Privacy Policy


REGENXBIO INC. PRIVACY POLICY

Effective Date: March 29, 2019

Last Updated: November 22, 2023

REGENXBIO considers the privacy and security of information an important component of the services we offer. This Privacy Policy (the “Policy”) describes how REGENXBIO collects, uses, discloses and protects the information we collect when you:

  • Visit our Site;
  • Interact with us via email, phone or through electronic communications on the Site;
  • Apply to be a research study participant and/or participate in research studies we sponsor;
  • Apply for employment through our career website; or
  • Otherwise interact with us and we refer you to this Policy.

This Policy also contains information about the choices and privacy rights you have with regard to the information we maintain about you, and how you can exercise those choices and rights.

Please review this Policy carefully and contact us using the information provided in the “Contact” section below if you have any questions or concerns.



IMPORTANT DEFINITIONS.

“Cookies” are pieces of information that a website transfers to your computer’s hard disk for record-keeping purposes. Cookies are uniquely assigned to your browser and can only be read by a web server in the domain that issued the cookie to you. Cookies cannot be used to run programs or deliver viruses to your computer.

REGENXBIO” “we” or “us” means REGENXBIO Inc. REGENXBIO is the data controller of the Personal Information collected under this Policy.

Site” means the REGENXBIO website (www.regenxbio.com) or any other website that we operate and that links to this Policy.

Personal Information” means any information that relates to you directly or indirectly and can be used to identify you, in particular by reference to an identifier, location, or factors specific to the physical, physiological, genetic, economic, cultural or social identity.



INFORMATION WE COLLECT.

Depending on how you interact with us, we may collect the following categories of Personal Information:

    • Identifiers, such as such as your name, address, telephone number, business contact details and email address, IP address, device ID, and other online identifiers;
    • Internet and other electronic activity information, such as data collected about your interaction with the Site and our email communications, including the type of Internet browser used to visit our Site, the areas of our Site you visited, and actions you performed on our Site.
    • Non-precise geolocation data, such as your location derived from your IP address.
    • Demographic information, such as age and gender estimated based on your Internet activity; 
    • Recruitment and professional information, such as curriculum vitae/resume, job title, work experience, educational information, qualifications and other information collected in employment applications; and
    • Sensitive Personal Data, such as medical information.

In addition to Personal Information, we may collect other information that alone cannot be generally used to identify you. For example, when you use the Site, we may collect your browser type, device type, and operating system information. If any of this information can be used to identify you because, for example, we link it to your Personal Information, we will treat such information as Personal Information.

We may collect this information in a variety of ways, including:

    • Your direct interactions with us, such as when you ask about our services or products, contact us through the Site, apply for employment or in any way engage with us or our personnel;
    • Cookies and other data collection technologies, such as when you interact with the Site, or click on links or emails;
    • Third party sources, such as your healthcare provider and marketing partners; and
    • From our research and clinical trial sites that conduct studies and trials that may provide us with data about research study participants that have been de-identified under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or pseudonymized and/or anonymized under the European Union’s General Data Protection Regulation (the “GDPR”).
    • Through social media, such as if you link to social media platforms or use social media plug-ins, we may (depending on the privacy settings on that social media platform) automatically receive information about you from that social media platform.

USE OF PERSONAL INFORMATION.

We may use Personal Data for any of the following purposes:

PURPOSE

EXAMPLES

Provide Site functionality and fulfill your requests when we have a contractual relationship, your consent, or a legitimate interest.

  • To provide customer service to you.
  • To respond to your inquiries, fulfill your requests and complete your transactions.
  • To send communications to you, such as changes to our terms, conditions and policies, as well as marketing communications that we believe may be of interest to you.
  • To facilitate social sharing functionality.
  • To allow you to send messages to another person, such as a colleague, caregiver or friend or patient.

Provide personalized services when we have your consent or a legitimate interest in providing you with information of interest to you.

  • To better understand you and personalize our interactions with you.
  • To analyze or predict our users’ preferences in order to identify aggregated trend reports on how our digital content is used.
  • To analyze or predict your preferences in order to improve our interactions with you, i.e., to deliver you the content, products and offers (via our Site, emails or digital tools) that we believe will be relevant to your interests.

Operate our clinical trials, assist in diagnosis and participate in market research.

  • To recruit for clinical trials.
  • To provide updates on program milestones (clinical trials and products approved and commercially available).
  • To provide referrals to healthcare providers, healthcare facilities, clinical trial sites or centers of excellence.

Engage with you regarding our products or product candidates when we have a contractual relationship or a legitimate interest.

  • To verify your eligibility to access certain products, services and data.
  • To interact with you based on your professional expertise and opinion by digital or other means.
  • To involve you in programs/panels of healthcare professionals.
  • To collaborate with you on medical events, publications, or advisory meetings.
  • To seek your views on products and services promoted by us, an affiliate or business partner for development and improvement purposes.

Operate our business in compliance with our legal obligations and fulfilling our legitimate interest in maintaining our business.

  • To conduct data analysis and audits.
  • To identify usage trends in the use of our Sites and analyze the effectiveness of our communications.
  • To detect, prevent, investigate fraud and including (cyber) security monitoring and prevention.
  • To develop, enhance, improve or modify our products and services.
  • To validate your ability to access or use certain products or services.
  • To better understand how our products and services impact you and those for whom you care.
  • To track and respond to concerns, including engaging in regulatory monitoring and reporting obligations related to adverse events, product complaints and patient safety.
  • To operate and expand our business activities.
  • To comply with any applicable legal obligations, particularly those relating to drug safety, risk management, financial transparency and other requirements for companies in the biotechnology or pharmaceutical industries.

Evaluate employment applications, if you have submitted an application for employment at REGENXBIO

  • To verify candidate background information and qualifications.
  • To contact qualified candidates as part of our evaluation process.


In addition, we may aggregate the Personal Information we maintain about you and individuals so that we have a data set that does not, and cannot be used to, identify any individual. When we aggregate Personal Information, we may use and disclose such aggregated data for any purpose.

In the event we wish to use your Personal Information for other purposes that are not listed above or make any other changes to the existing purposes, we will notify you by amending this Policy in accordance with the section “Changes” below.

SHARING OF PERSONAL INFORMATION.

We may share your Personal Information in the following circumstances:

    • With our service providers that help us run and manage our business. When we share your Personal Information with our service providers, they may only process your Personal Information on our behalf.
    • As authorized by you, if the sharing of your Personal Information with a third party has been authorized by you.
    • As required by law and as necessary to protect legal rights, when we believe that such action is necessary to comply to applicable laws or any legal, regulatory or similar requirement or investigation that applies to us, to protect or defend the rights or property of REGENXBIO or another business or individual, or to enforce our policies.
    • With our research partners and collaborators, who are companies, academic institutions, healthcare facilities, healthcare providers or other individuals that collaborate with REGENXBIO to conduct our studies and trials and deliver our products and services.
    • Data collection technology partners that may use Personal Information for their own purposes, such as social media platforms and other third parties whose cookies and tracking tools we use as described in our Cookie Policy.
    • In the event of a corporate transaction, such as a merger, reorganization, acquisition or sale of all or a portion of our assets, REGENXBIO may transfer your personal information to any successor to all or substantially all our business or assets.



COOKIES.

We may use Cookies, web beacons, pixel tags and other data collection technologies (together, “Data Collection Technologies”) on the Site to helps us improve your experience on our online services. For example, we may use web-based analytics tools that track and report on the manner in which the Site is used to help us improve it. These tools do this by placing Cookies on your device. The information that the Cookies collect, such as the number of visitors to the Site, the webpages visited and the length of time spent on the Site, is aggregated. We also may use Data Collection Technology to collect information from the computer or device that you use to access our online services, such as your operating system type, browser type, domain and other system settings, as well as the language your system uses and the country and time zone in which your computer or device is located.

Google Analytics: We use Google Analytics to analyze and improve the functionality of our Site. To learn how Google Analytics uses and processes cookies and other tracking technologies, please visit “How Google uses data when you use our partners’ sites or apps.” You can prevent Google's collection and processing of data by using the Google Ads Settings page or downloading and installing their browser plug-in (https://tools.google.com/dlpage/gaoptout).

Your Control of Cookies: Most web browsers automatically accept Cookies, but you can usually modify your browser setting to decline Cookies. If you choose to decline Cookies, you may not be able to fully utilize all features of this Site. You can delete Cookies files from your hard drive at any time.



INTERNATIONAL DATA TRANSFERS.

We are committed to complying with this Policy and data protection laws, including those outside of the United States, that apply to our collection and use of your Personal Information. REGENXBIO is headquartered in the United States, and we recognize that the laws in the United States may be different and, in some cases, not as protective as the laws other countries, including those located in the European Economic Area. By providing us with your Personal Information and using our Site, you acknowledge that your Personal Information will be transferred and processed in the United States. If you would like to know more about how we protect your Personal Information, you can contact us using the information provided in the ”Contact” section below.

ACCESSING, UPDATING OR REMOVING INFORMATION.

If you become aware that information maintains about you is inaccurate, incomplete, misleading, irrelevant or out of date, or if you would like to access, update or remove your information, you may contact us using the information provided in the “Contact” section below. The right to erase your Personal Information may be limited if your Personal Information was collected for research purposes.

We will attempt to provide the requested information or make requested changes or removals to the extent allowable by the laws applicable to us. Please note that some of the above rights are limited by applicable law, and we may have the right to collect, process and hold your information pursuant to our legal obligations.

We may require you to provide additional information necessary to confirm your identity before complying with any request you make to us.

OPTING OUT OF MARKETING.

You may elect to avoid future communications from REGENXBIO by clicking the unsubscribe link at the bottom of any marketing email or contacting us using the information provided in the “Contact” section below. Please note that even if you opt out of marketing communications, you may still receive administrative, legal, and other important communications from us.

RETENTION OF PERSONAL INFORMATION.

REGENXBIO will keep your Personal Information for as long as necessary to fulfill the purposes for which it was collected, including any legal, professional, accounting or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which your Personal Information is processed, whether we can achieve those purposes through other means, and all applicable legal requirements.

SECURITY.

Information collected by REGENXBIO is stored in secure operating environments designed to ensure your Personal Information in protected from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations. Unfortunately, electronic data storage or transmission over the Internet cannot be guaranteed to be 100% secure. As a result, REGENXBIO cannot ensure the security of any information you provide. We encourage you to take reasonable precautions to safeguard your Personal Information.

THIRD PARTY WEBSITES.

Our Site and other services may contain links to other websites on the Internet, and other websites may contain links to the Site. These third party websites are not under our control, and this Policy does not cover the privacy and security practices of those third party operators. REGENXBIO is not responsible for the privacy or security practices or the content of such websites. We recommend that you review the privacy practices of any third party website to which you submit your Personal Information.

CHILDREN’S POLICY.

The Site and our services are intended for adult users over the age of 16. The Site is not designed to attract child users. REGENXBIO is committed to protecting the privacy of children and does not collect Personal Information from any person it actually knows is a child under the age of 16.

SPECIAL RIGHTS OF INDIVIDUALS IN THE EUROPEAN ECONOMIC AREA.

If you are located in the European Economic Area and REGENXBIO maintains your Personal Information, you have the following additional rights under the GDPR with regard to your Personal Information:

  • Right to access: You have the right to request access and confirmation from us as to whether we are processing your Personal Information.
  • Right to correct inaccuracies: You have the right to request the correction of any inaccurate Personal Information that we maintain about you.
  • Right to delete: You may request that we delete the Personal Information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected. If we deny your request for deletion, we will let you know the reason why.
  • Right to receive and transfer: You may request a copy of the Personal Information we hold about you. You may also request that we transfer your Personal Information to a third party in a machine-readable format.
  • Right to limit or restrict: You may have the right to request that we stop using all or some of your Personal Information or to limit the use of it.
  • Right to withdraw consent: You have the right to withdraw any consent you have previously given to us at any time. Your withdrawal of consent does not affect the lawfulness of the collecting, using, and sharing of your Personal Information prior to the withdrawal of your consent. Even if you withdraw your consent, we may have the right to use your Personal Information if it has been fully anonymized and cannot be used to personally identify you.
  • Right to lodge a complaint: You have the right to lodge a complaint with your Supervisory Authority if you are unhappy with how we process your Personal Information. You can find contact information for your Supervisory Authority on the European Commission Data Protection Authorities webpage or through other publicly available sources.

These rights may be subject to certain exceptions provided in the GDPR.

Please note that if you decide to exercise some of your rights, we may be unable to provide you certain services, or you may not be able to use or take full advantage of the services we offer. We may charge you a reasonable fee if you request additional copies of your Personal Information or make other requests that are manifestly unfounded or excessive. If we are unable to honor your request, or if we determine to charge a fee, we will let you know why. For purposes of the GDPR, REGENXBIO is the data controller of the information collected under this Policy.

SPECIAL NOTICE TO CALIFORNIA RESIDENTS.

This Policy describes our practices over the last 12 months with respect to the categories of information we collect, the sources of that information, and how we disclosed it. We do not currently sell or share data with third parties for targeted advertising purposes. 

Specifically, in the last 12 months, we have disclosed each category of your Personal Information as follows:

Category of Personal Information

Recipients To Whom Data is Disclosed for a Business or Commercial Purpose

Recipients to Whom Data is Sold or Shared

Identifiers

  • With our service providers 
  • As authorized by you
  • To regulatory authorities (as required by law and for reporting purposes)
  • With our research partners and collaborators 
  • With data collection technology partners

Not sold or shared

Internet and other electronic activity information

  • With our service providers 
  • As authorized by you
  • To regulatory authorities (as required by law and for reporting purposes)
  • With our research partners and collaborators
  • With data collection technology partners

Not sold or shared

Non-precise geolocation data

  • With our service providers 
  • As authorized by you
  • To regulatory authorities (as required by law and for reporting purposes)
  • With our research partners and collaborators
  • With data collection technology partners

Not sold or shared

Demographic information

  • With our service providers 
  • As authorized by you
  • To regulatory authorities (as required by law and for reporting purposes)
  • With our research partners and collaborators
  • With data collection technology partners

Not sold or shared

Recruitment and professional information

  • With our service providers 
  • As authorized by you
  • To regulatory authorities (as required by law and for reporting purposes)
  • With our research partners and collaborators

Not sold or shared

Sensitive Personal Data

  • With our service providers 
  • As authorized by you
  • To regulatory authorities (as required by law and for reporting purposes)
  • With our research partners and collaborators

Not sold or shared

 

California Civil Code Section 1798.83 permits individual California residents to request certain information regarding our disclosure of certain categories of Personal Information to third parties for those third parties’ direct marketing purposes. To make such a request, please contact us using the information in the “Contact” section below. This request may be made no more than once per calendar year, and we reserve the right not to respond to requests submitted other than to the email or mailing addresses specified below.

In addition, California residents may have the following additional rights under the California Consumer Privacy Act:

  • Right to know: You have the right to request to know the categories and specific pieces of Personal Information we have collected about you; the categories of sources from which that Personal Information was collected; and how we have sold, shared, or otherwise disclosed your Personal Information.
  • Right to correct: You may have the right to request that we correct inaccurate Personal Information that we maintain about you. 
  • Right to delete: You have the right to request that we delete the Personal Information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected. If we deny your request for deletion, we will let you know the reason why.
  • Right to opt out of sale/sharing: You have the right to opt out of the sale or sharing of your Personal Information. We do not currently sell or share your Personal Information for targeted advertising purposes. 

To exercise your rights, contact us online at https://dsrregenxbio.ethicspoint.com and click the “Make a Report” button or call (844) 235-2091. 
 

We will take steps to verify your identity before processing your request. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Information. We will only use the Personal Information provided in the verification process to verify your identity or authority to make a request and to track and document request responses unless you initially provided the information for another purpose.

You may use an authorized agent to submit a request. When we verify your agent’s request, we may verify your identity and request a signed document from your agent that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.

To the extent required by law, we will honor opt-out preference signals sent in a format commonly used and recognized by businesses, such as an HTTP header field or JavaScript object. We will process opt-out preference signals at the browser level.

CHANGES.

We reserve the right to change or update this Privacy Policy at any time, and we may notify you of any such change or update by reasonable means, including by posting a notice on the Site or by email using the email address on file. Any modified Policy will supersede the current Policy, and the date of the when the Policy was revised will be identified at the top of the relevant Site webpage.

CONTACT.

If you have any questions regarding this Privacy Policy or our information practices, please contact us at:

REGENXBIO Inc.
9804 Medical Center Drive
Rockville, MD 20850
Tel: (240) 552-8181
Email: info@regenxbio.com.