Last updated March 17, 2021.

At Albireo Pharma, Inc. (“Albireo,” “we,” “us” or “our”) we take your privacy and the security of your information very seriously.

This Privacy Policy (“Policy”) covers Albireo owned and operated websites (“Site” or “Sites”), including www.albireopharma.com, and any services offered via the Site (collectively, “Services”). This Policy is incorporated into, and is part of, our Terms of Use (available here) which govern your access to the Site and your use of the Site and/or Services. Unless otherwise defined herein, capitalized terms shall have the meaning assigned to such terms in the Terms of Use.

If you have any questions regarding this Policy, please contact us by emailing privacy@albireopharma.com.

The Policy describes the types of information we gather from people visiting our Site and from individual users (“you” or “users”) interacting with our Site and how we use, transfer, and secure such information. Your access to our Site and use of any Services indicates your acceptance of this Policy. This Policy does not govern information we receive from third parties. If you do not agree to the terms of this Policy, please do not use the Site, or any of our Services. Each time you use any Site, or any Services, the current version of this Privacy Policy will apply. Accordingly, when you use any Site or Services, you should check the date of this Policy (which appears at the top) and review any changes since you last reviewed the Policy.

Personal Information We Collect

Data You Choose to Provide

“Personal Information” is information that can be used to identify you (such as name and contact information). Personal Information that you may voluntarily provide through our Sites or otherwise share with us includes:

  • Personal and Business Contact Information, such as your first name, last name, postal address, email address, telephone number, job title, and employer name;
  • Professional Credentials, such as educational and work history, institutional affiliations and other information of the type that would be included on a resume or curriculum vitae;
  • Profile Information, such as your username and password, industry, interests and references;
  • Feedback and Correspondence, such as information you provide in your responses to surveys, when you participate in market research activities, report a problem with the Sites, receive customer support or otherwise correspond with us;
  • Transaction Information, such as details about programs, events or other activities you register for through the Sites;
  • Usage Information, such as information about how you use the Sites and interact with us; and
  • Marketing Information, such as your preferences for receiving marketing communications

Information Automatically Collected

We may automatically log information about you and your computer or mobile device when you access our Sites. For example, we may log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the website you visited before browsing to our Sites, pages you viewed, how long you spent on a page, and access times and information about your use of, and actions on, our Sites. We collect this information about you using cookies. Please refer to the section below on cookies for more details.

Use of Cookies and Similar Technologies

Cookies are alphanumeric identifiers that are transferred to your computer's hard drive through your web browser to help us identify you when you come to our Site. Our Site uses cookies to distinguish you from other users of our Site. This helps us to provide you with a better experience when you use our Site and allows us to improve our site.

You have choices with respect to cookies. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject all cookies you may be unable to use those aspects of our Sites that require registration to participate. You can learn about cookies and how they work at www.allaboutcookies.org.

You can disable cookies through your browser settings. Doing so, however, may disable certain features on our Sites.  You can opt out from third-party cookies that are used for advertising purposes on the NAI website at www.networkadvertising.org/managing/opt_out.asp. We use the following categories of cookies:

Strictly Necessary Cookies. These cookies are required for the operation of our Site.  These cookies cannot be switched off.  You can set your browser to block these cookies, but as a result, some parts of our Site will not work as designed.

Cookie Name

Definition

Persistent or Session

Purpose

CONCRETE5

This cookie name is associated with the Concrete5 web content management system and is used to maintain a user session between pages. This is a persistent cookie with an average life span of less than 1 day. Persistent

Strictly Necessary

GCLB

This cookie is set by the Google Cloud Load Balancer. The purpose of it is to ensure all client requests are handled by the same backend server. Its use is a common practice when using Load Balancers and web applications that require user sessions.

Without that cookie the load balancer would just assign the request to a random backend server, causing the users to be suddenly logged out or displaying incomplete websites or with missing assets.

Session

Strictly Necessary

Analytical Cookies. Analytical cookies allow us to analyze traffic to our Site and how our Site is used. For example, we use analytical cookies to count the number of visitors and sources of web traffic so we can see how users move around our Site. This helps us improve the way our Site works, for example, by ensuring that users can easily find what they are looking for. This analytics data is only available in aggregate and cannot be used to identify you. Currently, we use the following analytical cookies:

Cookie Name

Definition

Persistent or Session

Purpose

_ga

This is associated with Google Universal Analytics.  It is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for site analytics reports. By default it is set to expire after 2 years Persistent

Performance

_gat_UA-110827766-1

This cookie is associated with Google Universal Analytics.  It is used to throttle the request rate - limiting the collection of data on high-traffic sites. It expires after 10 minutes. Session

Performance

_gid

This cookie is associated with Google Universal Analytics. It stores and updates a unique value for each page visited Session

Performance

1P_JAR

These cookies are used to gather website statistics, and track conversion rates. This cookie expires after 1 month Persistent

Performance

s_cc

Adobe Site Catalyst cookie, determines whether cookies are enabled in the browser. Session

Performance

s_sq

Adobe Site Catalyst cookie, stores information about the previous link clicked within the site. Session

Performance

We may also use cookies, pixels, beacons, or other web tracking technologies to track the amount of time spent on our Sites and whether certain content, such as a video was viewed. We may work with a trusted third party to collect and process this information for us, based on our instructions and in compliance with this Policy.

Although we do our best to honor the privacy preferences of our visitors, we are not able to respond to Do Not Track signals from your browser at this time.

How We Use Your Personal Information

To provide you with information and administer our Site

If you use our Site or provide us with Personal Information to participate in our programs, events or other activities, we use your personal information to:

  • operate, maintain, administer and improve the Site;
  • process and manage registrations you make through the Site;
  • provide information regarding our programs, events, or activities for which you may have registered;
  • send you technical notices, updates, security alerts, and support and administrative messages;
  • better understand your needs and interests, and personalize your experience with the Sites;
  • provide support and maintenance for the Sites and our services; and
  • respond to your service-related requests, questions and feedback.

To communicate with you

If you request information from us, we may send you commercial or marketing communications as permitted by applicable law. You may opt-out of such communications pursuant to the directions in each communication or contacting us at privacy@albireopharma.com.

To comply with legal obligations

We may use your Personal Information as necessary or appropriate to comply with applicable laws, lawful requests and legal processes, such as to respond to requests from government authorities.

With your consent

We may use or share your Personal Information with your consent, such as to send you marketing communications, to post testimonials or images to our Site, or if you instruct us to take specific actions with regard to your Personal Information.

For compliance, fraud prevention and safety

We use your Personal Information as necessary or appropriate to (i) enforce the terms and conditions that govern use of our Sites; (ii) protect our rights, privacy, safety or property; and (iii) protect, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity.

For analytics purposes

We may use third parties, such as Google Analytics or other analytics providers, to analyze traffic to a Site. Google Analytics does not create individual profiles for visitors and only collects aggregate data. To disable Google Analytics, download the browser add-on for the deactivation of Google Analytics provided by Google at http://tools.google.com/dlpage/gaoptout?hl=en. To learn more about privacy and Google Analytics, consult the Google Analytics overview provided by Google at www.google.com/intl/en/analytics/privacyoverview.html. You can find additional information about Google Analytics at http://www.google.com/policies/privacy/partners/.

Legal Bases for Processing

If you reside in the United Kingdom, European Economic Area (“EEA”) or Switzerland, we are required to inform you of the legal bases of our processing of your Personal Information on our sites, which are provided below:

Processing purpose

Legal basis

To provide services

Processing is necessary to provide services to you or to take steps that you request prior to providing those services.

To communicate with you

For compliance, fraud prevention and safety purposes

To create anonymous analytics

These processing activities are based on our legitimate interests. We consider and balance potential impact on your rights and do not process your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

To comply with law

Processing is necessary to comply with our legal obligations.

With your consent

Processing is based on your consent. Where we rely on consent, you have the right to withdraw it at any time.

Sharing of Personal Information with Third Parties

We may transfer Personal Information to third parties for the purpose of providing Services. We may disclose Personal Information to our affiliates or third-party service providers to provide you with Services. These third-party service providers are not authorized to retain, share, store or use the Personal Information for any purposes other than to provide the services they have been hired to provide.

We may also elect to transfer your Personal Information to third parties under special circumstances, including: (i) to comply with a legal requirement, judicial proceeding, court order, or legal process served on us; (ii) to investigate a possible crime, such as fraud or identity theft; (iii) in connection with the sale, purchase, merger, reorganization, liquidation or dissolution of Albireo; (iv) when we believe it is necessary to protect the rights, property, or safety of Albireo or other persons, or (v) as otherwise required or permitted by law.

Some links on our Site may redirect you to third-party websites and services that we do not operate. The privacy practices of these websites and services will be governed by that website’s own policies. We make no representation or warranty as to the privacy policies of any third parties, including the providers of third-party applications. If you are submitting information to any such third party through our Site or Services, you should review and understand that party’s applicable policies, including their privacy policy, before providing your information to the third party.

Transfer of Information

Albireo is based in the United States and has affiliates and service providers in other countries. Personal Information you provide to us or that is collected via our Sites may be transferred to the United States or other locations outside of your state, province or country where privacy laws may not be as protective as those in your country. We will process and transfer your Personal Information in accordance with applicable law and this Policy regardless of where your Personal Information is stored or accessed. Our third-party service providers are contractually bound to treat Personal Information in a manner that is consistent with this Notice and applicable data protection laws.

Children and Privacy

We do not knowingly collect Personal Information from children in connection with the features of our Sites or Services. If we become aware that an individual under the age of 16 has provided Personal Information through our Sites or Services, we will immediately remove the individual’s Personal Information. We request that parents and guardians do not use the Site or email to provide us with any Personal Information concerning children.

Any communications relating to clinical trials should be made through the communication channels described in the applicable informed consent, patient information sheet or other instructions provided to clinical trial participants.

How We Protect Your Information

We take the security of your Personal Information seriously. We use reasonable administrative, physical, and technical safeguards to secure the Personal Information you share with us. Despite these safeguards, we cannot guarantee the security of your Personal Information.

Any email or other communication purporting to be from one of our websites asking you to provide sensitive information (including medical information) via email, should be treated as unauthorized and suspicious and should be reported to us immediately by emailing privacy@albireopharma.com.

Retention

We will only retain Personal Information for as long as is necessary to fulfill the purpose for which it was collected (or for any subsequent purpose that is compatible with the original purpose). This does not affect your right to request that we delete your Personal Information before the end of its retention period. We may archive Personal Information (which means storing it in inactive files) for a certain period prior to its final deletion, as part of our ordinary business continuity procedures.

Changes to This Privacy Policy

Each time you use our Site or Services, the current version of the Policy will apply. When you use our Site, you should check the date of this Policy (which appears at the top of the Policy) and review any changes since the last version. Unless stated otherwise, our current Policy applies to all information that we have about you. We will not materially change our policies and practices to make them less protective of your privacy without the consent of affected users. When we make any change to this Policy that has a significant impact on the privacy rights of users, we will indicate such on the main page of the Site.

Your Rights

If you reside in the United Kingdom, EEA or Switzerland, you may request that we take the following actions with regard to your Personal Information by contacting us at privacy@albireopharma.com:

  • Access: Provide you with information about our processing of your Personal Information and give you access to your Personal Information.
  • Correction: Update or correct inaccurate Personal Information.
  • Deletion: Delete your Personal Information.
  • Transfer: Transfer a machine-readable copy of your Personal Information to you or a third party of your choice.
  • Restriction: Restrict the processing of your Personal Information.
  • Objection: Object to our legitimate interest as the basis of our processing of your Personal Information.

If you reside in California, you or your authorized agent may request that we take the following actions with regard to your Personal Information by contacting us at privacy@albireopharma.com:

  • Access: Disclose to you the categories of Personal Information we have collected, used or disclosed within the last 12 months, including Personal Information, if any, that we disclosed to third parties for marketing purposes.
  • Deletion: Delete your Personal Information.
  • Transfer: Transfer a copy of specific pieces of your Personal Information that we have collected or used within the last 12 months.

We may require additional information to verify and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will inform you of such decision, subject to legal restrictions.

If you no longer wish to receive promotional communications, you may opt out of receiving them by following the instructions included in each communication.

If you are a resident of the United Kingdom, EEA or Switzerland, you have the right to file a complaint concerning our processing of your Personal Information with your national (or in some countries, regional) data protection authority.

Contact Us

To contact us with questions or comments regarding this Policy or the information collection and dissemination practices of this Site, or to request this Policy in an alternative format due to a disability, please email us at privacy@albireopharma.com, or write to us at:

Albireo Pharma, Inc.
Legal and Compliance Department
10 Post Office Square
Suite 1000
Boston, MA 02109

If you reside in the United Kingdom, EEA or Switzerland and you seek to exercise any of your statutory rights, you may also contact our Data Protection Officer by sending an email to privacy@albireopharma.com with the subject line “Data Protection Officer”.