Effective and last updated: September 30, 2016

This Website Privacy Policy applies to all of your use of the Chiasma, Inc. corporate website, http://www.chiasmapharma.com (the “Website”). It describes how your personal information will be treated as you use the Website. Our Website Privacy Policy is not a contract, and it does not create any legal rights or obligations.  For additional information on our commitment to protecting personal information and our compliance with the EU-U.S. Privacy Shield, please read our Privacy Shield Policy, also available on this Website.  We may amend this policy at any time and will provide you notice of any material changes on the Website, by email, or by some other method.

Information We Collect About You

You generally are not required to provide information about yourself when you visit the Website. However, you may choose to register with us in order to receive communications about company news, promotions, products and services, and other features by entering your information on the “Contact Us” page of the Website. In order to register, you will be asked to provide us with information about you including your:

·       first and last name,

·       mailing address,

·       country of residence,

·       telephone number,

·       email address, and

·       whether you are a healthcare provider, patient, member of the media, investor, or other individual.

We also collect information automatically that may be connected to you from the servers used to support the Website. This information includes:

·       the internet protocol (IP) address from which you access the Website,

·       information about the device you use to access the Website,

·       information about the web browser you use to access the Website, and

·       information about applications on your device that are necessary to support the Website.

We use various technical means to collect this information, including application logs on your device or computer, server logs, “cookies” placed on your device or computer, “beacons” in email, and other content.

Information you provide to us may be stored in the United States, Israel, or other jurisdictions that do not provide the same degree of protection for your information as that provided by the United States.

How We Use and Share Your Information

We may use any information we collect about you or about your use of the Website in connection with the operation of our business as well as to improve the Website or to communicate with you about products, features, or services that we believe may be of interest to you or otherwise in connection with our management of the Website. We may also share the information you submit to us to third parties that work with us to offer products and services to our patients as well as to other third parties that offer products or services we believe may be of interest to you. We may also use information we collect about you for the following purposes:

·       security and protection of personnel, assets, and resources;

·       regulatory compliance and monitoring; and

·       compliance with legal requirements or to defend or pursue legal claims.

We may personalize your experience by using your use of the Website to shape any recommendations we may make about content (including advertising) that might be of interest to you. We may also monitor traffic patterns and Website usage to help us develop the design and layout of the Website. We use application logs on your device and our server as well as “cookies” and other tracking technologies for the purposes described above as well as to enhance the functionality of the Website. This information may be stored in files on your device that we access.

We may also use the information we collect to occasionally notify you about functionality changes to the Website, new products or services we provide, and offers we think will be of interest to you. We may create from information we collect from anonymous demographic information that is not unique to you, such as your ZIP code, domicile, age, gender, preferences, and interests. We may use or permit use of this information with affiliates, advertisers, business partners or unaffiliated third parties for our or their business purposes.

We may transfer information we have about you in connection with a reorganization or combination of our company with another company.

We reserve the right to disclose information we have about you to regulatory authorities, law enforcement agencies, or as required by applicable law.

Choices You Have About Our Use of Your Information

You can write to us at any time to obtain a copy of your information and to have any inaccuracies corrected or if you no longer wish to be registered on the Website. Where appropriate, you may have your personal information erased, rectified, amended or completed. In order to contact us regarding your information, you may call us at +1-866-637-9703 or send us an email at info@chiasmapharma.com.

Security and Our Efforts to Protect Your Information

While we have implemented measures designed to protect against the unauthorized access, interception, loss, misuse, and/or alteration of the information under our control, our systems are not designed to protect individually identifiable health information, including protected health information (PHI), or other confidential or sensitive information, and we do not guarantee that events of unauthorized access, interception, loss, misuse, and/or alteration under our control will not occur. In the event of any unauthorized access, interception, or misuse, we will not be responsible for such unauthorized access, interception, or misuse, or any direct, indirect, special, incidental, consequential, or other damages (including lost profits) suffered by a user, even if we have previously been advised of the possibility of such damages. We do not warrant, either expressly or impliedly, that the information provided by any user shall be free from unauthorized access, interception, or misuse. Accordingly, you should use the Website with the express understanding that any information you provide may be compromised.

Confidential Information and Sensitive Personal Information

The Website is not designed to handle any confidential information (including any individually identifiable health information or PHI that is subject to any security requirements under any law), nor is the Website designed to handle information that may not be confidential, but is sensitive personal information such as race or ethnic origin, political opinions, personal finances, religious or other similar beliefs, trade union membership, physical or mental health, educational records, sexual life, or criminal record. You should not use the Website to submit or handle any confidential information or sensitive personal information.

Third Party Sites and Services

When you use the Website, you may be directed to other sites outside our service. For example, sections of the Website may include links to third-party sites that we do not operate or control. If you click on one of these links, you will leave the Website. These third-party sites may send their own cookies to users to collect data or solicit personal information. These other sites are not subject to our Website Privacy Policy and we are not responsible for the privacy policies of these third-party sites, or for the use of any information that these sites may collect.

Your California Privacy Rights

Operators of websites subject to California’s “Shine the Light” law are required to disclose to their California users who obtain products or services from the website operator for family or household use, upon request, the identity of any third parties to who the operator has disclosed personal information for the third parties’ direct marketing purposes within the previous calendar year, along with the type of personal information disclosed.

Children’s Privacy

We are committed to complying with the Children’s Online Privacy Protection Act (COPPA). The Website is not directed to children under the age of 13. We do not knowingly collect personal information from children under the age of 13. If a user identifies themselves as a child under the age of 13, we will not collect, store, or use any personal information. If we receive personal information that we discover was provided by a child under the age of 13, we will promptly destroy such information. Schools and parents should supervise their children’s online activities and consider the use of other means to provide a child-friendly, online environment. Additional information is available on the Direct Marketing Association’s home page at http://thedma.org. If you would like to learn more about COPPA, visit the U.S. Federal Trade Commission home page at http://www.ftc.gov.

Transfer of Information Across National Borders

You expressly consent to the transfer of your personal information to, and the collection and processing of such personal information in the United States, Israel, and other countries or territories where we or our vendors operate. In giving this consent, you acknowledge that you understand that the laws on holding, processing, using, and transferring personal information in the United States may vary and be less protective of your privacy than laws of your state or country.

How to Contact Us

You may contact us with questions or comments about our Website Privacy Policy by email at info@chiasmapharma.com.

Please note that communications to this email address will not constitute legal notice to us or any of our officers, employees, agents, or representatives in any situation where notice to us is required by contract or any law or regulation.

Finally, we urge you to read this Website Privacy Policy in full as well as our Website Terms of Use and Chiasma Privacy Shield Policy for complete details about our policies concerning the collection and use of your information.