Apogee Therapeutics Privacy Notice

Last Updated: January 31, 2024

Apogee Therapeutics, Inc. (“Apogee”, “We”, or “us”) is committed to maintaining your privacy and recognize the importance of providing protection for any personal data that you choose to share with us or that we maintain about you. We have established this Privacy Notice to inform you about how we process your personal data for “Apogee’s Services,” including when you use our websites and when you interact with us as a consumer, business contact (the “Business Services”) or as a healthcare professional.

Please note that in some instances we or our representatives may provide you with a separate privacy notice as legally required, in which case that privacy notice provided to you will control our processing of your personal data instead of this Privacy Notice. For example, if you participate in a clinical trial sponsored by Apogee, you will generally receive a separate privacy notice at the time you consent to enroll in the trial that will describe Apogee’s collection, use, and disclosure of your personal data as part of that trial.

Please read this Privacy Notice carefully. Should you have any questions about this Privacy Notice or our data practices, please see our contact information below.

Personal data Processed by Apogee

Depending on how you interact with us, the personal data we process about you may include the following categories:

Direct Identifiers, such as your name, e-mail address, mailing address, zipcode, telephone numbers or country, social media information, and your Internet Protocol (“IP”) address.
Demographic information, such as age and gender.
Information maintained in our business records, including details about your relationship and interactions with Apogee, such as participation in Apogee supported or sponsored initiatives, and information about products, treatments, and health conditions that may be of interest to you.
Transaction information, including information about purchases, inquiries, and about how you otherwise use the Apogee websites.
Professional or employment-related information, if you interact with us in that capacity, including as a job applicant. The personal data we collect may include your specialty, practice, and institution. Job applicant data may additionally include resume information, educational information and school transcripts, information relating to references.
Sensitive Personal data, such as a driver’s license number, Social Security Number, tax identification number or other national identification number, passport number, health information, or disability information.
Non-precise geolocation data, such as information about your general physical location collected from geolocation features on your device.
Internet and other electronic activity information, such as information about your device (like your operating system, browser type, and language), referring URLs, access times, pages viewed, links clicked, and other personal data about your activities on our websites.

To monitor utilization of our websites and continuously improve their quality, we may compile statistical information using analytics services. Examples of this information include: the number of visitors; traffic patterns; length of time spent on any website or in sections or pages of the website; the other websites that refer visitors to the websites; and the pages of the websites that visitors frequently use as entry and exit points.

We collect your personal data in different ways, including:

When you provide it directly to us, such as when you send us a comment or question or when you request information through our websites.
When we collect it automatically when you use our websites, including through cookies and other data collection technologies. We treat this data as personal data, only when it, or other data that is associated with it, can be used to identify you. For more information about cookies and other technologies, please see the “Cookies and Other Tracking Technologies” section below.
When we collect it from or through other third parties, such as organizations that support our business, research partners, social media platforms through which you interact with us, vendors, suppliers, and other Apogee business partners or affiliates.
From any other third parties you direct to share information with us.

Why We Process your Personal data

Processing of Personal data: Website-related Services

We process personal data about you related to the operation of our websites, including to:

Provide, maintain, and improve our websites, to respond to inquiries about our products or services, and/or to provide you with relevant information and services that you request.
Send you technical notices, updates, security alerts, and support and administrative messages.
Monitor and analyze trends, usage, and activities in connection with our websites.

For European Economic Area (“EEA”) and United Kingdon (“UK”) data subjects, the legal basis for this processing of personal data is our legitimate interest to carry out scientific research, develop medicines, conduct clinical trials, and provide information and education (Article 6(1)(f) GDPR).

Processing of Personal data: Operate and Provide Business Services to You

We may process personal data for our general business purposes, including those associated with the marketing, growth, maintenance, and management of our business. These may include our internal operations and administration and carrying out our business relationships. Specific examples include to:

Respond to your comments, questions, and requests, and provide customer service.
Communicate with you about our activities, products, and services, and to provide information we think will be of interest to you, which may include marketing and promotional materials.
Communicate with job applicants regarding employment consideration.
Carry out any other purpose for which the information was collected.

For EEA/UK data subjects, the legal basis for this processing of personal data is our legitimate interest to carry out scientific research, develop medicines, conduct clinical trials, and provide information and education (Article 6(1)(f) GDPR).

For EEA/UK data subjects, the legal basis for processing related to marketing is consent (Article 6(1)(a) GDPR).

Processing of Personal data: For Legal Purposes

Apogee may process personal data to detect, investigate, and prevent risk, fraudulent transactions, and other illegal activities, to manage legal claims, subpoenas, and requests in connection with investigations and dispute-resolution processes, as permitted or required by applicable law, and to protect the rights and property of Apogee and others.

For EEA/UK data subjects, the legal basis for this processing the personal data is to fulfill our legal, regulatory and risk management obligations, including regulatory filings and establishing, exercising, or defending legal claims (Article 6(1)(c) GDPR).

Processing of Personal data: To Create Pseudonymized and Anonymized Information

In some geographies, we may process your personal data to create pseudonymized and anonymized information, which cannot be used to directly identify you. We then use this pseudonymized and anonymized information for research and secondary research purposes, as well as educational purposes.

How We Disclose Personal data

Depending on how you interact with us, we may disclose personal data about you as follows or as otherwise described in this Privacy Notice:

With vendors, consultants, collaborators, and other service providers, including, but not limited to, providers of hosting services, external consultants, operating systems, and platforms, third parties powering our webpages, and vendors that facilitate your submissions of personal data and the registration for and hosting of webcast and live events and other communication media, to the extent they need access to such personal data to carry out work on our behalf.
To third party vendors, sites, and potential research sites for research-related purposes, including for example recruitment and screening for participation in research studies, and to carry out research.
To regulatory bodies, for reporting purposes and to response to requests for information about our clinical trials and operations.
To any third parties necessary in connection with a transaction involving the company, including for example during negotiations of, any merger with, sale of company assets to, financing of, or acquisition of all or a portion of our business by another entity.
Between and among Apogee companies under common control and/or ownership including for example its current and future parents, affiliates, subsidiaries.
To any third party for whom you have consented or directed us to disclose your personal data, or as we believe to be necessary and appropriate, including (i) as permitted or required by law; (ii) if we determine that the disclosure of specific personal data is necessary to comply with the request of a law enforcement or regulatory agency or other legal process; (iii) to pursue available remedies or limit damages; (iv) to respond to an emergency; (v) to protect our rights and the rights of others; and (vi).

Cookies and Other Tracking Technologies

We and our service providers use various data collection technologies, including cookies and web beacons, to collect personal data about you when you interact with our websites. Cookies are small data files stored on your hard drive or in device memory that help us improve our online presence and your experience, see which areas and features of our websites are popular, and count the number of visits. We generally use the following categories of tracking technologies:

Essential or Strictly Necessary: We use first party cookies that are essential for the operation of our websites and enable its functionality.
Functional: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these services may not function properly.
Performance: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance. We use Google Analytics in limited geographies to gather traffic information to allow us to improve our websites and support their functionality. To prevent these services from collecting your user activity on websites, see https://tools.google.com/dlpage/gaoptout.

For more information about cookies, and how to exercise your choices, please see “Your Rights” below.

Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. Because DNT is not uniform across browsers, it is possible that website operators, like us, do not recognize or respond to browser initiated DNT signals. Websites linked to this Policy may not respond to these “do-not-track” signals.

Our websites include content populated by third parties, such as social media companies, which may contain its own cookies.

Links to Other Sites

We may provide links to third party websites or services that are not under our control. Such links do not constitute an endorsement of those third parties, or the content displayed on their sites. We provide these links to you only as a convenience, and any information you provide to those third parties will be used as described by the third parties in their own privacy policies.

Location of Data

We are based in the United States and our service providers may also be located here or elsewhere in the world. By accessing or using our website or otherwise providing personal data to us, you understand that your personal data will be processed in the U.S. and the countries where our services providers are located, which may have different privacy protections than those where you are located. Where this is the case, we will take appropriate measures to protect personal data about you in accordance with laws that apply to us and consistent with this Privacy Notice.

Your Rights

All Apogee users have the following privacy rights:

You can set your browser to refuse all or some browser cookies, or to alert you when cookies and other tracking technologies are being sent. If you disable or refuse cookies, please note that some parts of our websites may then be inaccessible or not function properly.
If you do not wish to receiving marketing emails from us, you can opt-out by clicking “unsubscribe” on the email you received. You can also unsubscribe by sending us your name, mailing address, and email address. Unsubscribe requests do not apply to transactional or relationship messages we may send you.

The country or state where you are located or reside may grant you additional privacy rights with respect to the personal data we maintain about you. We included an explanation of these rights for some of these locations below.

We will take steps to verify your identity before processing certain requests. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected personal data. We will only use the personal data provided in the verification process to verify your identity or authority to make a request and to track and document request responses unless you initially provided the information for another purpose.

You may use an authorized agent to submit a request. When we verify your agent’s request, we may verify your identity and request a signed document from your agent that authorizes your agent to make the request on your behalf. To protect your personal data, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.

You may contact us at privacy@apogeetherapeutics.com to exercise one of these rights. Please include your name and the email address to which you would like us to respond.

Rights for Individuals Located in the EEA and UK

Apogee is the data controller of the personal data we process under this Privacy Notice. Data subjects protected by EEA/UK data protection laws have these rights:

Right to Access and Portability: The right to request information about our processing of your personal data, and the right to request a copy of your personal data.
Right to Rectify: The right to request the rectification of any inaccurate personal data we maintain about you.
Right of Erasure: The right to request we erase your personal data.
Right to Restrict Processing: The right to request that we limit or restrict the processing of your personal data.
Right to Object: The right to object to certain types of personal data processing.
Right to Lodge a Complaint: The right to submit a complaint about the processing of personal data. Contact information for EEA data protection authorities can be found on the European Data Protection Board website. Contact information for the UK data protection authority can be found on the Information Commissioner’s Office website.
Right to Withdraw Consent: The right to withdraw consent to the processing of the your personal data, where the personal data is processed under consent.

These rights are not absolute and will be processed on a case-by-case basis by Apogee’s EEA/UK Data Protection Officer. Please contact us at privacy@apogeetherapeutics.com to exercise your rights. Please include your name, your home address, your telephone number, and the email address to which you would like us to respond.

Retention

We retain your personal data for only as long as we need it to provide our products and services, operate our business, and comply with our legal obligations. When we decide how long to keep your personal data, we keep in mind the nature and sensitivity of the information, the potential harm from unauthorized use, the reasons we collected the personal data, and our legal obligations.

Security

We use reasonable operational, technical, and environmental measures designed to protect your personal data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is not secure, please immediately notify us in accordance with the “Contact Us” section below.

Personal data of Children

Our websites are intended for general audiences and is not directed to minors. If we learn that we have received personal data directly from an individual under the age of 16 without proper parent or guardian consent, we will use that personal data only to respond directly to that child.

Updates to Privacy Notice

We reserve the right to update this Privacy Notice from time to time. In certain cases, we will attempt to notify you of updates prior to them taking effect. You are encouraged to review this Privacy Notice regularly to stay informed about our personal data practices and the choices available to you.

Contact Us

For general questions about our privacy practices, please contact us at privacy@apogeetherapeutics.com

If you choose to contact us via mail at the address below, please provide your name, address, email address, and information about the communication that you do not want to receive.

Apogee Therapeutics, Inc.

Attn: Data Protection Officer

221 Crescent Street

Waltham, MA 02453