Karuna Privacy Notice
Karuna Therapeutics (also “Karuna”) recognizes the importance of protecting the privacy of the individuals we interact with through our website, direct contact and our clinical research.
This Privacy Notice describes the practices that we follow at Karuna regarding the personal data we collect, use and disclose for different purposes as well as how we ensure this personal data remains protected from the moment we collect it until we dispose of it. We also discuss what rights you have over your personal data and how to contact us when you have questions or concerns specific to the management of your personal data.
What is personal data?
Personal data means any information relating to an identified or identifiable individual; this refers to a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
Personal data collection and processing at Karuna
We collect and process personal data for different purposes:
- When you contact us. If you send us an email or you call us directly, we collect personal data from you such as your name, email address, phone number and the reason for your communication. We use this data to respond to your inquiry or provide you with the information that you are looking for.
- When you navigate our website. When you visit our website, we automatically collect your IP address, browser type and the pages that you navigate to. We use information about our website visitors to improve our website usability and experience.
- Clinical trials. We do not collect personal data directly from the subjects that participate in our clinical trials. Subject data is collected by the sites that manage the trials that we sponsor. The subject data that we obtain from the sites is pseudonymized, meaning that a subject’s identifiable information is replaced with a code that we cannot link back to that individual.
- Clinical trial site staff and investigators. We collect personal data from these individuals to review their credentials and ensure they are qualified to perform the work related to the clinical trial.
Legal basis for processing personal data
Karuna only processes personal data if there is a legal basis for processing. The legal bases that we rely on are:
- Legitimate interest from you. To provide you with the information you request when you contact Karuna.
- Legitimate interest from Karuna. To provide you with a better navigation experience when you visit our website.
- Explicit consent through the Informed Consent Form that subjects sign prior to joining a clinical trial.
- Legal or regulatory obligation. Karuna needs to ensure that the staff and investigators conducting clinical trials on our behalf have the required qualifications.
Personal data disclosure at Karuna
Karuna discloses personal data to the following parties under specific circumstances:
- To Karuna’s employees in order to fulfill your request.
- To third-party service providers that support or host our systems or support activities related to clinical trials.
- To authorities as required by law, court order, legal process or government or regulatory requirement or to protect the safety, rights, or property of the public or Karuna.
- To an acquirer of all or part of our business, as permitted by applicable law.
Personal data protection
Karuna is committed to protecting the personal data we collect, process and disclose. We maintain appropriate safeguards and take reasonable steps to protect personal data, ensure that we limit its use and disclose it only to the parties that have a legitimate reason to have access to it.
We ensure that all the parties that we disclose personal data to, internal and external to Karuna, have contractual obligations to protect the security and the confidentiality of personal data.
Personal data retention
Karuna retains personal data only for the period of time that is necessary for the purpose for which it was collected.
- For contact requests, Karuna retains the data for 2 years after the request has been fulfilled
- For clinical trials, Karuna will retain personal data for a minimum period of 15 years. This period may be longer depending on legal or regulatory requirements.
- For information collected when you visit our website, please refer to Karuna Therapeutics’ Cookie Notice for further information.
Personal data rights
Subject to any exceptions provided by law, Karuna provides individuals with the right to exercise the following requests with respect to their personal data:
- You have the right to access the personal data that Karuna maintains about you.
- You have the right to request deletion of your personal data, update or correct your data, object to processing of your data, ask us to restrict processing of your data or request portability of your data. On each particular case we will inform you of the consequences of your request and if there are any exemptions to honoring your request based on legal, regulatory or contractual requirements.
- If Karuna has collected and processed your personal data based on your explicit consent, you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing Karuna conducted prior to your withdrawal.
- You have the right to be notified about a data breach that may impact the integrity, availability or confidentiality of your personal data. Refer to our data breach notification section for more details.
- You have the right to complain to a data protection authority about Karuna’s collection and processing of your personal data. However, we would appreciate if you gave us the opportunity to handle your complaint internally before contacting a data protection authority.
In order to exercise any of the rights you have over your personal data, please download and complete the Subject Access Request (SAR) form and email the completed SAR form to the following email address: firstname.lastname@example.org.
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Karuna has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by:
Sending an email to email@example.com
Using EDPO’s online request form at https://www.edpo.brussels/contact
Writing to EDPO at Regus Paris- Champs Elysées, 12/14 rond-point des Champs Elysées, Paris, 75008, France.
EU Individuals: Right to lodge a complaint with an EU Supervisory Authority
If you reside in the EU and want to lodge a complaint with a Supervisory Authority (Data Protection Authority) you may do so in the Member State where you reside, where you work or where you may have experienced an issue with the processing of your personal data.
Personal data breach notification
We have put procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Should we learn of a security breach that affects your personal data, we will notify you in order to explain how this breach may affect you and to provide you with any advice on how to protect yourself. We will contact you through the email address we have on file or by posting a notice on our website.
Karuna’s contact information
If you have any further questions about how Karuna collects, uses, discloses or protects your personal data or if you have any questions about this privacy notice, including any requests to exercise your personal data rights, you may contact us at firstname.lastname@example.org.