Privacy Policy

SAREPTA WEBSITE PRIVACY POLICY

Last Reviewed: April 2023

INTRODUCTION

Sarepta International Holdings GmbH ("Sarepta", "Company" or "We") respects your privacy and is committed to protecting your personal information through our compliance with this policy. This policy describes the types of personal information we may collect from you or that you may provide when you visit www.sareptatherapeutics.ch or any social media site, mobile sites, or online application owned and/or operated by the Company, including any content, functionality and services offered on or through these sites or channels (our "Websites"), and our practices for collecting, using, maintaining, protecting and disclosing that personal information.

This policy applies to personal information. “Personal information” is any information—as electronically or otherwise recorded—that can be used to identify a person or that we can link directly to an individual, such as name, address, email address, or telephone number, as applicable. This policy applies only to personal information we may collect:

on our Websites;
through e-mail, text and other electronic messages between you and our Websites;
through mobile and desktop applications downloaded from our Websites, which may provide dedicated non-browser-based interaction between you and our Websites; and
when you interact with our advertising and applications on third-party websites and services, but only if those applications or advertising include links to this policy.

We may have other unique privacy policies that apply to certain specific situations, such as if you participate in a clinical trial we sponsor. To the extent you were provided with a different privacy notice or policy that applies, that notice or policy will govern our interactions with you, not this one.

This policy does not apply to information collected by:

us offline or through any other means not included in the above-provided definition of our Websites; or
any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website.

Please read this policy carefully to understand our policies and practices regarding your personal information and how we will treat it. If you do not agree with our policies and practices, you should not use our Websites or register for the services and information we offer. By accessing or using our Websites, you agree to this privacy policy.

CHANGES TO OUR PRIVACY POLICY

We will post any changes we make to our privacy policy on this page. If we make material changes to how we treat your personal information, we will notify you by email to the primary email address specified in your account and/or through notices on our Websites. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date, active, and deliverable email address for you, and for periodically visiting our Websites and this privacy policy to check for any changes. Your continued use of our Websites after we make changes to our privacy policy is deemed to be acceptance of those changes, so please check the policy periodically for updates.

INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT PROCESS, AND SHARE IT

“Personal information” is any information—as electronically or otherwise recorded—that can be used to identify a person or that we can link directly to an individual, such as name, address, email address, telephone number, or credit card number, as applicable. Personal information in some jurisdictions can include information that indirectly identifies a person even absent other identifying information.
Personal information may include information considered sensitive in some jurisdictions, such as biometric information, genetic information, medical and health information, financial account information, geolocation, ethnic or racial origin, information concerning your sex life or your sexual orientation, and other information.
We will process any personal information we collect in accordance with applicable law and as described in this privacy policy (unless, as explained above, a separate policy or notice governs).
Below is a summary of how we collect, process, and use personal information and the potential recipients of your personal information. Some jurisdictions require us to state the legal bases for processing your personal information, which are included below, but please note that not all jurisdictions may recognize all legal bases.

Examples of the types of personal information we process:	Where do we get the personal information?	Why do we process the personal information	What are the legal bases for processing?	Who receives the personal information?*
Identity and contact information, such as: first and last name email address postal address phone number username and password Other personal information, such as: age gender marital status disability date of birth Visual Information, such as: pictures and videos Technical Information, such as: Internet Protocol (IP) addresses (which may identify your general geographic location or company) browser type and browser language device type advertising IDs associated with your device (such as Apple’s Identifier for Advertising (IDFA) or Android’s Advertising ID (AAID)) date and time you used the Websites Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving the Websites activity on the Websites data collected from cookies or similar technologies*** geolocation information Anonymized / De‑identified Data Anonymized data is data for which your individual personal characteristics have been removed such that you are not identified and the information is no longer considered Personal Data under data protection laws.	you directly your devices third parties	to respond to your inquiries for information, and to provide you with information about Sarepta and its products and services, by email, regular mail, text message or phone according to your preferences to present our Websites and their contents to you according to your preferences to develop statistics and analysis to improve and further develop our Websites and the information and services we may offer from time to time to request your participation in Sarepta surveys and other market research which can include requests for demographic, geographic or other personal information as well as questions regarding a patient’s medical condition and other data which Sarepta may use to create useful services and information for users of our Websites and for other lawful business purposes to fulfill any other purpose for which you provide it to provide you with notices to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, our Terms of Use and for billing and collection to notify you about changes to our Website or any products or services we offer or provide though it to allow you to participate in interactive features on our Websites in any other way we may describe when you provide the information to identify and authenticate you to detect security incidents to protect against malicious or illegal activity for short-term, transient use for administrative purposes for quality assurance	for the purposes of our legitimate interests to comply with a legal obligation in preparation for or to perform a contract in circumstances in which we have requested and received consent and for other purposes that may be required or allowed by law*	Our headquarters, affiliates, subsidiaries, and related companies partners that assist us in administering our business**

Examples of the types of personal information we process:

Where do we get the personal information?

Why do we process the personal information

What are the legal bases for processing?

Who receives the personal information?*

Identity and contact information, such as:

first and last name
email address
postal address
phone number
username and password

Other personal information, such as:

age
gender
marital status
disability
date of birth

Visual Information, such as:

pictures and videos

Technical Information, such as:

Internet Protocol (IP) addresses (which may identify your general geographic location or company)
browser type and browser language
device type
advertising IDs associated with your device (such as Apple’s Identifier for Advertising (IDFA) or Android’s Advertising ID (AAID))
date and time you used the Websites
Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving the Websites
activity on the Websites
data collected from cookies or similar technologies***
geolocation information

Anonymized / De‑identified Data

Anonymized data is data for which your individual personal characteristics have been removed such that you are not identified and the information is no longer considered Personal Data under data protection laws.

you directly
your devices
third parties

to respond to your inquiries for information, and to provide you with information about Sarepta and its products and services, by email, regular mail, text message or phone according to your preferences
to present our Websites and their contents to you according to your preferences
to develop statistics and analysis to improve and further develop our Websites and the information and services we may offer from time to time
to request your participation in Sarepta surveys and other market research which can include requests for demographic, geographic or other personal information as well as questions regarding a patient’s medical condition and other data which Sarepta may use to create useful services and information for users of our Websites and for other lawful business purposes
to fulfill any other purpose for which you provide it
to provide you with notices
to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, our Terms of Use and for billing and collection
to notify you about changes to our Website or any products or services we offer or provide though it
to allow you to participate in interactive features on our Websites
in any other way we may describe when you provide the information
to identify and authenticate you
to detect security incidents
to protect against malicious or illegal activity
for short-term, transient use
for administrative purposes
for quality assurance

for the purposes of our legitimate interests
to comply with a legal obligation
in preparation for or to perform a contract
in circumstances in which we have requested and received consent and for other purposes that may be required or allowed by law*

Our headquarters, affiliates, subsidiaries, and related companies
partners that assist us in administering our business**

*The legal bases we rely upon include those enumerated in Articles 6 and 9 of the Swiss Federal Act on Data Protection, depending on the type of Personal information.

**In limited circumstances, recipients may include, (1) in the event of a sale, assignment, or transfer, to the buyer, assignee, or transferee; and, (2) government or regulatory officials, law enforcement, courts, public authorities, or others when permitted by this Policy or required by law.

***Please see our Notice on Cookies for more information on how we use cookies and similar technologies.

User-Generated Information

You also may provide information to be used, published or displayed (hereinafter, "posted") on public areas of our Websites, or to be transmitted to other users of our Websites (collectively, "User-Generated Information"). When you provide User-Generated Information, you do so at your own risk. Although in some cases you may be able to establish certain privacy settings for your User-Generated Information that is posted on our Websites, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of our Websites with whom you may choose to share your User-Generated Information. Therefore, we cannot and do not guarantee that your User-Generated Information will not be viewed by unauthorized persons.

Information Collected Automatically

The information about you that we collect automatically does not identify you personally, but rather only by reference to the device you use to access our Websites. This information tells us about your usage of our Websites, which helps us to improve our Websites and to deliver a better and more personalized service to you. By enabling us to take into account your Website usage patterns and preferences, this information helps us to customize our Websites according to your individual interests, to speed up your searches, and to recognize you when you return to our Websites.

The technologies we use for this automatic data collection may include:

Cookies (browser or flash cookies). A browser cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. Certain features of our Websites may also use local stored objects (or flash cookies) to collect and store information about your preferences and navigation to, from and on our Websites. You are able to limit access of flash cookies to your computer with add-ons and other tools available online. If you limit access of cookies, you may be unable to access certain parts of our Websites. Unless you have adjusted your settings so that it will refuse cookies, our system will issue cookies when you direct your browser to our Websites.
Web Beacons. Pages of our Websites and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

For more information about these technologies and how to manage or opt out of them, please see our Notice on Cookies.

Although the information we collect automatically does not personally identify you, we may link that information to information that does personally identify you that we otherwise collect as described in this policy.

Website Analytics

The Websites may use Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies to analyze use patterns and may collect information about your use of the website, including your IP address. More information on Google Analytics can be found here: www.google.com/policies/privacy/partners/. If you would like to opt-out of having your data used by Google Analytics, please use the Google Analytics opt-out available here: https://tools.google.com/dlpage/gaoptout/. Please note that we make no representations regarding the functionality of Google opt-out mechanisms, and further, opting out of Google Analytics will not preclude the use of your data by other analytics services that we may use.

CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION

We strive to provide you with reasonable choices regarding the collection and use of information about you. For example, you may: (1) choose not to provide personal information on our Websites, (2) set your browser preferences and use web tools available to block the cookies sent in connection with your use of our Websites, (3) follow the instructions to unsubscribe from our services included on our Websites and the communications sent to you, and/or (4) email a request to unsubscribe from our services to privacy@sarepta.com.

YOUR RIGHTS REGARDING YOUR PERSONAL DATA

Under applicable laws and subject to any legal restrictions, you may have the right to request us to:

Provide you with further details on the processing of your personal data
Provide you access to your personal data that we hold about you;
Update any inaccuracies in the personal data we hold that is demonstrated to be inaccurate or incomplete
Delete any personal data that we no longer have a lawful basis to use
Provide you or a third party, with a copy of your data in a digital format (data portability)
Stop a particular processing when you withdraw your consent
Object to any processing based on the legitimate interests or public interest to process information, unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
Restrict certain aspects of the processing of your data.

If we do not handle your request in a timely manner, or if you are not satisfied with our response to any exercise of these rights, you are entitled to lodge a complaint with the competent supervisory authority of your jurisdiction. Further information and contact details of the competent supervisory authorities can be found here: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection---switzerland.html

DATA SECURITY

We have implemented measures designed to secure your personal information from unauthorized access, use, alteration and disclosure. All information you provide to us is stored on our secure servers behind firewalls.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Websites. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our Websites.

INTERNATIONAL TRANSFERS OF PERSONAL DATA

Sarepta operates in Switzerland, however a considerable part of Sarepta’s operations is in the United States. Your personal data may be accessible to some Sarepta affiliates inside and outside Switzerland, and selected vendors and partners, established in the EU/EEA, the US or globally. Your personal data may be accessed by staff or suppliers in, transferred to and stored at, a location outside Switzerland. Where Sarepta processes personal information in countries that may not provide the same level of data protection as in Switzerland, where you are resident, Sarepta will implement reasonable and appropriate legal as well as technical and organizational security measures to ensure the security of the processing and in particular to protect your personal data from unauthorized access, use or disclosure including, but not limited to, maintaining binding contractual arrangements with all third parties processing personal data of individuals, for and on behalf of Sarepta, as well as executing, where necessary, adequate data transfer mechanisms, for any cross-border data transfers from your country to controller or processors established in third countries, as adopted and approved by the competent supervisory authorities.

HOW LONG YOUR PERSONAL INFORMATION WILL BE RETAINED

We generally retain personal information for as long as needed for the specific purpose or purposes for which it was collected. In some cases, we may be required to retain personal information for a longer period of time by law or for other necessary business purposes. Whenever possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the specified retention period.

CONTACT INFORMATION

Sarepta is responsible for the processing of your personal information as it decides why and how it is processed, thereby acting as the “Controller”.

If you have any questions about our Privacy Notice or want to contact our Data Protection Officer, please contact us via email at privacy@sarepta.com.