TREVI THERAPEUTICS
GDPR Data Protection Notice

Trevi Therapeutics (the “Company,” “we,” or “us”) is committed to protecting personal data it collects and processes. This Notice applies in the context of Company’s personal data processing activities as a data controller only to the extent the activities are subject to data protection requirements in the European Union, European Economic Area (EEA), Switzerland or the United Kingdom (collectively, “EU”). We want to be sure you understand our privacy practices when we are engaged in processing personal data affecting individuals in the EU. This Notice explains the types of personal data we collect, why we collect it, how we use and share it, and the rights of data subjects. If there is any conflict between this Notice and our U.S. Website Privacy Notice, this Notice will apply instead of the U.S. Website Privacy Notice with respect to our processing activities based in the EU.

If we collect your personal data in connection with your participation in or operation of one of our clinical trials in the EU, we will provide you with a separate information notice (which may be a part of a consent form) at the time we collect your personal data for those purposes. The notice will describe how your personal data is processed and the responsibilities of the respective controllers in the context of the clinical trial.

We may revise this Notice from time to time. If we decide to change this Notice, we will post the revised Notice on our website (“Website”). If changes materially affect your rights under this Notice, we may provide a more prominent notice on the Website. In certain cases, we may also provide email notification of the revised Notice and either seek your consent or give you the right to opt out of our use of your personal data in accordance with the revised Notice, if required. However, because we may make changes at any time, we suggest that you periodically consult this Notice. Please note that our data protection practices will be based on the Notice in effect at the time the personal data is processed.

1. Who Is Responsible for the Data Processing and How Can I Contact Them? 

The Company is the data controller responsible for determining the purposes for which personal data discussed in this Notice is collected, used and shared under applicable EU data protection law.

If you have any questions about this Notice or our data collection practices, please contact our Data Protection Officer at the address, telephone number or email noted below, and specify that your inquiry concerns Trevi Therapeutics, your country of residence, and the nature of your question.

MyData-TRUST SA, Boulevard Initialis 7/3, 7000 Mons, Belgium
Telephone: +32 (0)65 55 41 20
Email: dpo@mydata-trust.info
Contact: Xavier Gobert

Our representative in the EU is:

FGK Representative Service B.V., Vaartweg 36, 4731 RA Oudenbosch, The Netherlands.
Telephone: +31 165 23 8000
Email: info@fgk-rs.com

2. What are the Types of Personal Data We Collect?

We collect personal data from people who use our Website; from individuals who seek to enroll, or are enrolled in, our clinical trials; from personnel who run the clinical trials; and from service providers or vendors who provide services or items to us in support of our clinical trials and related activities in the EU.

Contact and Other Information You Send to Us

If you choose to contact us through the Website or by email through an email address provided on our Website, we’ll collect your contact information, such as your name, email address, phone number or other contact information that you provide to us so we can communicate with you. If you write a message to us, we will store the message so we can reference it when responding to you.  If you inquire about a career opportunity, we will collect and store the information you share related to that opportunity.

Website Visitor Data and Cookies

Directly or through the use of third-party data analytics services, we collect visitor information, including your IP address and server log data (the address of the web page you visited before using the Website, your browser type and settings, the date and time of your use of the Website, language preferences). We may gather information about the device you are using to access our Website, including what type of device it is, what operating system you are using, device settings, application IDs, location, unique device identifiers, and crash data. Other data is collected, including data generated by your use of the Website and links you interact with.

We gather this information by using cookies.  A cookie is a small piece of data (text file) that a website asks your browser to store on your device in order to remember information about you. Cookies that we set or that are set by a third-party service provider on our behalf are called first-party cookies.

We use cookies and other tracking technologies for the following purposes:

  • The essential functions of the Website, including assisting you in navigation (strictly necessary cookies);
  • Analyzing your use of our Website, services or applications (performance cookies)

You can opt-out of performance cookies by clicking on the “Cookie Settings” button below:

 

Personal Data of Clinical Trial Participants and Principal Investigators, Other Clinical Trial Staff and Individuals Involved in Implementing Our Clinical Trials

If you apply to or are enrolled in one of our clinical trials, we will further process your personal data as described in a separate information notice that is provided at the time personal data is collected for the clinical trial.   

If you are a principal investigator, clinical trial staff, or an individual involved in implementing one of our clinical trials, we will further process your personal data as described in a separate information notice provided to you in connection with the implementation of the clinical trial.

Personal Data of Representatives of Service Providers and Vendors

If you or your company is or becomes our service provider or vendor, we will further process your personal data to fulfill the contract and maintain a business relationship with you.  We process limited personal data for this purpose, such as contact name, address, email address, phone number and other contact details that you may provide to us to allow us to communicate with you.

3. On What Legal Basis Do We Process Personal Data?

We process personal data in accordance with data privacy laws applicable to us in the context of processing your personal data.

Lawful Basis for Processing Personal Data of Website Users

We process the personal data of our Website users as described in this Notice based on our legitimate interests in performing the essential functions of our Website and to communicate with you in response to any inquiry or request you make of us.  We process personal data collected through performance cookies based on your consent.  You can change your cookie preferences at any time by clicking on the “Cookie Settings” button below: 

Please note that withdrawal of consent applies only to future actions.  Processing that was carried out before the withdrawal of consent is not affected.

Lawful Basis for Processing Personal Data of Principal Investigators, Other Clinical Trial Staff  and Individuals Involved in Implementing our Clinical Trials

We process the personal data of principal investigators, other clinical trial staff, and individuals involved in implementing our clinical trials based on our legitimate interests in (i) communicating with them in connection with the clinical trials and (ii) ensuring the clinical trials are conducted properly and in accordance with the clinical trial protocols and applicable regulatory requirements.

Lawful Basis for Processing Personal Data of Service Providers and Vendors

We process personal data of our vendors and service providers for the legitimate interests of addressing our contractual obligations with them.  Our processing of personal data allows us to provide or receive goods and services pursuant to these contracts or to carry out pre-contractual measures that occur as part of a request by a customer or service providers.

Other Legitimate Interests

Where required, we also process personal data for the purposes of other legitimate interests pursued by us or a third party.  Such legitimate interests include the following:

  • Asserting legal claims and defenses in legal disputes;
  • As required by law including, but not limited to, to comply with a subpoena or other legal process, regulatory requirement, judicial proceeding, or court order served on us, or to comply with government reporting obligations;
  • When we believe in good faith that disclosure is necessary (a) to protect our rights, the integrity of our Website, or your safety or the safety of others, (b) to detect, prevent, or respond to fraud, intellectual property infringement, violations of any terms of use, violations of law, or other misuse of the Website, or (c) for corporate audits or to investigate or respond to a complaint or security threat; and
  • To affiliates, service providers, advisors, and other third parties in connection with the negotiation or completion of a merger, acquisition, or sale of all or a portion of our assets.

In each case where the legal basis for our processing is our legitimate interests, you have the right to object to the processing of your personal data by submitting your request to dpo@mydata-trust.info, and we will consider and respond to the request in accordance with applicable law.

4. Who Receives My Data?

Within the Company, anyone who requires the personal data to facilitate our clinical trials and address related operational concerns, manage regulatory approvals, or fulfill our contractual and legal obligations will have access to it.

We may share your personal data with third parties only if necessary in the context of the applicable lawful basis set forth in this Notice, or if legal requirements demand it. For example, we may share personal data with regulatory authorities, ethics committees and auditors who may need to evaluate a study we are sponsoring before giving certain approvals or may need to check to be sure the study information is correct and that the study is being carried out properly.  We may also share your personal data with service providers, business partners or other third parties for purposes of conducting and managing studies, addressing legal or other official obligations or otherwise necessary to carry out our relationship with you. Some of these parties may be located outside of the country where you accessed this Website or where your information was originally collected.

5. Will Data Be Transferred to a Third Country or an International Organization?

Personal data collected by Company is stored both in the EU and in the U.S.

Personal data we collect or receive in the EU will be transferred from the EU to the U.S. The party in the U.S. receiving the personal data will agree to standard data contractual clauses (SCCs) under which the receiving party promises to safeguard the personal data it receives. Personal data will be transferred to the U.S. based on SCCs taking into account the circumstances surrounding the transfer and an assessment of supplementary measures that demonstrate that the U.S. law does not impinge on the promise of adequate data protection set forth in the SCCs. If the recipient has not entered into SCCs, we may rely on your express consent to transfer your personal data.  In some cases, personal data may also be transferred to the U.S. in other ways permitted under EU law.  If you would like to request a copy of the specific safeguards applied to the export of your personal data (if applicable), send your request to dpo@mydata-trust.info.

6. For How Long Will My Personal Data Be Stored?

If you are a Website visitor and send us information through an email or other means, we will keep your personal data as long as necessary to address or respond to your inquiry. We store data collected through cookies for different time periods depending on the type of cookie used.  We store data collected through strictly necessary cookies for up to 1 year.  Data collected through performance cookies is stored for up to 5 years. If you are a principal investigator, other clinical trial staff, or an individual involved in implementing our clinical trials, we will process and store your personal data for no longer than 25 years.  If you are a vendor or service provider, we will process and store your personal data for no longer than 7 years following the completion of our business relationship with you.  If required by law or by a legal order, we may process and store your personal data for a longer period consistent with the law or legal order or our contractual rights.  For example, we may need to keep your personal data longer if necessary to fulfill obligations to preserve records under tax law or for accounting purposes, or if we are obligated to hold information because of a legal prohibition against removing or deleting the data.

7. What Data Privacy Rights Do I Have?

Subject to some exceptions and limitations, you have several rights, including:

  • The right to access, which allows you to obtain a copy of your personal data, on request;
  • The right to rectification, which requires the Company to change incorrect or incomplete data about you;
  • The right to restrict and object to processing, which requires the Company to limit or stop processing your data under certain circumstances;
  • The right to erasure, which requires the Company to erase your data; and
  • If applicable, the right to data portability, which allows you to transfer your personal data from the Company to another individual or entity.

You may exercise any of these rights by sending an email indicating your request to dpo@mydata-trust.info.  Furthermore, if you believe your legal rights are being infringed, you have the right to lodge a complaint with us or with your local EU data protection authority in the country where you live, where you work or where the alleged violation occurred, as applicable.  The list of Data Protection Authority by EU Member State can be found here  https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

If we ever process your personal data based on your consent as the lawful basis, you can withdraw consent at any time.  Please note that withdrawal of consent applies only to future actions.  Processing that was carried out before the withdrawal of consent is not affected.

8. Am I Obligated to Provide Personal Data?

In the context of running our clinical trials or establishing a business relationship with us, you must provide all personal data that is required (as applicable) for that purpose.  Without this data, we are not able to implement the trial or program or execute a contract with you.

9. To What Extent Is There Automated Decision-Making?

In the general course of establishing and carrying out our normal business processes, we do not use any automated decision-making.  If we do so in connection with an individual transaction, we will inform you of the automated decision-making in connection with that transaction.

10. Will the Company Use My Personal Data for Marketing?

We do not use personal data for marketing, unless you request information that may be considered marketing materials, in which case we send that information to you.  We will otherwise ask for your consent before sending you marketing communications. Each marketing communication will also include a means for opting out of future marketing communications.

11. Children’s Data 

This Website is not directed to, nor do we knowingly collect information from, anyone under the age of 18. If you become aware that your child or any minor under your care has provided us with information via this Website without your consent, please contact us at the contact information listed above.

This Notice was last updated: October 12, 2020.