NPS Pharmaceuticals, Inc. (“NPS”) will only collect, and subsequently Process, Personal Information that is relevant and proportionate to the business, commercial or research purposes that the Personal Information is meant to serve. Whenever the circumstances reasonably permit, NPS will only collect information that does not identify individuals in lieu of Personal Information. Ordinarily, NPS’ collection of sensitive data will be restricted to certain Processing in the areas of employment, research, patient support, adverse event reporting and product complaints. The collection of sensitive data in other contexts should be exceptional and access to such information should be limited to those who require it to perform their jobs. As used throughout this Policy Statement, the term "Personal Information" applies to any information or set of information that identifies or that is or may be used by or on behalf of NPS to identify an individual. As used throughout this Policy Statement, the term “Process/Processes/Processing/Processed” means any operation or set of operations that is performed upon Personal Information, whether or not by automatic means, including, without limitation, collection, recording, organization, storage, access, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, blocking, detention, erasure or destruction.
NPS will notify individuals of the Personal Information NPS collects about them, the purposes for which it will be used and the circumstances in which their information will be disclosed to third parties in accordance with relevant NPS policy and applicable law.
Use of Personal Information shall be subject to choice and consent requirements, in accordance with applicable law and other applicable NPS policies.
NPS will ensure that only authorized employees, agents or entities collect, use or disclose Personal Information, and that such activities are consistent with the roles and responsibilities assigned to such persons or entities, relevant NPS policies and/or procedures, and applicable law.
In accordance with applicable law, NPS will permit individuals to review the accuracy and completeness of the Personal Information NPS maintains about them and to request that any inaccurate or incomplete data be amended. If you believe your Personal Information is inaccurate or incomplete, you can contact the Data Privacy Officer at the address below:
NPS Pharmaceuticals, Inc.
Attn. Data Privacy Officer (General Counsel)
550 Hills Drive
Bedminster, NJ 07921
In certain instances, NPS may disclose Personal Information to third parties, including authorized service providers (such as those who help deliver packages or Process credit card information), law enforcement authorities, regulatory authorities and other commercial enterprises (such as business partners).
Prior to the disclosure of Personal Information to third parties, NPS will take steps that are reasonable under the circumstances and in accordance with applicable law to verify the identity and legal authority of the person or entity to which the disclosure of Personal Information is made.
NPS will implement contractual controls whenever it relies on third-party agents to Process Personal Information on its behalf. Such contracts shall, at a minimum, require the third-party agent to (i) implement appropriate security measures to ensure that any Personal Information is adequately protected and maintained securely, and (ii) act only on the instructions of NPS or its designated representative when Processing Personal Information.
NPS will implement appropriate organizational, technical and environmental controls to ensure that the Personal Information it Processes is protected from unauthorized or unintentional access, disclosure or use. Such measures may include:
-Technical measures, including access (e.g., passwords) and authentication controls for electronic systems and databases; technical firewalls and other anti-intrusion technologies; and disaster recovery plans;
-Organizational measures, including internal training and disciplinary sanctions for employees who breach this Policy Statement; and
-Environmental measures, including appropriate restrictions on physical access to Personal Information, such as locked and limited-access files.
NPS will delete or destroy Personal Information as promptly as possible, if retention of such information is not necessary for a business or legal purpose.
To the extent reasonably possible, NPS will establish discrete, defined retention periods for the classes of Personal Information it retains. An appropriate retention period should reflect NPS's existing business or research needs, as well as applicable legal requirements, such as local laws regulating employers, research or marketing of pharmaceutical products.
If it proves impractical or impossible to delete or destroy Personal Information, NPS will endeavor to aggregate or anonymize Personal Information so that it no longer refers to specific individuals. Where Personal Information must be retained in accordance with applicable law, but is no longer Processed regularly, it should be archived and segregated from data that are routinely Processed.
European Union ("EU"), Swiss and United States ("US") Safe Harbor
This Policy Statement applies to all information received by NPS in the United States from the EU and Switzerland. NPS complies with the U.S.-EU and U.S.-Swiss Safe Harbor frameworks as set forth by the U.S. Department of Commerce. NPS has certified that it adheres to the Safe Harbor Policy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. To learn more about the Safe Harbor program and to view our certification page, please visit http://www.export.gov/safeharbor/. If you have any questions, complaints or other issues with the Safe Harbor practices of NPS, please contact the NPS Data Privacy Officer at the following address:
NPS Pharmaceuticals, Inc.
Attn: Data Privacy Officer (General Counsel)
550 Hills Drive
Bedminster, NJ 07921