: An individual’s academic information and records, licenses, professional or employment-related information and professional interactions with Incyte.

Employees

Candidates for Employment

Contractors

Healthcare Providers

Clinical Trial Investigators, Site Staff and Participants

Website Visitors

Inferences: Inferences drawn from any of the information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

Employees

Candidates for Employment

Contractors

Healthcare Providers

Clinical Trial Investigators, Site Staff and Participants

Patients

Customers

Website Visitors

Caregivers

Authorized Representatives

Households

We and our service providers collect personal information in a variety of ways, including from:

  • You directly or an authorized representative
  • Government entities
  • Public records
  • Research partners
  • Data resellers
  • Marketing vendors
  • Business service providers

We use your personal information for the purposes we have described below in this Privacy Policy or for purposes which are reasonably compatible with the ones described. We will not use it for other purposes without your permission unless we have a legal obligation to do so.

To manage our relationship with you.4

We will use your personal information:

  • To respond to your requests
  • To improve our level of service
  • To provide our products and services to you
  • To promote our products and services
  • To manage your account, if necessary
  • To provide you with information when you request it, or when we believe it may be of interest to you
  • To invite you to provide your views on our products and services, participate in research or attend events
  • To report any product adverse events that you notify us about
  • To consider your application for employment
  • To perform analytics and understand your preferences
  • To provide access where required to our sites and facilities
  • To gain insights and feedback on our products and services in order to correct or improve them, by analyzing information from external sources such as Google, Facebook and Twitter (and others)
  • For our own administrative and quality assurance purposes
  • For other purposes that may be detailed on a website or mobile application which will be described at the time the information is collected

To manage and improve our processes and our business operations.

We will use your personal information:

  • To manage our network and information systems' security
  • To manage our workforce effectively
  • To prepare and perform management reporting and analysis, including analytics and metrics

To achieve other purposes.

We will use your personal information:

  • To follow applicable laws and regulations
  • To respond to lawful requests from competent public authorities
  • To tell you about changes to our terms, conditions and policies
  • To exercise or defend Incyte against potential, threatened or actual litigation
  • To protect Incyte’s or your vital interests, or those of another person
  • To disclose any transfers of value made to you in relation to expert services that you provide to us
  • For the purpose of authorship of a scientific publication
  • To respond to and handle your queries or requests
  • When we sell, assign or transfer all or part of our business

4Marketing Opt-in: In some locations, by law you must opt-in before receiving materials such as newsletter or product alerts via text or email from us. Once you have opted-in, if you then decide you don’t want to receive such materials, you may opt-out at any time by following the opt-out instructions below.

Marketing Opt-out: If applicable law does not require your opt-in, you may still opt-out of receiving materials such as newsletter or product alerts by following the opt-out instructions in the email or other communication, or the opt-out details provided to you through the applicable program. You may also opt-out by accessing our data subject request form or by emailing privacy@incyte.com. When we receive your opt-out request, we will take reasonable steps in a timely manner to remove your name from our distribution lists. However, it may take a period of time to remove your name from our lists after your request and therefore you may still receive materials for a period of time after you opt-out.

We share your information in the manner and for the purposes described below:

  • We engage third-party companies to provide us with website, hosting, content development and marketing services either to help us in our business, or to perform functions we would otherwise perform ourselves. These companies will have incidental access to your information, including your personal information, as part of the work they perform
  • We may share information with regulators, which may include data protection authorities, and with courts and law enforcement to comply with all applicable laws, regulations and rules and requests of law enforcement, regulatory and other governmental agencies
  • We may share in an aggregate, statistical form, information that is not considered personal information, about the visitors to our website, traffic patterns and website usage with our advertising partners (including social media sites such as Facebook, Twitter, LinkedIn and YouTube, etc.)
  • If, in the future, we sell or transfer some or all of our business or assets to a third party, or invite investment in our company, we may disclose information to a potential or actual third-party purchaser of our business or assets

Incyte will keep your personal information for as long as needed or permitted for the purpose(s) for which it was obtained and consistent with applicable law. In some cases, we may also retain your personal information in order to resolve queries or disputes that may arise from time to time.

As technology improves the efficiency of our organization and activities, it may also increase our risk. Incyte has a robust Cybersecurity program, with a comprehensive suite of tools and processes. These include technical and administrative safeguards such as penetration testing, vulnerability assessment and remediation; privacy and cybersecurity assessment of business partners; end-to-end security tools; cloud security and protection mechanisms for patient data and intellectual property. Incyte also focuses on regularly improving cybersecurity awareness among employees and contingent workers through mandatory cybersecurity training during orientation, annual refreshers and “Cybersecurity Awareness Month” activities, which are supplemented by periodic phishing simulation testing campaigns with additional training for users who do not pass the tests.

Click below to access our privacy notices/policies relating to the areas identified.

Job Candidates

Learn what we do with your personal information when you apply for a job at Incyte.

image of the Canadian flag English (CA) View PDF

image of the EU flag English (EU) View PDF

image of the United Kingdom flag English (UK) View PDF

image of the American flag English (US) View PDF

image of the Denmark flag Danish View PDF

image of the Dutch flag Dutch View PDF

image of the Finland flag Finnish View PDF

image of the French flag French View PDF

image of the German flag German View PDF

image of the Italian flag Italian View PDF

image of the Japan flag Japanese View PDF

image of the China flag Mandarin View PDF

image of the Norway flag Norwegian View PDF

image of the Portugal flag Portuguese View PDF

image of the Spain flag Spanish View PDF

image of the Sweden flag Swedish View PDF

Study Participants

Learn what we do with your personal information when you are in an Incyte-sponsored clinical trial or other research project.

image of the Canadian flag English (CA) View PDF

image of the EU flag English (EU) View PDF

image of the United Kingdom flag English (UK) View PDF

image of the American flag English (US) View PDF

image of the Denmark flag Danish View PDF

image of the Dutch flag Dutch View PDF

image of the Finland flag Finnish View PDF

image of the French flag French View PDF

image of the German flag German View PDF

image of the Italian flag Italian View PDF

image of the Japan flag Japanese View PDF

image of the China flag Mandarin View PDF

image of the Norway flag Norwegian View PDF

image of the Portugal flag Portuguese View PDF

image of the Spain flag Spanish View PDF

image of the Sweden flag Swedish View PDF

Non-Research Patients

Learn what we do with your personal information when you use an Incyte drug.

image of the Canadian flag English (CA) View PDF

image of the EU flag English (EU) View PDF

image of the United Kingdom flag English (UK) View PDF

image of the American flag English (US) View PDF

image of the Denmark flag Danish View PDF

image of the Dutch flag Dutch View PDF

image of the Finland flag Finnish View PDF

image of the French flag French View PDF

image of the German flag German View PDF

image of the Italian flag Italian View PDF

image of the Japan flag Japanese View PDF

image of the Norway flag Norwegian View PDF

image of the Portugal flag Portuguese View PDF

image of the Spain flag Spanish View PDF

image of the Sweden flag Swedish View PDF

Healthcare Professionals

Learn what we do with your personal information when we interact with you as a healthcare professional.

image of the Canadian flag English (CA) View PDF

image of the EU flag English (EU) View PDF

image of the United Kingdom flag English (UK) View PDF

image of the American flag English (US) View PDF

image of the Denmark flag Danish View PDF

image of the Dutch flag Dutch View PDF

image of the Finland flag Finnish View PDF

image of the French flag French View PDF

image of the German flag German View PDF

image of the Italian flag Italian View PDF

image of the Japan flag Japanese View PDF

image of the China flag Mandarin (China) View PDF

image of the Taiwan flag Mandarin (Taiwan) View PDF

image of the Norway flag Norwegian View PDF

image of the Portugal flag Portuguese View PDF

image of the Spain flag Spanish View PDF

image of the Sweden flag Swedish View PDF

Business Contacts

Learn what we do with your personal information when you interact with us in the course of business.   

image of the EU flag English (EU) View PDF

image of the United Kingdom flag English (UK) View PDF

image of the American flag English (US) View PDF

image of the Denmark flag Danish View PDF

image of the Dutch flag Dutch View PDF

image of the Finland flag Finnish View PDF

image of the French flag French View PDF

image of the German flag German View PDF

image of the Italian flag Italian View PDF

image of the Japan flag Japanese View PDF

image of the China flag Mandarin View PDF

image of the Norway flag Norwegian View PDF

image of the Portugal flag Portuguese View PDF

image of the Spain flag Spanish View PDF

image of the Sweden flag Swedish View PDF

Depending on where you are located, you may have certain rights regarding your personal information under applicable privacy and data protection laws (including but not limited to the European Union's General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA) (collectively, "Privacy Laws")

If you wish to exercise your rights, please complete the information in this data subject request form. Upon receipt of the completed form, we will process your request within the timelines required under applicable privacy laws. If additional information is necessary to process your request, we will contact you using the contact information that you provide in the data subject request form.

The information that you provide in connection with your request will be processed solely for the purpose of responding to your request.

If you are a California resident, You may also contact Incyte’s Privacy Office at +1 855-446-2983.

We live in the same connected world you do. Although headquartered in the United States, we conduct business, among other places, in Switzerland and many of the countries comprising the European Economic Area (“EEA”). Since our commitment to transparency and trust in matters of privacy does not end at the U.S. border, for information transferred from those countries to our United States operations, we comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. You can verify our good standing under the Privacy Shield by searching our name here. Incyte does not currently use the Privacy Shield Frameworks as the basis for international transfers; however, we are committed to abiding by the Privacy Shield principles.

This Privacy Shield Statement sets forth the privacy principles Incyte follows in connection with the transfer and protection of personal information from the European Economic Area (“EEA”) and Switzerland to the United States, in addition to the EU and Swiss Standard Contractual Clauses we have with third parties and our Intragroup Data Transfer Agreement between our affiliates that provide the actual basis for these data transfers. The EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework were developed to provide US organizations with a means of satisfying the requirements under the EU Directive on data protection and Article 6 of the Swiss Federal Act on Data Protection respectively, and Incyte continues to abide by these Frameworks while not using them as the basis for our data transfers.

Consistent with Incyte’s goal to protect personal privacy, Incyte is fully committed to complying with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information from EEA member nations and Switzerland to the United States. Incyte has certified to the Department of Commerce that it adheres to both the EU-U.S. and Swiss-US Privacy Shield Principles of Policy, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability as set forth below (the “Principles”). The United States Federal Trade Commission (FTC) has jurisdiction over our compliance with the Privacy Shield and we are subject to the FTC’s investigatory and enforcement powers. Information regarding the Privacy Shield program and evidence of our certification can be found by visiting https://www.privacyshield.gov/.

This Privacy Shield Statement is effective as of December 19, 2022, and has not been amended since that date.

Scope
This Privacy Shield Statement governs all personal information received by Incyte in the United States from Incyte’s operations and business partners in the EEA and Switzerland. As used in this Privacy Shield Statement, “personal information” has the meaning given to it under the applicable local law of the country from which it was originally collected. Generally, it means information that identifies or can directly or indirectly lead to the identification of an individual, including such things as an individual’s name, address, telephone number, fax number, email address, social security number and date of birth.

Privacy Shield Principles
The Privacy Shield is predicated on seven core Principles:

  • Policy
  • Choice
  • Accountability for Onward Transfer
  • Security
  • Data Integrity and Purpose Limitation
  • Access
  • Recourse, Enforcement and Liability

We adhere to and have implemented policies and procedures regarding these core Principles in the following ways:

Policy. When we collect personal information from individuals in the EEA and Switzerland, we tell them about the types of personal information being collected, the purposes of our collection and the nature of our intended uses. We also advise them of the types of third parties—such as vendors with cloud-based software licensed in support of our operations and clinical research organizations—to whom we further disclose such information, the purposes for which we disclose to such third parties, and the choices and means, if any, we offer for limiting use and disclosure, as well as how to contact us with inquiries or complaints. We use a variety of different context-specific means to provide such policy information. For instance, in our research activities, we use industry-standard informed consent forms.

Choice. We will offer those individuals whose personal information we have collected a choice. They may “opt-out” of having their personal information disclosed to third parties and/or used for purposes other than for the purposes for which it was originally collected or subsequently authorized. For the types of personal information that the laws of Switzerland and the EEA countries deem “sensitive,” rather than having to opt-out after the fact, we afford affected individuals, at the time of collection, an opportunity to “opt-in” and specifically consent to have their information disclosed to third parties or used for purposes other than those for which it was originally collected or subsequently authorized. Just as we do in fulfilling our Policy obligations, we use a variety of different, context-specific means to provide the choices described here or otherwise required by the Privacy Shield.

Accountability for Onward Transfer. Our accountability for the personal information we receive and subsequently transfer to third parties is described in the Privacy Shield Principles. In summary, we remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process your personal information on our behalf do so in a manner inconsistent with the Principles, unless we can prove that we are not responsible for the event that gives rise to any harm you may incur.

Security. At a minimum, we take reasonable precautions to protect the personal information in our possession from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.

Data Integrity and Purpose Limitation. We only use the personal information we collect in ways that are consistent with the purposes for which it was originally collected or for which we subsequently obtained authorization from the affected individuals. We take reasonable steps to ensure that the information is reliable for its intended use, accurate, complete and current. To accomplish this, we necessarily rely on individual data subjects to exercise their Access rights to keep us apprised of any changes in their personal information.

Access. If an individual from whom we have collected data writes to us and asks to have access to their personal information, we will take all reasonable steps to ensure such access is granted. Obviously, the relevant information must be in our possession or under our reasonable control for us to do so. Once such access is granted, affected individuals have the right under the Privacy Shield to have us correct, amend or delete their information where it is determined to be factually inaccurate. There are, however, certain limitations to an individual’s rights to such access. These include situations where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy, or where the rights of persons other than the individual would be violated.

Recourse, Enforcement and Liability. We implement processes and procedures to verify our compliance with this Privacy Shield Statement. If individuals believe that we are not compliant, or if they have other complaints related to this Privacy Shield Statement or our conduct under it, we encourage those individuals to contact us using the contact information listed at the end of this Privacy Shield Statement. We commit to investigate and attempt to remedy all such valid complaints.

Dispute Resolution. In compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, Incyte commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Incyte at:

Global Data Privacy Officer
1801 Augustine Cut-Off
Wilmington, Delaware 19803
USA
privacy@incyte.com

Incyte has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit BBB EU Privacy Shield Process For Consumers for more information and to file a complaint. This service is provided free of charge to you.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

Additionally, for disputes involving human resources data, Incyte cooperates and complies with the EU Data Protection Authorities and/or the Swiss Federal Data Protection and Information Commissioner, as applicable, with respect to such data.

Limitation of Principles
Adherence to this Privacy Shield Statement may be limited to the extent required to satisfy legal obligations (including, but not limited to, subpoenas and court orders) and/or meet national security, law enforcement or public interest requirements. We may be required, under certain circumstances, to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. The law also provides certain express exceptions and variations to our obligations under this Privacy Shield Statement. For instance, some of the Access and consent principles are modified for pharmaceutical companies like us who use personal information to engage in ongoing research for the good of the public health.

Changes to this Privacy Shield Statement
We reserve the right to change or update this policy from time to time. Please check our site periodically for such changes since all information collected is subject to the policy in place at that time. Typically, we will indicate the effective/amendment date at the beginning of this policy. If we feel it is appropriate, or if the law requires, we will also provide a summary of changes we have made near the end of a new policy.

Contacting Us
If you have questions about this Privacy Shield Statement, our privacy practices, or would like to submit a complaint, please contact our Privacy Office:

Incyte Corporation
Attention: Global Data Privacy Officer
1801 Augustine Cut-Off
Wilmington, Delaware 19803 
USA
privacy@incyte.com

In addition to the general policies above, Incyte follows all privacy laws in the markets where it operates, including but not limited to the below.

Canada
Quebec

If you are a resident of Quebec, please read this section.

Scope of Policy

This Policy applies to Incyte Biosciences Canada Corporation and any other affiliates from time to time (collectively, Incyte Biosciences Canada Corporation or “we” or “us”) in respect to processing activities that are subject to federal and provincial privacy legislation.

Accountability

Incyte Biosciences Canada Corporation is responsible for personal information under its control. We have designated a Privacy Officer who is responsible for Incyte Biosciences Canada Corporation compliance with this Policy. Incyte Biosciences Canada Corporation will, on request, provide information regarding its complaint procedures.

For further information about our Privacy Policy, please use our data subject request webform or you may contact:

Nicholas Apruzzi, Privacy Officer, on behalf of Incyte Biosciences Canada Corporation
1801 Augustine Cut-Off
Wilmington, Delaware 19803 
USA
privacy@incyte.com

European Economic Area (EEA), United Kingdom and Switzerland

If you live, work or travel in the EEA, Switzerland or the United Kingdom (UK)—or visit an EEA, Swiss or UK website—please read this section to learn more about the General Data Protection Regulation (GDPR) or UK Data Protection Act and how it applies to the personal data collected and used by Incyte as described in this Privacy Policy.

Your personal information will be used for the purposes listed below. We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis, as described below, to do so. The legal basis we rely upon may impact which rights you have in relation to your personal information (see section below on those rights for more details).

Purpose

Legal Basis

Responding to your queries submitted to Incyte's contact details by email, telephone or mail.

Legitimate interest in responding to voluntarily submitted queries.

Using authorized features and apps to post or upload messages, comments, screen names, files and other materials. These features include comment fields on our content posted on and use of social media sites such as Facebook, Twitter, YouTube, LinkedIn, Pinterest, Instagram and any of the many other available external third-party social media platforms, as well as mobile or other apps we’ve created and distributed to let our customers and followers view our site or otherwise interact with our content.

Performance of a contract (relevant user terms) or legitimate interest in providing features which allow for user submitted content.

Sending you our newsletter, promotional materials or other materials

Consent or, where permissible by law, Incyte’s legitimate interest in providing the information.

Enhancing your experience on our website through the processing of automatically collected information.

Consent or, where permissible by law, legitimate interest in providing a personalized user experience.

Improving the functionality of the website for the benefit of all users

Legitimate interest in providing improved functionality to the benefit of all users.

 

Where we rely upon a "legitimate interest" as our legal basis, we make sure that our interest is not outweighed by any impact on your rights and freedoms. We do this by using your personal information in a way which is proportionate and respects your privacy.

WHERE IS YOUR PERSONAL INFORMATION USED OR STORED?

We may transfer your personal data to other countries outside of your location. Your personal data may be transferred:

  • To Switzerland and Japan: Switzerland and Japan are considered as providing adequate data protection standards by the European Union (for further details, see here)
  • To other countries where data protection standards have not been determined to be adequate by the European Union: these countries include the United States, India, and China. In these cases, we will ensure that any recipients of your personal data are bound by contract to the European, Swiss and UK data protection standards

Google Analytics. Incyte does not use Google Analytics on websites in France or Denmark.

Cookies. Incyte uses only Strictly Necessary cookies in France.

WHAT ARE YOUR RIGHTS?

You have a number of rights which apply to our use of your personal data. The availability of some of these rights depends upon our lawful basis for processing your personal data, and your rights may also be subject to certain conditions and restrictions. Your rights may include:

  • To obtain access to your personal data together with information about how and on what basis that personal data is processed
  • To rectify inaccurate personal data (including the right to have incomplete personal information completed)
  • To erase your personal data in limited circumstances where it is no longer necessary in relation to the purposes for which it was collected or processed
  • To restrict processing of your personal data where:
    • the accuracy of the personal data is contested
    • the processing is unlawful but you object to the erasure of the personal data
    • we no longer require the personal data for the purposes for which it was collected, but it is required for the establishment, exercise or defense of a legal claim
  • To challenge processing which we have justified on the basis of a legitimate interest
  • To object to decisions which are based solely on automated processing (to the extent that these are taken) and to restrict processing based on your objection
  • To obtain a portable copy of your personal data or to have a copy transferred to a third-party controller
  • To obtain more information as to safeguards under which your personal data is transferred outside of the EEA (if relevant)
  • To lodge a complaint with the data protection/supervisory authority noted below

We may ask you for additional information to confirm your identity and for security purposes before disclosing the personal data requested to you.

WHO CAN YOU CONTACT REGARDING YOUR RIGHTS?

Data Controller: The entity that determines why and how your personal data is processed is called a Controller. For online visitors, this is the Incyte organization or affiliate whose website you are visiting. A list of all Incyte companies is available here. For Incyte organizations or affiliates located outside of the EEA, Incyte has elected Incyte Biosciences Benelux BV as its legal representative.

Data Protection Officer Incyte: privacy@incyte.com

Data Protection Authority/Supervisory Authority: The Data Protection Authority/Supervisory Authority for the processing of your personal data is the authority located in the country of the Incyte organization or affiliate whose website you are visiting or the country where you live, work, or the place of the alleged infringement. More information about how to contact these authorities in the European Union can be found here. For Switzerland information, please visit the office of the Federal Data Protection and Information Commissioner. For United Kingdom information, please visit the Information Commissioner’s Office (ICO).

United States
California

If you are a resident of California, please read this section to learn more about California laws and how they apply to the personal information collected and used by Incyte as described in this Privacy Policy.

During the past 12 months we may have engaged in delivering online advertising that was tailored to your interests, and may have involved the transfer of your device ID and URL to third parties, but we did not disclose data that would identify you by name, address or phone number.

WHAT ARE YOUR RIGHTS?

Individuals who are California residents and whose information is covered by the relevant provisions of California law may have the following privacy rights:

  • To request disclosure of personal information we collect and share about you during the 12-month period preceding our receipt of the request, including:
    • the categories of personal information we’ve collected about you
    • the categories of sources from which we collected the personal information
    • the business or commercial purposes for which we collected or sold the personal information
    • the categories of third parties with which we shared the personal information
    • the categories of personal information that we have shared with service providers who provide services to us
    • the specific pieces of personal information we collected
    • the categories of personal information about you that we have sold (if any), the categories of third parties to which we have sold that information, and the category or categories of personal information sold to each third party
  • To request deletion of personal information we have collected about you
  • To request that Incyte not transfer or sell your personal information
    • California residents also have the right to request that their information not be sold for value or transferred to third parties. Incyte does not knowingly sell personal information; however, some third parties may derive an unintended benefit from Incyte’s online advertising

You also have a right not to be discriminated against for the exercise of these privacy rights. If you exercise any of these rights, we will continue to treat you fairly and not discriminate against you on the basis that you have exercised such rights.

There may be some types of personal information that can be associated with a household (a group of people living together in a single home). Requests for access or deletion of household Personal Information must be made by each member of the household. We will verify each member of the household using the verification criteria explained below. If we are unable to verify the identity of each household member with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of our denial.

WHO CAN YOU CONTACT REGARDING YOUR RIGHTS?

If you are a California resident, to exercise your CCPA rights to request access or deletion of personal information that Incyte collects or shares about you, please contact Incyte via our data subject request webform or toll free at 1-855-446-2983.

For requests for access or deletion, we will respond to you or your authorized agent’s request in writing, or orally if requested, as soon as practicable and in any event generally not more than within 45 days after receipt of your request. We may extend this period to 90 days and, in the event that we do extend the period, we will explain to you or your authorized agent why we did so.

If you are legally entitled to such rights, you may designate an agent to submit a request on your behalf. The agent can be a natural person or a business entity that is registered with the California Secretary of State. If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our agent verification process. You will be required to verify your identity by providing us with certain personal information, depending on the nature of the information you require, which we will endeavor to match with information we maintain about you. Additionally, we will require that you provide us with written confirmation that you have authorized the agent to act on your behalf and the scope of that authorization. The agent will also be required to provide us with proof of the agency relationship, which may be a declaration attesting to the agent’s identity and authorization by you to act on their behalf, signed under penalty of perjury. If the agent is a business entity, it will also need to submit evidence that it is registered and in good standing with the California Secretary of State. Information to identify and verify your agent can be submitted through the same mechanism and at the same time as you submit information to verify your identity. Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney.

To respond to your requests, we will ask you for at least two pieces of personal information and, for requests for specific pieces of personal information, we will ask you for at least three pieces of personal information. The information we require may vary depending on your relationship to us, and may include your full legal name, residential address, email address and phone number as well information we may have on file about you. If you are requesting on behalf of another consumer, we may request additional information from you and/or the consumer to verify their identity. In all cases, we endeavor to match the information we receive for the purpose of verification to information we maintain about you. If we are unable to verify your identity using this process, we will provide you with a response explaining this and what additional action you may take to ensure we can successfully verify your request.

For California residents, in the 2022 calendar year, Incyte received 0 data subject access requests.

CALIFORNIA SHINE THE LIGHT

California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about the personal information (if any) disclosed to third parties for direct marketing purposes in the preceding calendar year. No information is shared by Incyte with third parties for their own marketing purposes.

Cookie Settings

Contact Incyte’s Privacy Office

If you have any questions about our privacy notices or practices, you may contact Incyte's Privacy Office at:

Incyte Corporation
Attention: Global Data Privacy Officer
1801 Augustine Cut-off
Wilmington, Delaware 19803 
USA
privacy@incyte.com


Cookie Settings