Privacy Policy
Esperion Therapeutics, Inc. Website Privacy Statement
Last Update: April 2020
Introduction

Welcome to the website of ESPERION Therapeutics, Inc. (“ESPERION,” “we,” “us” and/or “our”). Along with our Terms of Use, this Privacy Statement explains our online privacy practices regarding the use, collection, and disclosure of Personal Data. We encourage you to read this entire Privacy Statement before using or submitting any Personal Data through the Site.

Visitors to this Site (“users,” “you” or “your”) located in a European Union Member state, Switzerland or in California or Nevada in the United States should also review the supplemental statements below which describe specific rights granted to you by local law.

Links to Other Sites

This website may contain links to other websites that may offer information of interest to you. Please note that this Privacy Statement does not apply to the privacy practices of those linked sites. Any personal information you choose to provide on those linked sites will be governed by the privacy policies of those sites. Before using the linked websites, please review their privacy policies to understand how they use and protect your personal information.

Use by Minors

This site is not intended for use by individuals in the US under the age of 18 or individuals in the EU under the age of 16. If you fall within those age restrictions, we ask that you not provide any Personal Data through this site. If you are a parent or legal guardian and a minor under your care has provided any Personal Data through this site, you may request that we remove such Personal Data by submitting a request as explained below under “Contact Us.”

Our Privacy Shield Certification

As part of our commitment to protecting your personal information, ESPERION complies with the requirements of the U.S.-EU Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and the Federal Trade Commission (“Privacy Shield Framework” or “the Framework”). The Privacy Shield Framework provides data protection principles to be followed by certifying companies (the “Principles”). The Framework governs the collection, use, transfer, and retention of personal information from the European Economic Area, the United Kingdom and Switzerland to the United States. If there is any conflict between the terms in this Privacy Statement and the Principles of the Framework, the Principles will govern with respect to requirements of the Privacy Shield program. Adherence to the Privacy Shield Principles for Privacy Shield Covered Data may be limited to (i) the extent required or allowed by applicable law, rule or regulation; (ii) the extent necessary to respond to lawful requests by public authorities, including to meet national security, law enforcement, legal or governmental requirements; and/or (iii) protect the health or safety of an individual. ESPERION may be liable for Personal Data that is transferred to third parties if such third parties process Personal Data in a matter inconsistent with the Privacy Shield Principles. Please see the Supplemental Privacy Notice for Individuals Located in EU Member States or Switzerland below for more information. To learn more about the requirements of the Privacy Shield program, please visit https://www.privacyshield.gov.

This Privacy Statement provides the following information:

Information We Collect and How We Use It:

Summary
Our website may collect Personal Data, which is information that either directly identifies you or could reasonably be used in combination with other information to identify you. Examples of Personal Data that directly identify you include your name, contact information, email address, and other information in combination with such identifiers. This website may also collect Personal Data that does not directly identify you by name or contact information, but which may be used to identify that a specific computer or device has accessed our website.

Personal Data You Provide Us
This website may allow you to submit Personal Data for various reasons, such as to access specific content or features, or to contact us with your questions or requests. We may ask you to provide certain Personal Data depending on the type of activity or communication in which you are engaged. Such Personal Data may include:

  • Contact Information. We collect this information in order to be able to communicate with you. This information may include your name, mailing address, telephone number, email address, age range, and other information you provide on our website. Where we solicit this information, we will explain how the information you provide is to be used and ask for your consent to such uses.
  • Interests and Preferences. This information helps us understand your interest in our products and services so that we can best serve you. This information may include contact preferences, languages, marketing preferences and demographic data. In some cases, we collect this information pursuant to your consent. In other cases, we collect this information automatically, for our legitimate business interests.
  • Transaction History. This information helps us fulfill services you request and respond to your inquiries. It also helps us to understand your interests and preferences. This information includes how you interact with us and use our websites, purchase and correspondence history, and customer account information. Where you have purchased a product or service from us, we use this information in order to perform our agreement with you. In other cases, we collect this information automatically, for our legitimate business interests.

Automatically Collected Data
When you use or interact with the Site, the following information is automatically logged in our systems. We use this information to secure our websites, network systems, and other assets. We collect this information automatically, for our legitimate business interests.

  • Log Data: Information that your browser automatically sends whenever you visit the Site. Log data includes your Internet Protocol address (so we understand which country you are connecting from when you visit the Site), domain and host from which you accessed the internet, browser type, operating system, and settings, the date and time of your access, and how you interacted with the Site.
  • Cookies: Information from cookies stored on your device. Please see the “Cookies” section below to learn more about how we use cookies and other technologies.
  • Device Information: Includes type of device you are using, operating system, settings, unique device identifiers, network information and other device-specific information. Information collected may depend on the type of device you use and its settings.
  • Usage Information: Information about how you use our Site, such as the types of content that you view or engage with, the features you use, the actions you take, the other users you interact with and the time, frequency and duration of your activities.

Please do not send or disclose to us through this Site, social media, email, physical mail, during telephone conversations or any other form of communication with us any sensitive Personal Data unless we specifically ask for it. Examples of sensitive Personal Data include Social Security numbers, information related to racial or ethnic origin, political opinions, religion or philosophical beliefs, health, sex life or sexual orientation, criminal background, or trade union membership, or biometric or genetic data for the purpose of uniquely identifying an individual.

Third Party Sources
We may collect Personal Data about you from third party sources with which you interact to add to the information that you provide, or which is automatically collected by the Site, as explained above. This supplemental information allows us to enhance our ability to provide you with content that better meets your interests.

Social Media
Online social media platforms allow users to interact with others, including sharing information, content and images. We may offer social media platforms or interact with platforms offered on third party sites. We may collect information about you to facilitate your use of such social media platforms. If you use such social media platforms, you acknowledge that we may be able to access any information you make public through such sites and other information you allow us to have through use of privacy settings on such third party sites.

How We Use Your Personal Data:

We may use your Personal Data as necessary for certain legitimate business interests, which include the following:

  • For administrative maintenance of the website, such as to authenticate Site visitors and provide access to the Site.
  • To provide information or respond to your inquiries and fulfill your requests for products, services, and information.
  • To provide you with further information about ESPERION and its products through advertising across multiple channels including but not limited to email, direct mail, digital advertising, telephone, and other advertising channels.
  • To provide, maintain and improve the content and functionality of the Site. For example, we regularly fix bugs or user experience issues that may be tied to particular user accounts. We use cookies to analyze how users interact with our Site, and that analysis can help us build a better Site.
  • To identify you and prevent further unwanted processing, if you request it and applicable law allows it.
  • To prevent fraud or criminal activity, misuse of our products or services, and ensure the security of our computer systems, architecture and networks; and
  • To fulfill legal and regulatory obligations such as to (a) comply with a legal process, like a subpoena; (b) respond to requests from public and government authorities including authorities that may be located outside your country of residence; (c) enforce our Terms of Use; (d) protect our operations; (e) protect our rights, privacy, safety or property; and (f) allow us to pursue remedies or damages that we may sustain, as required or permitted by the law.

For Site visitors located in the European Union (“EU“) or Switzerland, please see the Supplemental Privacy Notice for Individuals Located in EU Member States or Switzerland below for information on what we mean by legitimate interests and your rights with respect to your Personal Data.

For individuals in the states of California or Nevada, you may have additional rights with respect to your Personal Data. These rights only apply in certain circumstances as allowed by state law. Please see the Supplemental Privacy Notice for California Residents and the Supplemental Privacy Notice for Nevada Residents below for more information about your rights and how to exercise them.

Data Retention

We will keep your Personal Data for as long as reasonably necessary for the purposes described in this Privacy Statement, including to (1) pursue legitimate business purposes, (2) while we have a contractual or business relationship with you, (3) to resolve disputes or establish legal defenses, (4) conduct audits, (5) enforce our agreements, and (6) as required by law (e.g. for regulatory reporting, legal, tax, accounting or other purposes), whichever period is the longer. To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data collected, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we use your Personal Data and whether we can achieve those purposes through other means, and applicable legal requirements.

Security

It is ESPERION’s objective to maintain reasonable organizational, technical, and administrative measures designed to protect Personal Data under our control. However, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have concerns about the security of your Personal Data, please contact our data protection team at privacy@esperion.com.

Update Your Information

If you need to access or correct your Personal Data, you may contact us at privacy@esperion.com. We will address your request in accordance with applicable law.

Cookies

Our Site uses cookies to operate and administer our Site and to make it easier for you to use the Site during future visits.

What are Cookies?
A “cookie” is a small data file sent to your browser by a website you visit and subsequently stored on your browser. Cookies help to make your experience on our site easier. For example, if you register or log in, cookies will remember your username to make future log in easier. They can also remember your customized user preferences so that you receive information on our Site in ways that you like. Cookies also help us better understand how many visitors use our Site and what pages they are visiting (known as “traffic data”), to help us improve our Site.

Some cookies expire after a certain amount of time or upon logging out (session cookies); others remain on your computer or terminal device for a longer period (persistent cookies). Our Site uses first party cookies (cookies set directly by ESPERION) as well as third party cookies (set by others), as described below. For more details on cookies please visit All About Cookies.

By choosing to use our Site after having been notified of our use of cookies in the ways described in this Privacy Statement, and, in applicable jurisdictions, through notice and acknowledgement of your consent, you agree to such use.

The Site uses the technologies described below.

Strictly Necessary Cookies
We use cookies that are strictly necessary to provide users with access to the Site and to use some of their features, such as the ability to log-in and access to secure areas. These cookies are essential for using and navigating the Site. Without these cookies, basic functions of our Site would not work. Because these cookies are strictly necessary to deliver the Site, users cannot opt out of their deposit.

We also use a cookie to record when a user has agreed to the cookie consent banner.

Optional Cookies
We use “analytics” cookies that allow us to recognize and count the number of visitors and to see how visitors move around the Site when they are using it. This helps us to improve the way our Site works, for example by making sure users are finding what they need easily. These cookies provide us only with anonymous traffic data (like number of page views, number of visitors, and time spent on each page). These cookies may also allow us to track how often posts on third party websites, such as social media sites, are clicked on.

Optional cookies are deposited on our Site by Google as part of our use of Google Analytics. These cookies help to provide you with content that may be tailored to your interests and to recognize you across different media. To learn more about how Google Analytics collects and uses personal data, please refer to their privacy policy, which can be accessed here: Google Privacy Policy. To opt out of being recognized by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout. You may also opt out by downloading and installing an opt-out add-on for your web browser.

Your Choices.

On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:

Please note that if you limit the ability of websites to set cookies, you may be unable to access certain parts of the Site and you may not be able to benefit from the full functionality of the Site.

If you access the Site on your mobile device, you may not be able to control tracking technologies through the settings.

Changes to the Privacy Statement

The Site and our business may change from time to time. As a result, we may change this Privacy Statement at any time and when we do, we will post an updated version on this page and change the “Last Update” date above, unless another type of notice is required by the applicable law. You should consult this Privacy Statement regularly for any changes. By continuing to use the Site or providing us with information after we have posted an updated Privacy Statement, or notified you if applicable, you consent to the revised Privacy Statement and practices described in it.

Transfer of Personal Data — International Users

ESPERION is based in the United States. If you are accessing our Site from the European Union, United Kingdom, Switzerland or other regions with laws governing data collection and use, please note that your Personal Data will be transmitted to our servers and/or those of our service providers located in the United States as necessary to provide you with the information that you requested, administer our agreement with you, or to respond to your requests as described in this Privacy Statement. The United States may have data protection laws that are different than the laws in effect in the country in which you are located. Where we transfer your Personal Data out of the EU, the United Kingdom or Switzerland, we will take steps to ensure that your Personal Data receives an adequate level of protection and your rights continue to be protected. Please see “Our Privacy Shield Certification” section above for more information.

Contact Us

Please feel free to contact us if you have any questions about ESPERION’s Privacy Statement or the information practices on this Site. You may contact us as follows:

By email to privacy@esperion.com or

By postal mail to:

ESPERION Therapeutics, Inc.
Attention: Privacy Officer
3891 Ranchero Drive
Suite 150
Ann Arbor, MI 48108

SUPPLEMENTAL POLICIES

SUPPLEMENTAL PRIVACY NOTICE FOR INDIVIDUALS LOCATED IN EU MEMBER STATES OR SWITZERLAND

Scope

This section applies if you are accessing an ESPERION website from the EU (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway) or Switzerland. This section applies to Personal Data collected from Site Users in the EU or Switzerland who may provide Personal Data to us.

Data Controller

ESPERION is the data controller for processing Personal Data provided to us through your interactions with the Site or with us directly. For our contact details, please see the “Contact Us” section below.

If you are an individual in the EU or Switzerland, you can also contact Achieved Compliance Advocacy, Ltd., who has been appointed as ESPERION’s representative in the EU pursuant to Article 27 of the General Data Protection Regulation on matters related to the processing of Personal Data. If you want to raise a question to ESPERION or otherwise exercise your rights with respect to your Personal Data (described below), please contact Esperion@GDPRrepresentative.eu.

ESPERION complies with the EU-U.S. Privacy Shield framework and Swiss-U.S. Privacy Shield Framework (“Framework”) as set forth by the U.S. Department of Commerce regarding the transfer of Personal Data from the EU, the United Kingdom and Switzerland to the United States. ESPERION has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (“Privacy Shield Principles”). If there is any conflict between the data processing practices in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Framework and to view our certification page, please visit http://www.privacyshield.gov.

Your Privacy Rights

Subject to applicable EU law, you may have the following rights in relation to your Personal Data that we hold about you:

  • Right of Access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of all Personal Data you are lawfully entitled to receive along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
  • Right to Rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
  • Right to Erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent, where applicable and unless a lawful basis exists that prevents erasure at the time of your request. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
  • Right to Restrict Processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we would tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
  • Right to Data Portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by us by automated means. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
  • Right to Object: You may ask us at any time to stop processing your Personal Data, and we will do so, unless a lawful basis exists to continue:
    • If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing or
    • If we are processing your Personal Data for direct marketing.
  • Right to Lodge a Complaint with the Data Protection Authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.

Please see the “Contact Us” section below for information on how to contact us to exercise your rights.

Recourse for Privacy Shield Personal Data

ESPERION may be liable for Personal Data that is transferred to third parties if such third parties process Personal Data in a matter inconsistent with the Privacy Shield Principles. ESPERION has put in place internal procedures to ensure and verify compliance with the Privacy Shield Principles and with our Privacy Statement. ESPERION will work to resolve any complaints or concerns regarding the collection, use, retention, or processing of Personal Data as well as requests to withdraw consent regarding collection, use, retention, or processing of Personal Data. Individuals with inquiries or complaints regarding this Privacy Statement should first contact ESPERION using the information provided in the “Contact Us” section below. Should complaints or concerns not be properly addressed by ESPERION, matters can be brought to the independent recourse mechanism, as described below.

ESPERION has further committed to refer unresolved Privacy Shield complaints to JAMS, an independent third-party alternative dispute resolution provider located in the U.S. If you have an unresolved privacy or data use concern that we have not addressed appropriately, or in a timely manner, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.

If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Privacy Shield Panel. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction. We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission with respect to Personal Data received or transferred pursuant to the Framework.

Legitimate Interest

“Legitimate interest” means our interest in conducting our business, managing and delivering the best experiences on the Site to you. This Privacy Statement describes when we process your Personal Data for our legitimate interests, what these interests are and your rights. We will not use your Personal Data for activities where the impact on you overrides our interests, unless we have your consent, or those activities are otherwise required or permitted to by law.

Minors

The Site is not directed to EU data subjects who are children under the age of 16. ESPERION does not knowingly collect Personal Data from children who are under the age of 16.

Contact Us

You can contact us with questions about this Privacy Notice for Individuals Located in EU Member States or Switzerland or to exercise your rights as described in this Notice.

Email address: Esperion@GDPRrepresentative.eu

SUPPLEMENTAL PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

This notice, for individuals resident in California, supplements the general information contained in ESPERION’s Privacy Statement and applies only to California residents (“You,” “your” or “consumer”).

Personal Information Collection and Purposes of Use

As described in the Privacy Statement, ESPERION collects and uses information on this Site that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your devices when you visit this website, provide us your personal information, or have a contractual or business relationship with us (“Personal Information”). Such Personal Information includes direct identifiers like a name, postal address, email address, social security number or other government identifier, and indirect identifiers that may identify, relate to, or be associated with a particular individual, such as a telephone number, device identifier, IP address and browsing history.

We collect this Personal Information for the purposes identified in the Privacy Statement, including these general categories:

  • to respond to your inquiries and to fulfill your requests
  • for audits
  • to improve our website or products and services
  • to determine the effectiveness of our promotional campaigns
  • to better understand you, so that we can personalize our interactions with you and provide you with information and/or offers tailored to your interests

We may have shared such Personal Information with the following categories of third parties:

  • Service providers that help us to run our business, companies that help us follow-up on the effectiveness of our products, web hosting and development companies, and direct marketing agencies
  • Vendors that help us track the effectiveness of advertisements on our Sites
  • Vendors that help us to provide you with program, services or educational information we believe may be of interest to you

Unless specifically stated, we do not share, disclose or sell personal information to third parties for their own use, but we do share your personal information with those who support our business. In these arrangements, use of the information we share is limited by policies, contracts, or similar restrictions.

Your Privacy Rights

You have the following rights regarding our collection and use of your personal information. To exercise those rights, you must submit a request by either calling us at 833-377-7633 or by clicking the following link, http://www.esperion.com/the-esperion-story/contact-us/. We may ask you to provide additional information to verify your request. We will respond to your verified request as soon as reasonably practicable, but no later than forty-five (45) days after receipt. If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response. We will not discriminate against you for exercising your privacy rights.

Right to Information

You have the right to request the following information regarding the personal information we have collected about you: categories of information collected about you and collection sources, the purposes of the collection; and the categories of third parties to whom personal information was shared.

Right to Opt Out of the Sale of Personal Information

We do not sell personal information to third parties. You have the right to direct us to not sell your personal information. To exercise this right, you or your authorized representative may submit a request by clicking on the following link: http://www.esperion.com/the-esperion-story/contact-us/

Right to Request Deletion

You have the right to request that we delete the personal information we have about you. To exercise this right, you or your authorized representative may submit a request by clicking on the following link: http://www.esperion.com/the-esperion-story/contact-us/

However, we are not required to delete information if it is necessary to retain your information to:

  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when deletion of the information is likely to render impossible or seriously impact the achievement of such research, if you have provided informed consent.
  • Complete the transaction for which the personal information was collected, provide a good or service requested by you, or a transaction reasonably anticipated within the context of our or one of our affiliate’s ongoing business relationship with you, or to otherwise perform a contract we have with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity or prosecute those responsible for that activity.
  • Facilitate solely internal uses that are reasonably aligned with your expectations based on your relationship with us or one of our affiliates.
  • Comply with a legal obligation.
  • Otherwise use the personal information, internally, in a lawful manner that is compatible with the context in which it was provided.

Contact Us

You can contact us with questions about this Supplemental Privacy Notice for California Residents or to exercise your rights as described in this Notice.

Telephone number: 833-377-7633

Web address: http://www.esperion.com/the-esperion-story/contact-us/

Attn: Data Protection Officer

Do Not Track Signals:

The Site currently does not respond to “Do Not Track” (“DNT“) signals and operates as described in this Privacy Statement whether or not a DNT signal is received. If we do respond to DNT signals in the future, we will update this Privacy Statement to describe how we do so.

SUPPLEMENTAL PRIVACY NOTICE FOR NEVADA RESIDENTS

This notice, for individuals resident in Nevada, supplements the general information contained in ESPERION’s Privacy Statement and applies only to Nevada residents (“You,” “your” or “consumer”).

Personal Information Collection and Purposes of Use

We collect certain personal information of Nevada consumers through our Internet websites or other online service. This information includes one or more of the types of personally identifiable information described in the Privacy Statement.

We collect personal information for the purposes identified in the Privacy Statement, including these general categories:

  • to respond to your inquiries and to fulfill your requests
  • for audits
  • to improve our website or products and services
  • to determine the effectiveness of our promotional campaigns
  • to better understand you, so that we can personalize our interactions with you and provide you with information and/or offers tailored to your interests

We may have shared such Personal Information with the following categories of third parties:

  • Service providers that help us to run our business, companies that help us follow-up on the effectiveness of our products, web hosting and development companies, and direct marketing agencies
  • Vendors that help us track the effectiveness of advertisements on our Sites
  • Vendors that help us to provide you with program, services or educational information we believe may be of interest to you

Unless specifically stated, we do not share, disclose or sell personal information to third parties for their own use, but we do share your personal information with those who support our business. In these arrangements, use of the information we share is limited by policies, contracts, or similar restrictions.

Your Privacy Rights

Right to access and/or correct your personal information, or opt out of sale of personal information

We generally do not disclose or share personal information for profit. If you would like to review, correct, or update your personal information, or if you would like to direct us to not sell or license your personal information, you or your authorized representative may submit your request via privacy@esperion.com. We will respond to your verified request as soon as reasonably practicable, but no later than sixty (60) days after receipt. If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response.

Contact Us

You can contact us with questions about this Privacy Notice for Nevada Residents or to exercise your rights as described in this Notice.

Web address: http://www.esperion.com/the-esperion-story/contact-us/

Email address: privacy@esperion.com