This website contains promotional information and is intended only for UK healthcare professionals.

Adverse events should be reported. Reporting forms and information for the UK can be found at yellowcard.mhra.gov.uk. Adverse events should also be reported to Rhythm Pharmaceuticals Netherlands B.V., Radarweg 29, 1043NX Amsterdam, Netherlands. Tel: +31 20 8546071.

This is a Rhythm Pharmaceuticals website

Rhythm Pharmaceuticals Data Privacy Statement for Health Care Professionals

Rhythm Pharmaceuticals Data Privacy Statement for Health Care Professionals 

In this Data Privacy Statement (“Privacy Statement”), “Rhythm Pharmaceuticals”, “we”, “us” and ‘’our’’ refers to the Rhythm entities listed in the last section of this Privacy Statement, which are data controllers of your personal data. As a science-based pharmaceutical group of companies, we process your personal data for the purposes and by the manners described in this Privacy Statement.  

We take the privacy and security of your personal data very seriously. With this Privacy Statement, we would like to inform you about the personal data we collect from you, the purposes of processing these personal data, the way the personal data are collected, processed and protected, and to what extent they are transmitted to third parties, in the context of our path4HCPs website (the “Website”) and other professional and our interactions with you. We also explain which rights you have with regards to this personal data and provide useful contact details in case you have questions or concerns.  

The collection and processing of personal data is carried out in accordance with applicable data protection law, including the General Data Protection Regulation (GDPR) and any applicable local data protection law. 

What information do we collect / process, and for what purposes? 

The types of personal data and the purposes why we process your personal data differ depending on the categories of personal data and specific data processing activities, and can be grouped according to the following categories: 

I. Professional data 

II. Interaction documentation 

III. Medical information requests 

IV. Information about our contractual relationships with you 

Click on each category to find out more about the types of personal data processed and how we collect them. Categories II, III and IV only apply for registered healthcare professionals. 

I. Professional data 

What are professional data? 

Professional data that we collect are: 

  • Your name  
  • Your professional address  
  • Professional contact details such as phone numbers, fax numbers and e-mail address(es) 
  • Technical information about your device when you visit our websites, social media or similar digital channels, such as your IP address, device type, device and advertising identifiers, browser type and version, and other standard server log information 
  • Other personal data you choose to provide to us 
  • Your login data for the Website. 

In case you are a registered healthcare professional in your country we shall also collect:  

  • Medical specialty 
  • Name of your practice / clinic / hospital  
  • Professional healthcare registration identifier 
  • Other professional data you choose to provide to us 

How do we collect professional data? 

We gather professional data directly from you but also from third party sources such as public registers and from data brokers like, for instance, IQVIA Commercial BV & Co. KG (formerly IMS BV). Further, information deriving from your activities in our websites, social media profiles, etc. is collected via so-called “cookies”. Cookies are small text files that are stored in the memory of your terminal via your browser and store certain information (for example your preferred language or site settings). Your browser shall retransmit these to us when you revisit our website, depending on the lifespan of the cookie. 

II. Interaction documentation 

What is “interaction documentation” data? 

Interaction documentation includes the following personal data: 

  • Date of interaction 
  • Name of the conversation partner, if applicable 
  • Name of the products that have been discussed, if applicable 
  • Indications that have been discussed 
  • Your voluntary information on product and information interests 
  • Your voluntary information about the prescription of our products in practice 

How do we collect “interaction documentation” data? 

Interaction documentation is registered by our teams in our systems during and/or after each interaction. 

III. Information about your medical information requests and other professional interests 

What information do we process about your medical information requests and other professional interests? 

We process the following information about your medical information requests and other professional interests in our systems: 

  • Product or indication related questions 
  • Product or indication related areas of interests and focus 
  • Scientific / medical and / or professional fields of interest 
  • General information about the patient population 
  • Membership in medical associations 
  • Publications, including postings and announcements in social media channels 
  • Documentation of the consent ("opt-in") allowing us to reach out to you by digital means with commercial communications 
  • Your interest in a contractual collaboration (lectures, events, medical education, consultancy) 
  • Your activities on our websites and online presences (e.g. viewed pages, visits on our social media profiles, received commercial communications, clicks on our online advertisements) 
  • Technical information about your device when you visit our websites, social media or similar digital channels, such as your IP address, device type, device and advertising identifiers, browser type and version, and other standard server log information 

How is the information about your medical information requests and other professional interests collected? 

This information is usually collected by phone, email, fax or direct face to face interaction with our team members. Information deriving from activities in our websites, social media profiles, etc. is collected via so-called “cookies”. Cookies are small text files that are stored in the memory of your terminal via your browser and store certain information (for example your preferred language or site settings). Your browser shall retransmit these to us when you revisit our website, depending on the lifespan of the cookie. We also collect information about your interests in our products, campaigns and other related content, when you have given us your explicit consent to receive this information through digital means from us. For example, when you receive an e-mail about a certain campaign from us, we are able to see whether you have accessed the content of this e-mail; this helps us assess the effectiveness of our different campaigns and improve the manner in which the information is presented.  

IV. Information about our contractual relationship with you 

What information do we process about our contractual relationship with you? 

We collect and process data to plan and fulfil our contractual relationships with you. These include: 

  • Contract documentation 
  • Fees for services provided 
  • Invoices, (event) costs reimbursement and payment documentation, travel expenses reports 
  • Employer authorizations obtained for hospital doctors 
  • Documentation of the services provided 
  • Invitations to events 
  • Documentation of participation in events 

How do we collect this data? 

The data is usually collected while setting up the contract, insofar as this is necessary for the execution, fulfilment and documentation of the collaboration.  

Why do we process your personal data, what are the legal bases for such processing and for how long do we process your personal data? 

Personal data is stored and processed by us for different purposes, on the basis of different legal bases and for different periods of time: 

 

Purpose(s)

Legal basis

Retention period

Sending drug safety-relevant information (e.g. Dear Doctor Letter)

Rhythm’s legitimate interest to inform HCP of drug safety-relevant developments (article 6.1 (f) GDPR) 

Compliance with legal obligations regarding the safety of medicinal products. (6.1 (c) GDPR)

As long as necessary to inform you of drug-safety relevant information in accordance with Good Pharmacovigilance Practices

Monitoring the safety of medicinal products including the detection, assessment and follow up on, and preventing adverse events, as well as reporting adverse events to health authorities.

Rhythm’s legitimate interest to inform HCP of drug safety-relevant developments (article 6.1(f) GDPR) 

Compliance with legal obligations regarding the safety of medicinal products (article 6.1 (c) GDPR)

Up to 10 years after the marketing authorization for the relevant product expires. The exact period and categories of personal data will be determined taking into account the necessity to retain the personal data for pharmacovigilance compliance in accordance with applicable law.

Quality complaint management

Consent of the HCP reporting the quality complaint (article 6.1 (a) GDPR) 

Rhythm’s legitimate interest to manage quality complaints (article 6.1 (f) GDPR) 

Compliance with legal obligations regarding the safety of medicinal products (article 6.1 (c) GDPR)

As long as necessary for the management of the complaint or until withdrawal of consent or opposition to further processing, whichever is the earliest.

Responding to medical information and other scientific requests

Consent of the HCP sending the request (article 6.1 (a) GDPR) 

Rhythm’s legitimate interest to provide medical information to HCP (article 6.1 (f) GDPR)

As long as necessary to respond to the request unless that you oppose to further processing or withdraw your consent.

Checking compliance with our policies and legal, regulatory, and compliance requirements

Rhythm’s legitimate interest to monitor its compliance with applicable laws (article 6.1 (f) GDPR). 

Compliance with legal obligations, e.g. regarding the safety of medicinal products (article 6.1 (c) GDPR).

As long as necessary to comply with our legal, regulatory and compliance obligations.

Managing and planning interactions with you

Rhythm’s legitimate interest to interact with HCPs (article 6.1 (f) GDPR)

As long as we have a business relationship and/or professional interactions.

Complying with transparency and Sunshine Act obligations regarding any transfers of value made to you, if applicable.

Rhythm’s legitimate interest to manage transfer of values in accordance with some industry codes (article 6.1 (f) GDPR) 

Your consent in countries that still require it for such a processing (article 6.1 (a) GDPR) 

Compliance with a legal obligation if applicable in your jurisdiction (article 6.1 (c) GDPR)

As long as necessary to comply with our legal obligations or any applicable industry codes.

Updating you on our products and on Rhythm.

Rhythm’s legitimate interest to promote its business and products to HCPs (article 6.1 (f) GDPR)

As long as we have a business relationship and/or professional interactions or as long as you have not oppose against such a processing, whichever is the earliest.

Obtain insights regarding your preferences, habits and interests in order to personalise our marketing or scientific messages

Rhythm’s legitimate interest to promote its business and products and tailor its interactions with you (article 6.1 (f) GDPR)

As long as we have a business relationship and/or professional interactions or as long as you have not oppose against such a processing, whichever is the earliest.

Reaching out to you through digital means with commercial communications

Your consent (article 6.1 (a) GDPR)

We will retain this personal data for up to two years following our last communication unless, you unsubscribe on our communications.

Sending information materials by post

Rhythm’s legitimate interest to send you information materials by post (article 6.1 (f) GDPR), or where obtained, your consent (article 6.1 (a) GDPR).

We will retain this personal data for up to two years after our last communication, or until you have withdrawn your consent (if applicable) .

Invitations to events and management of your participation if applicable

Rhythm’s legitimate interest to invite you to Rhythm or other relevant events (article 6.1 (f) GDPR) or, where obtained, your consent (article 6.1 (a) GDPR)

We will retain this personal data for up to two years following our last communication, unless you oppose to the processing or withdraw your consent (if applicable).

To coordinate the visits of our field staff

Rhythm’s legitimate interest to organize the visits of our field staff (article 6.1 (f) GDPR)

We will retain this personal data for up to two years following our last interaction, unless you oppose to the further processing or withdraw your consent (if applicable).

For sample documentation where legally required

Compliance with legal obligations governing the supply of samples to HCP (article 6.1 (c) GDPR)

We will retain this information as long as legally required.

Documentation and correspondence on contract-related topics, including offering contractual collaborations and other interactions with you

Necessity for the performance of a contract concluded or to be concluded with you (article 6.1 (b) GDPR)

We will retain this personal data for up to five years after the expiration of the agreement and/or any related obligations.

Analyse the effectiveness of our different campaigns and assess if they meet the predefined goals.

Rhythm’s legitimate interest to assess its campaigns (article 6.1 (f) GDPR)

We will retain this personal data for up to one year after the campaign took place.

Evaluate the effectiveness and impact of our marketing materials

Rhythm’s legitimate interest to assess our marketing materials (article 6.1 (f) GDPR).

We will retain this personal data for up to one year after the marketing materials were published.

Analyse how to best optimize our resources and design the customer experience

Rhythm’s legitimate interest to improve a customer experience (article 6.1 (f) GDPR).

We will retain this personal data for up to one year following our last interaction.

Managing your personal data in a centralised Customer Relationship Management system

Rhythm’s legitimate interest in managing your personal data in the most effective way (for example, centralising your personal data helps us to easily keep it up-to-date), efficiently managing our relationship with you and enhance your customer experience as well as to facilitate our direct marketing efforts in the most efficient manner (article 6.1 (f) GDPR).

We will retain this personal data for as long as described for each purpose above.

Defending our rights in case of accusations, insinuations and litigation

Rhythm’s legitimate interest to legally defend itself (article 6.1 (f) GDPR).

We will retain related personal data until any statutes of limitation have expired.

 

How is your data collected and stored? Rhythm Pharmaceuticals uses different IT systems and applications to store and process your data. You will be identifiable in these systems based on the use of direct identifiers, such as your name or email address, or indirect identifiers, such as your registration ID or IP address. 

Rhythm Pharmaceuticals uses a central Customer Relationship Management System (“CRM”) in which we combine, update and rectify your personal data which you have provided to us or which was collected by us as outlined above in a central customer profile. In addition, in order to keep you up to date and informed about our products, we are collecting and maintaining your contact data and information regarding your professional skills with the help of OneKey, a database containing the current contact data and latest information regarding professional skills of active health professionals. OneKey is operated by IQVIA™. 

How is your data protected? 

We ensure that the personal data we process from you is adequately protected by taking state of art technical and organizational measures. Access to our systems is strictly personal and purpose based on a graduated authorization concept, that is, only those of our employees shall access the data who require access for the particular processing purposes outlined above. 

Will your data be transferred? 

Your personal data may be transferred to other Rhythm Pharmaceuticals affiliates and may be stored by contracted third parties as software vendors and IT solution providers. We use Rhythm Pharmaceuticals proprietary and standard industry solutions to process your data in a safe environment.  

We may also share categories of your personal data listed above with certain service providers or third parties such as: IT providers for the purposes of system development and technical support (for example, IQVIA, Salesforce, Veeva or DOMO); auditors and consultants to verify our compliance with external and internal requirements; statutory bodies, competent authorities such as the European Medicines Agency and the US Federal Drug Agency, other healthcare professionals in relation to an adverse event or request for medical information and litigants, as per a legal reporting requirement, competent request or claim. 

Some of the parties that we will share your data with are located outside the European Union (“EU”) or the European Economic Area (“EEA”), which means that your data will partly be processed in countries that have not been assessed and found to provide an adequate level of personal data protection by the European Commission, including the United States of America. In such cases, Rhythm Pharmaceuticals will implement appropriate or suitable safeguards regarding your personal data, e.g. by concluding specific agreements with these contractual partners which incorporate the European Commission’s Standard Contractual Clauses and the UK Addendum thereto if relevant. You may obtain a copy of these safeguards by contacting privacy@rhythmtx.com

Rhythm Pharmaceuticals does not sell personal data to third parties. We do permit third parties to collect information through our website but only for the purposes described herein and as described in our Cookie Notice.  

What are your data privacy rights? 

The following rights are available to you based on applicable privacy laws: 

  • Right to information about and access to personal data on you stored by us 
  • Right to erasure of your personal data if one of the grounds of the GDPR applies and there is no exception under the GDPR allowing us to keep your personal data 
  • Right to restrict processing of your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or in the event that the processing serves the enforcement, exercise or defence of legal claims 
  • Right to correct your personal data 
  • Right to object to processing that serves our legitimate interest, unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or, in case, that the processing serves the enforcement, exercise or defence of legal claims 
  • Right to portability of your personal data  
  • Right to withdraw your consent to the collection, processing and use of your personal data at any time from that point in time onwards. 

If you want to exercise your rights, please address your request to our DPO at privacy@rhythmtx.com

If you deem appropriate, you also have the right to file a complaint with a competent supervisory authority. A list of competent supervisory authorities is available at the following address: Our Members | European Data Protection Board (europa.eu) or, if you are in the UK, at Make a complaint | ICO
 

 

Who can you contact in case of questions or concerns regarding the processing of your data? 

In case of any questions regarding our data privacy policy you can get in touch with our data protection team at the following address: 

Rhythm Pharmaceuticals BV  
Radarweg 29, 1043 NX Amsterdam, the Netherlands 

Or by e-mail to the DPO: 

privacy@rhythmtx.com  

 

Rhythm Pharmaceuticals group companies 

The following entities are the data controllers of your personal data: 

RHYTHM PHARMACEUTICALS, INC., (“Rhythm Inc.”),registered in the United States as company number 5287458 and having its registered office at 222 Berkeley Street, 02116 Boston, Massachusetts (USA); 

RHYTHM PHARMACEUTICALS NETHERLANDS B.V., (“Rhythm B.V”), in The Netherlands as company number KvK 83439315 and having its registered office at Radarweg 29, 1043NX Amsterdam (The Netherlands); 

RHYTHM PHARMACEUTICALS FRANCE SAS, (“Rhythm France”), in France as company number 909 511 354 under the having its registered office at 121 Rue d'Aguesseau, 92100 Boulogne-Billancourt (France) ; 

RHYTHM PHARMACEUTICALS UK LIMITED, (“Rhythm UK”), registered in the United Kingdom as company number 13753644 and having its registered office at 119 Marylebone Road, London, NW1 5PU (United Kingdom); 

RHYTHM PHARMACEUTICALS SPAIN S.L., (“Rhythm Spain”), Plaza Pablo Ruiz Picasso (Torre Picasso), 1 Ver Mapa, Código Postal 28020, Madrid 

RHYTHM PHARMACEUTICALS ITALY S.r.L., (“Rhythm Italy”), VIA Niccolo' Tommaseo 78/C Padova, 35131 Italy 

RHYTHM PHARMACEUTICALS GERMANY GmbH, (“Rhythm Germany”), Maximilianstr. 35a 80539, München, Bayern Germany