Last Updated: October 13, 2022
At AVROBIO, we take privacy and security of personal information very seriously.
This Privacy Notice is intended to make you aware of the types of information we gather from people visiting AVROBIO’s corporate website, www.avrobio.com (the “Website”) and how we use, transfer, and secure such information.
As used in this Privacy Notice, “AVROBIO,” “we,” “us,” and “our” refer to AVROBIO, Inc. and our subsidiaries, joint ventures, and other companies under a common control (“Affiliates”), and “you” or “users” refer to people who visit the Website.
- THE INFORMATION WE COLLECT
As the owner of the website and, to the extent applicable, as a Data Controller, we gather the following types of information about users:
- 1.1 Personal Information: Information that is about, or relates to, an identified or identifiable individual, or that can be linked to that individual (such as name and contact information).
- 1.2 Aggregate Information: Information that cannot be used to identify an individual (such as frequency of visits to the Website and browser types). Please note that we may convert Personal Information into Aggregate Information.
- CATEGORIES OF PERSONAL INFORMATION COLLECTED, LEGAL BASIS AND HOW USED
- 2.1 Personal Information You Provide Us
- 2.1.1 When you use the Website, AVROBIO will collect the Personal Information you provide to AVROBIO, if any, such as your name, home address, personal telephone number, personal e-mail address, company name, company mailing address, company e-mail address and company telephone number. When you sign up for an investor presentation via the Website or when you contact us via e-mail for other information or assistance, we also will collect the Personal Information that you provide us, including the content of your e-mail. For the Personal Information you voluntarily provide to us, we describe the purpose for which we use that Personal Information on the Website. For example, to fulfill a request by you to receive certain investor information on AVROBIO.
- 2.1.2 In the course of applying for a job with AVROBIO through the Website, and/or our third-party providers and vendors, you may provide certain Personal Information to AVROBIO. Such Personal Information could include your name, e-mail address, phone number, date of birth, Social Security Number, and government identification numbers, among other identifiers, as well as any other Personal Information you provide on a resume, curriculum vitae or application form.
- 2.3 How Your Personal Information Is Used
- 2.3.1 We may use the Personal Information you provide us to contact you, provide support, operate and improve the Website, and respond to your comments and questions.
- 2.3.2 If you apply for employment with AVROBIO through the Website, and/or our third-party providers and vendors, we may use the Personal Information you provide us to process your job application and contact you.
- 2.3.3 Personal Information collected automatically is used for the purpose of improving our Website and services, and to offer more relevant information and content to you.
- 2.4 Legal Basis To Process Personal Information
When we collect your Personal Information in the context of the purposes above-mentioned in section 2.1 – 2.3, we rely on our legitimate interests, many of which have been described in this Notice. We consider any potential impact on your rights before we process your personal information based on our legitimate interest. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
- 2.1 Personal Information You Provide Us
- DISCLOSURE OF PERSONAL INFORMATION
- 3.1 We may share your Personal Information with third party service providers, including cloud services providers, to help us with our business activities such as maintaining the Website.
- 3.2 We may share some or all of your Personal Information with our current and future Affiliates, in which case we will require our Affiliates to comply with the principles set out in this Privacy Notice.
- 3.3 We may share some or all of your Personal Information in connection with or during negotiation of any merger, financing, acquisition or dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy or receivership, Personal Information may also be transferred as a business asset. If another company acquires our company, business or assets, that company will possess the Personal Information collected by us and will assume the rights and obligations regarding your Personal Information as described in this Privacy Notice.
- 3.4 We may also disclose Personal Information if AVROBIO believes in good faith that such disclosure is necessary (i) in connection with any legal investigation; (ii) to comply with relevant laws or to respond to subpoenas or warrants served on AVROBIO; (iii) to protect or defend the rights or property of AVROBIO or users of the Website or services; (iv) to investigate or assist in preventing any violation or potential violation of the law, or this Privacy Notice; or (v) consistent with the contractual obligations of AVROBIO.
- TRANSFER OF PERSONAL INFORMATION
Your personal information may be transferred to servers or third-parties located in other countries that do not provide the same level of data protection than your local law. When transferring your Personal Information to these countries, we commit to implement appropriate measures to ensure an adequate protection of your rights (e.g. UK international data transfer agreement or UK addendum for UK visitors or EU Standard Contractual Clauses for EU visitors).
- ABOUT AGGREGATE INFORMATION
Aggregate Information may be collected when you visit the Website, independent of any information you voluntarily enter. Additionally, we may use one or more processes to de-identify information that contains Personal Information, such that only Aggregate Information remains. We may collect, use, store, and transfer Aggregate Information without restriction.
As we also collect aggregate statistical data through our page hosted on social media such as LinkedIn, AVROBIO will be joint controller with the above-mentioned social media in that regard. For any other processing performed on those types of platforms, the relevant social media platform providers will be the sole Controllers.
LinkedIn have created an “addendum” to their user agreements for company pages for the processing for which they are joint controllers with us.
- OUR WEBSITE IS NOT DIRECTED TO VISITORS UNDER 18
Access to and use of the Website are not intended for use by anyone younger than the age of 18 and we do not knowingly collect Personal Information from individuals younger than the age of 18. If you have reason to believe that an individual under the age of 18 has provided Personal Information to us outside of the clinical trial context, please contact us. We will take reasonable steps to investigate and if it is confirmed that we possess Personal Information of an individual under 18 years of age, we will delete the Personal Information. We may require additional information to confirm that the request is a bona fide request from an appropriate person concerning an individual under the age of 18, as allowed by applicable law.
AVROBIO is committed to protecting the security of your Personal Information. We use a variety of industry-standard security technologies and procedures to help protect your Personal Information from unauthorized access, use or disclosure. However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while AVROBIO uses reasonable efforts to protect your Personal Information, AVROBIO cannot guarantee its absolute security.
- YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION
- 8.1 General Rights. You may review, update, correct or delete your Personal Information by contacting us as described in the “Contact Us” section of this Privacy Notice, where the right to do so is provided by applicable law, including as described elsewhere in this Privacy Notice. We will use commercially reasonable efforts to honor your request, and in all events, we will comply with applicable laws relating to your request. We may retain an archived copy of your records as required by law or for legitimate business purposes.
- 8.2 Specific Rights for EU and UK Visitors, We will:
- Access. Provide you with information about our processing of your personal data and give you access to your personal data.
- Rectification. Update or correct inaccuracies in your personal data.
- Erasure. Give you the right to require deletion of your personal data, but this right may be limited depending on the specific circumstances.
- Restrict processing. Offer you the right to have your data “frozen” to leave you the possibility to exercise other rights. Your information would not be used in this case, other than as legally required, but must be kept by us during this period.
- Data portability. Give you the right to retrieve your data in a structured, commonly used, machine-readable format for personal use or for you to send to another service provider.
- Objection. Allow you to object to our legitimate interests as the basis of our processing of your personal data.
- Right to withdraw consent. Allow you to withdraw your consent it at any time without justification.If you want to exercise your rights, please contact our DPO at email@example.com. Please, note that all of these rights are not absolute and will be assess on a case-by-case basis. You also have the right to lodge a complaint about how your personal information is handled with your local Data Protection Authority or to the Data Protection Authority where the alleged infringement took place. To obtain contact details, visit this link for UK or this link for all EU Member States Data Protection authorities.
- THIRD-PARTY PAGES AND WEBSITES
As a convenience to our visitors, the Website may contain links to a number of websites that we believe may offer useful information. The privacy policies and procedures described herein do not apply to such websites or their content, or to any collection of your Personal Information after you click on links to such third-party websites. However, this Privacy Notice applies to our Company pages on social media such as LinkedIn.
- CONTACT US
If you have any questions regarding this Privacy Notice, or to exercise your rights as described above, please contact us using any of the following methods:
Mail: Attn: Compliance Officer
100 Technology Square, 6th Floor
Cambridge, MA 02139
Data Protection Officer (DPO)
Boulevard Initialis 7/3
Tel: +32 (0)65 55 41 20
- CHANGES TO THIS PRIVACY NOTICE
This Privacy Notice may be amended from time to time for any reason. Each time you use the Website, the current version of this Privacy Notice will apply. We will notify you of any changes to our Privacy Notice by posting a new Privacy Notice on this page as indicated by changing the “Last Updated” date below. If we make any significant changes to this Privacy Notice, we will highlight that significant changes have been made by a statement in the footer of the main page of the Website. However, you should consult this Privacy Notice regularly for any changes.