Privacy Notice

Last Updated: April 22, 2024

At AVROBIO, we take privacy and security of personal information very seriously.

This Privacy Notice is intended to make you aware of the types of information we gather from people visiting AVROBIO’s corporate website, (the “Website”) and how we use, transfer, and secure such information.

As used in this Privacy Notice, “AVROBIO,” “we,” “us,” and “our” refer to AVROBIO, Inc. and our subsidiaries, joint ventures, and other companies under a common control (“Affiliates”), and “you” or “users” refer to people who visit the Website.

This Privacy Notice is incorporated into and is part of our Terms of Use. If you do not want your personal information to be used, stored or transferred in accordance with this Privacy Notice, then you must not use the Website. Please also see our Cookie Policy available on our website.

    As the owner of the website and, to the extent applicable, as a Data Controller, we gather the following types of information about users:

    1. 1.1 Personal Information: Information that is about, or relates to, an identified or identifiable individual, or that can be linked to that individual (such as name and contact information).
    2. 1.2 Aggregate Information: Information that cannot be used to identify an individual (such as frequency of visits to the Website and browser types).  Please note that we may convert Personal Information into Aggregate Information.
    3. 1.3 Statistical information: We use Google Analytics to collect statistical information about how the Website is used. Google Analytics services involve the use of cookies that collect information such as your IP address or other identifiers, browser information, and information about the content you view and interact with to record how you use the Website. These analytics services help us to know how many users we have, which parts of the Website are most popular, what browsers are used (so we can maximize compatibility), the country or region where our users are located, and the demographics and interests of our users. This enables us to better understand who is using the Website and to improve how we present content on the Website.

    For more information about Google Analytics services, please click here. To prevent your data from being used by Google Analytics, please visit this link.

    1. 2.1 Personal Information You Provide Us
      1. 2.1.1 When you use the Website, AVROBIO will collect the Personal Information you provide to AVROBIO, if any, such as your name, home address, personal telephone number, personal e-mail address, company name, company mailing address, company e-mail address and company telephone number. When you sign up for an investor presentation via the Website or when you contact us via e-mail for other information or assistance, we also will collect the Personal Information that you provide us, including the content of your e-mail. For the Personal Information you voluntarily provide to us, we describe the purpose for which we use that Personal Information on the Website.  For example, to fulfill a request by you to receive certain investor information on AVROBIO.
      2. 2.1.2 In the course of applying for a job with AVROBIO through the Website, and/or our third-party providers and vendors, you may provide certain Personal Information to AVROBIO.  Such Personal Information could include your name, e-mail address, phone number, date of birth, Social Security Number, and government identification numbers, among other identifiers, as well as any other Personal Information you provide on a resume, curriculum vitae or application form.
    2. 2.2 Personal Information Collected Automatically When you use the Website, we may automatically collect technical information and information about your visit, including pages you visited, the order in which they were visited, page interaction information (such as the links you “clicked” or the content you viewed or consumed), the type of device you are using, IP address, operating system, header information and browser software. We may collect information that allows us to associate you with your social media or other accounts that you have on other websites.  Further we may collect Personal Information through the use of cookies as described within the “Functions and Use of Cookies” section in this Privacy Notice, or the section regarding Google Analytics above.  Where such information meets the definition of Personal Information, such as IP address, we will treat it as such.  The purpose of collecting this information includes improving our Website, improving the way we understand what is important to visitors of our Website, and understanding how to better interact with our stakeholders.
    3. 2.3 How Your Personal Information Is Used
      1. 2.3.1 We may use the Personal Information you provide us to contact you, provide support, operate and improve the Website, and respond to your comments and questions.
      2. 2.3.2 If you apply for employment with AVROBIO through the Website, and/or our third-party providers and vendors, we may use the Personal Information you provide us to process your job application and contact you.
      3. 2.3.3 Personal Information collected automatically is used for the purpose of improving our Website and services, and to offer more relevant information and content to you.
    4. 2.4 Legal Basis To Process Personal Information
      When we collect your Personal Information in the context of the purposes above-mentioned in section 2.1 – 2.3, we rely on our legitimate interests, many of which have been described in this Notice. We consider any potential impact on your rights before we process your personal information based on our legitimate interest. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
    1. 3.1 We may share your Personal Information with third party service providers, including cloud services providers, to help us with our business activities such as maintaining the Website.
    2. 3.2 We may share some or all of your Personal Information with our current and future Affiliates, in which case we will require our Affiliates to comply with the principles set out in this Privacy Notice.
    3. 3.3 We may share some or all of your Personal Information in connection with or during negotiation of any merger, financing, acquisition or dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy or receivership, Personal Information may also be transferred as a business asset. If another company acquires our company, business or assets, that company will possess the Personal Information collected by us and will assume the rights and obligations regarding your Personal Information as described in this Privacy Notice.
    4. 3.4 We may also disclose Personal Information if AVROBIO believes in good faith that such disclosure is necessary (i) in connection with any legal investigation; (ii) to comply with relevant laws or to respond to subpoenas or warrants served on AVROBIO; (iii) to protect or defend the rights or property of AVROBIO or users of the Website or services; (iv) to investigate or assist in preventing any violation or potential violation of the law, or this Privacy Notice; or (v) consistent with the contractual obligations of AVROBIO.
    Your personal information may be transferred to servers or third-parties located in other countries that do not provide the same level of data protection than your local law. When transferring your Personal Information to these countries, we commit to implement appropriate measures to ensure an adequate protection of your rights (e.g. UK international data transfer agreement or UK addendum for UK visitors or EU Standard Contractual Clauses for EU visitors).
    Aggregate Information may be collected when you visit the Website, independent of any information you voluntarily enter. Additionally, we may use one or more processes to de-identify information that contains Personal Information, such that only Aggregate Information remains. We may collect, use, store, and transfer Aggregate Information without restriction.

    As we also collect aggregate statistical data through our page hosted on social media such as LinkedIn, AVROBIO will be joint controller with the above-mentioned social media in that regard. For any other processing performed on those types of platforms, the relevant social media platform providers will be the sole Controllers.

    LinkedIn have created an “addendum” to their user agreements for company pages for the processing for which they are joint controllers with us.

    Access to and use of the Website are not intended for use by anyone younger than the age of 18 and we do not knowingly collect Personal Information from individuals younger than the age of 18. If you have reason to believe that an individual under the age of 18 has provided Personal Information to us outside of the clinical trial context, please contact us. We will take reasonable steps to investigate and if it is confirmed that we possess Personal Information of an individual under 18 years of age, we will delete the Personal Information. We may require additional information to confirm that the request is a bona fide request from an appropriate person concerning an individual under the age of 18, as allowed by applicable law.
    AVROBIO is committed to protecting the security of your Personal Information. We use a variety of industry-standard security technologies and procedures to help protect your Personal Information from unauthorized access, use or disclosure. However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while AVROBIO uses reasonable efforts to protect your Personal Information, AVROBIO cannot guarantee its absolute security.
    1. 8.1 General Rights. You may review, update, correct or delete your Personal Information by contacting us as described in the “Contact Us” section of this Privacy Notice, where the right to do so is provided by applicable law, including as described elsewhere in this Privacy Notice. We will use commercially reasonable efforts to honor your request, and in all events, we will comply with applicable laws relating to your request. We may retain an archived copy of your records as required by law or for legitimate business purposes.
    2. 8.2 Specific Rights for EU and UK Visitors, We will:
      • Access. Provide you with information about our processing of your personal data and give you access to your personal data.
      • Rectification. Update or correct inaccuracies in your personal data.
      • Erasure. Give you the right to require deletion of your personal data, but this right may be limited depending on the specific circumstances.
      • Restrict processing. Offer you the right to have your data “frozen” to leave you the possibility to exercise other rights. Your information would not be used in this case, other than as legally required, but must be kept by us during this period.
      • Data portability. Give you the right to retrieve your data in a structured, commonly used, machine-readable format for personal use or for you to send to another service provider.
      • Objection. Allow you to object to our legitimate interests as the basis of our processing of your personal data.
      • Right to withdraw consent. Allow you to withdraw your consent it at any time without justification.If you want to exercise your rights, please contact our DPO at Please, note that all of these rights are not absolute and will be assess on a case-by-case basis. You also have the right to lodge a complaint about how your personal information is handled with your local Data Protection Authority or to the Data Protection Authority where the alleged infringement took place. To obtain contact details, visit this link for UK or this link for all EU Member States Data Protection authorities.
    As a convenience to our visitors, the Website may contain links to a number of websites that we believe may offer useful information. The privacy policies and procedures described herein do not apply to such websites or their content, or to any collection of your Personal Information after you click on links to such third-party websites. However, this Privacy Notice applies to our Company pages on social media such as LinkedIn.
    If you have any questions regarding this Privacy Notice, or to exercise your rights as described above, please contact us using any of the following methods:


    Mail: Attn: Compliance Officer
    AVROBIO, Inc.
    One Broadway
    14th Floor
    Cambridge, MA 02142

    Data Protection Officer (DPO)
    MyData-TRUST SA
    Boulevard Initialis 7/3
    7000 Mons
    Tel: +32 (0)65 55 41 20

    This Privacy Notice may be amended from time to time for any reason. Each time you use the Website, the current version of this Privacy Notice will apply. We will notify you of any changes to our Privacy Notice by posting a new Privacy Notice on this page as indicated by changing the “Last Updated” date below. If we make any significant changes to this Privacy Notice, we will highlight that significant changes have been made by a statement in the footer of the main page of the Website. However, you should consult this Privacy Notice regularly for any changes.