PRIVACY NOTICE

Effective January 8, 2024

MeiraGTx Holdings plc including all of our affiliates (“MeiraGTx” referred to as “we”, “us” or “our”) respects the privacy of all individuals and is committed to protecting your personal information.

This Privacy Notice is intended to provide an overview of how we process personal information and applies to information processed in the following circumstances:

  • Our services, including our clinical research and other healthcare or patient activities we are involved with;
  • Individuals who register for, or participate in, our webinars and other events;
  • Individuals who receive news and company communications from us;
  • Visitors to any website operated by MeiraGTx;
  • Individuals we interact with in the conduct of our normal business activities, including staff of regulatory authorities, auditors, suppliers, and members of the public;
  • Any visitors to our sites and offices, including individuals recorded by our CCTV systems.

Sources of Personal Information

We collect personal information in the following ways:

  • Directly from individuals who access our services or communicate with us about our business, including, for example:
    • Participants and prospective participants in clinical research programs that we sponsor;
    • People acting on behalf of patients and other individuals, such as authorized representatives and legal guardians;
    • Users of our websites and mobile applications;
    • Individuals who proactively communicate with MeiraGTx;
    • Individuals that report or otherwise communicate quality, safety, or adverse event-related information about our clinical products and treatments.
  • Service providers, data brokers, or business partners;
  • Industry patient groups and associations;
  • Publicly available sources, including information provided on websites, social media; channels, public forums or platforms, and other third-party sources.

Information We May Collect and Process About You

The personal information that we collect and process varies depending upon our relationship and interactions with you. Below is an overview of the types of data we typically process.

  • Information that you provide to us through our websites and other communication channels. This may include your name, your contact details, and any information contained within your communications with us (for example, when you raise a query or complaint. In some cases it may also include screening information to determine eligibility for participation in a clinical trial).
  • Information relating to quality and safety (such as adverse events and incident reports). MeiraGTx will record any personal information received in relation to any such reports, including the reporting individual’s profession/specialty (if a healthcare professional). Information about the subject of any incident or adverse event, including health data, will be recorded.
  • If you engage with us directly, or indirectly, via public online platforms or social media, we may collect personal information about you from that third-party platform or account. Since third-party platforms and services control the information they collect and share about you, please consult their respective privacy policies for information about how they use your data.
  • Information relating to your use and navigation of our websites including the internet protocol (IP) address from which you access our websites, information about the device you use to access our websites, information about the web browser you use to access the websites, and information about applications on your device that are necessary to support our websites’ functionality.
  • We also use cookies and other similar technology which may collect information about you. Please refer to our cookie notice for details of the types of technologies we use, what we use them for, and the data they collect.

If you visit any of our locations, we may ask you for basic identification data and capture your image through our CCTV systems.

Why We Process Your Information

We may process your personal information to:

  • Authenticate your identity;
  • Enter into a contract with you or the organization for which you work;
  • Perform our contractual obligations to you or the organization for which you work;
  • To assess and communicate your eligibility for enrolment on a clinical trial;
  • Respond to your inquiries and complaints;
  • Comply with legal and regulatory obligations;
  • Improve the content of our website and our services;
  • Preserve the safety and security of people and our facilities;
  • Plan and manage events.

Disclosures of Your Personal Information

Depending on the tasks being carried out, we may share information about you with the following parties:

  • Our affiliates and subsidiaries;
  • Third-party business partners and support services;
  • Auditors, and regulatory and government authorities.

Purpose Limitation and Retention

MeiraGTx will only process your personal information in a manner compatible with the purpose it was collected for. We will retain personal information only for as long as needed for the specific purpose it was collected for, including where this is determined by legal requirements MeiraGTx is subjected to. Where possible, we will anonymize information or remove unnecessary identifiers from records that we need to retain.

Security and Our Efforts to Protect Your Information

We implement technical and organizational measures to protect your information against unauthorized access, loss, misuse, alteration, or destruction. These include measures such as: encryption of electronic communications, encryption of information while it is in storage, firewalls, access controls, appropriate training, as well as policy and procedural controls.

Links to Third Party Websites

Our websites and some of our communications may contain links to other third-party websites and applications. Please be aware that unless explicitly stated this notice does not apply to any other such websites, we encourage our users to be aware when they leave our websites , and to read the privacy statements of each website subsequently visited.

Children’s Privacy

We will not knowingly collect any personal information of children (“individuals who have not reached the age of legal maturity in their jurisdiction”) via our websites or any other passive communication channel. If you are the parent or guardian of a child who you suspect has provided us their personal information, you may contact us at privacy@meiragtx.com and we will work with you to address the matter appropriately.

Your Rights

Depending on where you live, data protection laws may give you rights concerning your personal information. Such rights are not absolute, they may not apply in the jurisdiction you live in, and there may be exemptions we can apply which mean we may not uphold your rights. Wherever possible, however, we will fulfil your rights without obstruction.

Rights that you may have include:

  • The Right to Be Informed: the right to request, and receive, information about how we process information about you.
  • Access, Rectify and Erase Your Personal Information: the right to request access to information that we hold about you; request corrections or updates to your personal information; or, in some cases, ask us to erase your personal information.
  • Restriction of Processing:  the right to request the restriction of processing of your personal information which, if upheld, will require that we do not use your information for a specific purpose.
  • Data Portability:  the right to request a copy of your personal information in a structured, commonly used and machine-readable format, and the right to request that we transmit your personal information to another organization.
  • Object: the right to object to the processing of your personal information by us.
  • Submit Complaints: the right to complain to a data protection authority regarding our use of your personal information.

If you wish to exercise one of the above-mentioned rights, please refer to the ‘Contact Us’ section.

Additional information if you are in the European Union, or in the United Kingdom

International Transfers

We have taken protective measures to ensure the confidentiality, integrity, availability, and security of personal information when it is transferred outside of the European Economic Area (EEA), or the UK. For all such cross-border transfers, we use appropriate transfer mechanisms that require recipients of your information to protect it to a standard that is equivalent to legal requirements in the UK or EEA.

Legal Basis

Wherever required by data protection laws we will process personal information only when it is supported by a valid legal basis. The following legal bases are commonly relied upon by us to process personal information:

  • The execution of obligations arising from a contract in place between you or your organization and us. This includes any processing that is required so that we may enter into a contract with you or your organization;
  • Compliance with a legal obligation;
  • Our legitimate interests;
  • Where the processing is necessary, or legally required, on important public interest grounds, for the establishment, exercise, or defense of legal claims
  • Your consent

Contact Us

We have appointed a global Data Protection Officer (DPO) who is responsible for overseeing compliance with data protection laws. If you wish to contact the DPO, wish to exercise your rights, or wish to make a complaint concerning our handling of your personal information, you may contact us at privacy@meiragtx.com

If you are in the EEA or the UK, and you are unhappy with how we have used your personal information, you can complain directly to your local data protection Supervisory Authority. A list of authorities is available here:

https://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

Changes to this Privacy Notice

We reserve the right to change this Privacy Notice from time to time. If we make any changes, the updated Privacy Notice will be posted with a revised effective date. We recommend that you periodically check for updates.