Effective September 5, 2018

This Privacy Policy describes the information that we collect about you on the website from which you linked (“Site”); how we use that information; how we protect it; and the choices you may make with respect to it. When we refer to ourselves as “we“, “Verastem Oncology,” or “Verastem” we mean Verastem, Inc.  Our Site may contain links to third party websites/content/services that are not owned or controlled by Verastem. Verastem is not responsible for how these properties operate or treat your personal data so we recommend that you read the privacy policies and terms associated with these third-party properties carefully.

DATA WE COLLECT AND USE

We collect personal data you choose to provide, e.g., through registrations, applications and surveys, and in connection with your inquiries. For example, you may choose to provide your name, contact information, health, insurance and/or financial information in connection with a promotion or a patient assistance or support program. Healthcare providers may choose to provide information relating to their specialties and professional affiliations.

In addition, we may gather information about you automatically through your use of the Site, e.g., your IP address and how you navigate our Site. See also, the Section below on Cookies and Other Tools.

From time to time, we may use or augment the personal data we have about you with information obtained from other sources, such as public databases, social media platforms and other third parties. For example, we may use such third-party information to confirm contact or financial information, to verify licensure of healthcare professionals or to better understand your interests by associating demographic information with the information you have provided.

If you submit any personal data relating to other people to us, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

HOW WE USE PERSONAL DATA

We may use your personal data in the following ways:

TO SERVE YOU

We use your personal data to:

  • Operate our business;
  • Deliver our products and services;
  • Process and review your applications;
  • Provide customer service and respond to requests or inquiries;
  • Communicate with you;
  • Tailor our marketing programs and campaigns; and
  • Provide you with newsletters, articles, alerts, announcements, invitations, and other information about products, brands, health topics and disease states.

TO CONNECT YOU WITH THIRD PARTIES

We may provide functionality on the Site that will allow you to forward and share certain content with a friend or colleague. If you choose to use Verastem sharing functionality to refer someone to our content, products or services, we will use your data and that of the individual you are sharing with to send the content or link you request.  Your friend or colleague’s information is only used to send the forwarding email and is not saved in our customer or marketing databases.

In addition, we may offer access to third party sharing functionality, such as third party social media widgets/tools/buttons. If you use that functionality, your use is subject to the third party’s privacy policy and terms. As with all links to non-Verastem websites/content/services, we recommend that you read the privacy policies and terms associated with third party properties carefully.

TO IMPROVE PRODUCTS AND SERVICES AND PROTECT PATIENTS AND CONSUMERS

We use the information you provide for data analysis, to better understand how our products and services impact you and those you care for, to track and respond to concerns, for fraud prevention and to further develop and improve our products and services. In addition, we use the information you provide to comply with our regulatory monitoring and reporting obligations including those related to adverse events, product complaints and patient safety.

IN AGGREGATED OR DE-IDENTIFIED FORM

We may aggregate and/or de-identify data about visitors to our Site and use it for any purpose, including product and service development and improvement activities.

HOW WE SHARE YOUR PERSONAL DATA

Verastem may share your personal data as follows:

IN CONNECTION WITH BUSINESS TRANSFERS

If we sell or transfer a business unit or an asset (such as a website) to another company (including in connection with any bankruptcy or similar proceedings), we will share your personal data with such company and will require such company to use and protect your personal data consistent with this Privacy Policy.

WITH PROVIDERS

We may retain other companies and individuals to perform services on our behalf and we may collaborate with other companies and individuals with respect to particular products or services (collectively, “Providers”). Examples of Providers include data analysis firms, credit card processing companies, customer service and support providers, email and SMS vendors, web hosting and development companies and fulfillment companies. Providers may also include our co-promote partners for products that we jointly develop and/or market with other companies. Some Providers may collect personal data on our behalf on our Site. These third parties may be provided with access to personal data needed to perform their functions, but they may not use such data other than on our behalf or subject to contracts that protect the confidentiality of the data.

TO COMPLY WITH LAW/PROTECT

We reserve the right to disclose your personal data as required by law, when we believe disclosure is necessary or appropriate to comply with a regulatory requirement, judicial proceeding, court order, government request, or legal process served on us, or to protect the safety, rights, or property of our customers, the public, Verastem or others.

IN THE AGGREGATE/DE-IDENTIFIED

Verastem may also disclose aggregate or de-identified data that is not personally identifiable to third parties for any purpose.

COOKIES AND OTHER TOOLS

Verastem and its Providers collect information about you by using cookies, tracking pixels and other technologies (collectively, “Tools”). We use this information to better understand, customize and improve user experience with our websites, services and offerings as well as to manage our advertising. For example, we use web analytics services that leverage these Tools to help us to understand how visitors engage with and navigate our Site, e.g., how and when pages in a site are visited and by how many visitors. We are also able to offer our visitors a more customized, relevant experience on our sites using these Tools by delivering content and functionality based on your preferences and interests. If we have collected your personal data, e.g., through a registration or a request for certain materials, we may associate this personal data with information gathered through the Tools. This allows us to offer increased personalization and functionality on the Site.

Your web browser can be set to allow you to control whether you will accept cookies, reject cookies, or to notify you each time a cookie is sent to your browser. If your browser is set to reject cookies, websites that are cookie-enabled will not recognize you when you return to the website, and some website functionality may be lost. The Help section of your browser may tell you how to prevent your browser from accepting cookies. To find out more about cookies, visit www.aboutcookies.org.

Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language and Internet browser type and version. We use this information to ensure that the services function properly.

Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Site, along with the time of the visit and the pages visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Site. We may also derive your approximate location from your IP address.

We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Site and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

We may use Flash Local Shared Objects (“Flash LSOs”) and other technologies to, among other things, collect and store information about your use of the Site. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also control Flash LSOs by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash LSOs (referred to as “information” on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including those used in connection with the Site.

INTEREST-BASED ADVERTISING AND THE ADVERTISING OPTION ICON

Verastem hopes to deliver to you advertising for products and services you need or want. There are many ways to do this in the online advertising world. For example, Verastem partners with websites and applications with whom you have shared your interests, conditions and concerns directly and asks that they serve our ads to users who have expressed an interest in Verastem products or health conditions that our products treat. We may also partner with advertising companies that may place or recognize a unique cookie on your browser (including through the use of pixel tags), or use other technologies, to serve you ads based on your web browsing activity, purchases, interests and/or other information—a practice commonly referred to as interest-based advertising (“IBA”) or online behavioral advertising (“OBA”). These advertising companies may also use these types of technologies to recognize you across the devices you use, such as a mobile phone or a laptop, and serve you ads on websites you visit and applications you use. You can read more about IBA at a site offered by the advertising industry’s Digital Advertising Alliance (“DAA”), aboutads.info.

We want it to be easy for you to understand how we and our business partners use information to serve ads tailored for you and to opt-out from targeting based on IBA. To this end, we have licensed the DAA Advertising Options icon,  , which appears in our ads served using IBA, and agreed to adhere to the DAA Self-Regulatory Program for IBA. To learn how to opt-out of having the information collected from you used for IBA purposes on the particular device on which you are accessing this Privacy Policy, please visit http://www.networkadvertising.org/managing/opt_out.asp and http://www.aboutads.info/choices/. If you have any questions about our use of IBA or participation in the DAA Self-Regulatory Program, please do not hesitate to contact us at Privacy@Verastem.com.

At this time, we do not respond to browser do-not-track signals.

SECURITY POLICIES

We use technical, administrative and procedural measures in an attempt to safeguard your personal data from unauthorized access or use. No such measure is ever 100% effective though, so we do not guarantee that your personal data will be secure from theft, loss, or unauthorized access or use, and we make no representation as to the reasonableness, efficacy, or appropriateness of the measures we use to safeguard such data. Users are responsible for maintaining the secrecy of their own passwords. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us by contacting us at Privacy@Verastem.com.

YOUR PRIVACY CHOICES AND UPDATES

You may update your personal data and your preferences. Different programs and services may offer different phone numbers, links or preference managers that allow you to inform us of your updates and choices, including opting out of particular communications. These contact options are typically available on our Sites or in the emails or texts we send, but you may always contact us for assistance at Privacy@Verastem.com if you have any difficulty finding these tools or otherwise updating your data or preferences. Please remember that limited communications may be necessary in order to complete your transaction or for you to participate in a particular program or service.

INDIVIDUAL RIGHTS

If you would like to request to review, correct, or update personal data that you have provided to us, you may contact us as indicated in the Contact Us section. We will respond to your request consistent with applicable law. Please note that we may need to retain certain personal data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.

RETENTION PERIOD

We will retain your personal data for as long as needed or permitted in light of the purpose(s) for which it was obtained and as outlined in this Privacy Policy. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide the Site to you; (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position (such as in regard to the enforcement of the Site Terms of Use, applicable statutes of limitations, litigation or regulatory investigations).

CROSS BORDER TRANSFERS

The Site is controlled and operated by us from the United States and is not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Any information you provide to Verastem through use of the Site may be stored and processed, transferred between and accessed from the United States and other countries which may not guarantee the same level of protection of personal data as the one in which you reside. However, Verastem will handle your personal data in accordance with this Privacy Policy regardless of where your personal data is stored/accessed.

CHILDREN’S PRIVACY

The Site is not directed to individuals under the age of thirteen (13), and we do not knowingly collect personal data from children under the age of 13.

CONTACT US

The company responsible for collection, use and disclosure of your personal data under this Privacy Policy is Verastem Inc.

If you have questions about this Privacy Policy, or if you would like to request to exercise any individual rights, please contact us by emailing Privacy@Verastem.com, or write to the following address:

Verastem Oncology
Privacy
117 Kendrick Street
Suite 500
Needham, MA 02494

UPDATES TO OUR PRIVACY POLICY

From time to time, we may update this Privacy Policy. Any changes will be effective when we post the revised Privacy Policy. This Privacy Policy was last updated as of the effective date listed above. If the Privacy Policy changes in a way that significantly affects how we handle personal data, we will not use the personal data we previously gathered in the manner described in the new policy without providing notice and/or obtaining your consent, as appropriate. Minor changes to the policy may occur that will not significantly affect our use of personal data without notice or consent. We encourage you to periodically review this page for the latest information on our privacy practices.