Data Privacy Framework Certification
Last Updated: September 28, 2023
Personal Data Covered by our Data Privacy Framework Certification
Acadia complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Acadia has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Acadia has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the UK Extension to the EU-U.S. DPF and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
Acadia obtains and processes Personal Information from the EEA, the UK and Switzerland in different capacities as provided in our online Privacy Policy, which describes the categories of Personal Information we may receive in the United States, as well as the purposes for which we use that Personal Information. We will only process Personal Information in ways that are compatible with the purpose we collected it for, or for the purposes you later authorize. Acadia commits to comply with the Data Privacy Framework Principles with respect to all Personal Information received from the EEA, the UK and Switzerland in reliance on the Data Privacy Framework, as we further describe below.
Data Privacy Framework Principles
Notice. Acadia’s Privacy Policy in combination with this Notice describes our privacy practices with respect to Personal Information received from the EEA, the UK and Switzerland in reliance on the Data Privacy Framework.
Choice. You may choose the types of Personal Information we process and the purposes of the processing. In the event Personal Information is (i) to be used for a purpose that is materially different from the purposes for which the Personal Information was originally collected or subsequently authorized, or (ii) transferred to a third party acting as a data controller, individuals will be given, where practical and appropriate, an opportunity to opt-out of having their Personal Information so used or transferred where it involves non-sensitive information. Where such use or transfer involves sensitive information, individuals must opt-in before such use or transfer.
Data Integrity and Purpose Limitation. Any Personal Information we receive may be used by Acadia for the purposes indicated in our Privacy Policy or as otherwise notified to you. We will not process Personal Information in a way that is incompatible with these purposes unless subsequently authorized by you. We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the purposes for which it was collected, and to ensure that such Personal Information is reliable, accurate, complete and current. We will retain your Personal Information in an identifiable form only for the period necessary to fulfil the purposes outlined in our Privacy Policy, unless a longer retention period is required or permitted by law or by the Principles. We will adhere to the Principles for as long as we retain the Personal Information collected under the Data Privacy Framework.
Accountability for Onward Transfer of Personal Information. Acadia may transfer Personal Information for the purposes described in our Privacy Policy to third parties, including agents, regulatory authorities and service providers. We may transfer Personal Information to a third party acting as a data controller or as an agent. If we intend to disclose Personal Information to a third party acting as a data controller or as an agent we will comply with, and protect, Personal Information as provided in the Accountability for Onward Transfer Principle. We remain responsible for the processing of Personal Information we receive, under each Data Privacy Framework, and subsequent transfers to a third party acting as an agent on its behalf, unless we prove that we are not responsible for the event giving rise to the damage. We try to minimize disclosures of Personal Information as reasonably practical because we are mindful of our responsibility and potential liability in cases of onward transfers to third parties. We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. For further information about how we disclose your Personal Information, please see our online Privacy Policy.
Security. We maintain reasonable and appropriate security measures to protect Personal Information from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with this Notice.
Access. You have the right to access Personal Information that we hold about you and request that we correct, amend or delete it if it is inaccurate or processed in violation of the Data Privacy Framework. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access, or as otherwise permitted by the Principles. If you would like to request access to, or a correction, amendment, or deletion of your Personal Information, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information.
Recourse, Enforcement and Liability. In compliance with the Principles, Acadia commits to resolve complaints about our collection or use of your Personal Information. EU and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact Acadia at the contact information provided below.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Acadia commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. Under certain conditions, more fully described on the Data Privacy Framework website, you may also be able to invoke binding arbitration when other dispute resolution procedures have been exhausted.
For purposes of enforcing compliance with the Data Privacy Framework, Acadia Pharmaceuticals, Inc. is subject to the investigatory and enforcement authority of the US Federal Trade Commission.
Amendment. This Notice may be amended consistent with the requirements of the EU-U.S., the UK Extension and the Swiss-U.S. Data Privacy Frameworks. When we update this Notice, we will also revise the “Last Updated” date at the top of this document.
Questions or Complaints. In compliance with the Principles, Acadia commits to resolve complaints about our collection or use of your Personal Information. EU, UK and Swiss individuals should first contact Acadia by clicking here to submit your personal data request, inquiry or complaint through our web portal, or contact one of the individuals below:
Acadia Pharmaceuticals, Inc.
Attn: Data Privacy Framework Inquiry
12830 El Camino Real, Suite 400
San Diego, California, 92130
European Data Protection Officer:
Data Compliant Limited, 22 Friars Street, Sudbury, Suffolk, CO10 8NP
Phone: +44 1787 277742
Email: acadiadpo@datacompliant.co.uk
European Data Protection Representative:
MyData- TRUST
Boulevard Initialis, 7 box 3
7000 Mons
BELGIUM
Phone: +32 65 55 41 20
Email: acadia.eudpr@mydata-trust.info