NPS Pharmaceuticals will only collect, and subsequently process, Personal Information that is relevant and proportionate to the business, commercial or research purposes that the Personal Information is meant to serve. Whenever the circumstances reasonably permit, NPS will collect information that does not identify individuals in lieu of Personal Information. Personal Information is any information that can reasonably be used to identify, locate or contact an individual. It does not include information that cannot be attributed to an individual because it has been aggregated with other information (e.g., statistical information) or anonymized, meaning that NPS cannot attribute the information to an individual using reasonable means. Personal Information includes, but is not limited to: (a) first and last name; (b) home or other physical address; (c) telephone number; (d) e-mail address; (e) employment, financial or health information; or (f) any other information relating to an individual, or his or her use of a product, that is combined with any of the above.
Ordinarily, NPS's collection of Sensitive Data will be restricted to certain processing in the areas of employment, research, patient support, adverse event reporting and product complaints. Sensitive Data is that subset of Personal Information, including Social Security number, passport number, health plan member identification number, driver’s license number or similar identifier, or credit or debit card number, whose unauthorized disclosure or use could reasonably entail risk to an individual.
NPS will notify individuals of the Personal Information NPS collects about them, the purposes for which it will be used and the circumstances in which their information will be disclosed to third parties in accordance with NPS Policy and applicable law.
Use of Personal Information shall be subject to choice and consent requirements, in accordance with applicable law and other applicable NPS policies.
NPS will ensure that only authorized employees, agents or entities collect, use or disclose Personal Information, and that such activities are consistent with the roles and responsibilities assigned to such persons or entities, relevant NPS policies and/or procedures, and applicable law.
In accordance with applicable law, NPS will permit individuals to review the accuracy and completeness of the Personal Information NPS maintains about them and to request that any inaccurate or incomplete data be amended.
In certain instances, NPS may disclose Personal Information to third parties, including authorized service providers, such as those who help deliver packages or process credit card information, and other commercial enterprises (e.g., business partners), regulatory authorities and law enforcement agencies.
Prior to the disclosure of Personal Information to third parties, NPS will take steps that are reasonable under the circumstances and in accordance with applicable law to verify the identity and legal authority of the person or entity to which the disclosure of Personal Information is made.
NPS will implement contractual controls whenever it relies on third-party agents to process Personal Information on its behalf. Such contracts shall, at a minimum, require the third-party agent to (i) implement appropriate security measures to ensure that any Personal Information is adequately protected and maintained securely, and (ii) act only on the instructions of NPS or its designated representative when processing Personal Information.
NPS will implement appropriate organizational, technical and environmental controls to ensure that the Personal Information it processes is protected from unauthorized or unintentional access, disclosure or use.
Sensitive Data will be subject to particularly rigorous security measures given the harm that could arise from its inadvertent or unintentional disclosure.
NPS will delete or destroy Personal Information as promptly as possible, if retention of such information is not necessary for a business or legal purpose.
To the extent reasonably possible, NPS will establish discrete, defined retention periods for the classes of Personal Information it retains. An appropriate retention period should reflect NPS's existing business or research needs, as well as applicable legal requirements, such as local laws regulating employers, research or marketing of pharmaceutical products.
If it proves impractical or impossible to delete or destroy Personal Information, NPS will endeavor to aggregate or anonymize Personal Information so that it no longer refers to specific individuals. Where Personal Information must be retained in accordance with applicable law, but is no longer processed regularly, it should be archived and segregated from data that are routinely processed.
European Union ("EU"), Swiss and United States ("U.S.") Safe Harbor
This Policy applies to all information received by NPS in the United States from the EU and Switzerland. NPS complies with the U.S.-EU and U.S.-Swiss Safe Harbor frameworks as set forth by the U.S. Department of Commerce. NPS has certified that it adheres to the Safe Harbor Policy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. To learn more about the Safe Harbor program and to view our certification page, please visit http://www.export.gov/safeharbor/. If you have any questions, complaints or other issues with the Safe Harbor practices of NPS, please contact the NPS Data Privacy Officer at the following address:
NPS Pharmaceuticals, Inc. Attn: General Counsel 500 Hills Drive, 3rd Floor Bedminster, NJ 07921