Version October, 2020

Who we are

In this Notice, the words “ProQR”, “We”, “Us” and “Our” refer to ProQR Therapeutics N.V. and its group of companies. We determine the means and purposes for which your personal data is collected, used and/or disclosed and managed through our ProQR website (“the Site”) in line with this privacy statement.

ProQR Therapeutics N.V. is registered at Zernikedreef 9, 2333 CK, in Leiden, the Netherlands.

You can contact our Data Protection Officer (DPO) regarding any information, or concerns, related to ProQR’s processing of personal data, by sending an e-mail to: dpo@proqr.com.

Scope

This privacy statement covers any information processed through our website (proqr.com) and includes any information collected by us when you contact ProQR through any of the contact information provided on this website (including by e-mail or phone).

General

The purpose of this privacy statement is to inform you on what, for what purposes and how we process personal data.

Information collected and purposes for which we process data

We collect information in order to optimize our services offered to you and we do it in a manner that respects your privacy.

For the purpose of contacting us, applying for available vacancies, registering to clinical trial updates, publishing patient stories, getting updates on the company or subscribing to our newsletter we collect the necessary information needed in order for these tasks to be performed. This includes your name, email, address, telephone number and any other relevant information required to fulfil the purpose for which we process this information. We also process automatically generated information as further described below. We process this data to provide us with commercial insight, and visitors’ privacy-impact is limited by setting Google Analytics in privacy-friendly mode, using the instructions issued by the Dutch Data Protection Authority.

Contact

To enable contact with us, so we can address your inquiries with us, we have provided options and contact details that enable you to contact us. You may need to provide your personal data that you seem fit, to allow ProQR to communicate with you and satisfy your query or request (e.g. e-mail addresses, telephone number and any other personal data included in your communication).

Storage Duration: In order to fulfil the purpose of addressing your requests, we withhold your data for a limited period of time, and in any case not more than two years from the data received. Your data are kept by us out of necessity for the purpose of communication with you. Should there be no further communication, they will be removed and thus no longer stored on our systems.

Newsletter

In order to keep you updated regarding our annual reports, press releases, events and other information (patient stories) you will need to provide at the required fields your name and e-mail address to subscribe to aforementioned newsletters.

Storage duration: Your name and e-mail address will be stored for sending you our newsletters, for as long as you want to receive our letters. Each mailing contains the option to opt-out. As soon as you opt-out, your name and e-mail address will be removed from our database.

Patient stories

Patient stories can be submitted through our Site. Sometimes we publish these stories and for that purpose we will need your name and access to sensitive data (health data), in which case we will ask your prior explicit consent.

Cookie policy

Cookies are small text-data files, automatically placed and stored on your computer when visiting our website. You are able to modify your web browser’s cookie default third party policy by going to settings at the privacy section.

We use two types of cookies:

a) non-intrusive/privacy-friendly cookies only to collect information on how visitors make use of our Site. It is important for us to analyse statistics provided by the cookies, in order to optimise our services to you and improve your online experience.

We use in particular the Google Analytics cookie, i.e. a third party cookie set by Google, which allows us to monitor how visitors interact with our website, how much time they spent on it and if errors or other issues were experienced. Its general purpose is to help us to improve the performance of our Site.

b) Advertising cookies by Google that come with the Youtube application. In particular, the Double Click cookie places advertisements that are relevant to the user activity of our website.

_ga
Google Analytics

Function/Purpose: It is included in each page request in a site and is used to calculate visitor, session and campaign data for the sites analytics reports.
Expiration: By default, it is set to expire after 2 years.

_gat
Google Analytics

Function/Purpose: It is used to throttle the request rate: limiting the collection of data on high traffic sites.
Expiration: It expires after 10 minutes/after the session.

_gid
Google Analytics

Function/Purpose: It tracks, stores and updates a unique value for each page that is visited.
Expiration: It expires after 24 hours.

id
doubleclick.net
Function/Purpose: It tracks website activity and places advertisements relevant to the user.
Expiration: It expires after 2 years.

JSESSIONID
New Relic

Function/Purpose: It is used to monitor session counts for an application.
Expiration: It is deleted after the session is completed.

NREUM
New Relic

Function/Purpose: It is only created in browsers that do not support the Navigation Timing API.
Expiration: It is deleted after the session is completed.

NRAGENT
New Relic

Function/Purpose: It is created when a token is handed out to an end user by the New Relic collector. It is set only if you use Browser agent version v443 or lower.
Expiration: It is deleted after the session is completed.

Automatically collected information

Device information, IP addresses and other meta-data that are automatically processed by ProQR by visiting proqr.com servers. Cookies are used to automatically process data in order to optimize our Site’s performance and measure analytics, as described above.

Data Subject Rights

The GDPR gives the possibility to data subjects to exercise certain rights. This process is free of charge and you may contact our Data Protection Officer at dpo@proqr.com. You may exercise the following rights:

Right to Access: You may request information on your Personal Data, why they are processed and to what end, as well as the period of processing and retention.

Right to rectification, erasure and restrictionIn case of inaccurate personal data, you may ask it to be corrected, amended or supplemented; you have also the right, under certain circumstances, to demand that your personal data will be erased, or restricted, from being processed. Be aware though, that this could result in not providing our services to you.

Right to data portability: You have the right to receive your personal data, under certain circumstances, in a structured, commonly used and machine-readable format and you can transfer it to another controller.

Right to object: You have the right to object to the processing of your data for the purpose of direct marketing or profiling. We may refuse your objection when personal data are needed for execution of a certain contract or when processing is within the limits of initial purpose of processing.

Right to lodge a complaint: If, for any reasons, you think we have not treated your personal data in accordance with the GDPR, you have the right to lodge a complaint to the data supervision authority which is located in the country of your residence. Please click here to find information on all data supervisory authorities in Europe.

Third parties and international transfers

The main parts of our Site are hosted by a hosting provider in The Netherlands.

We host our Investor Relation site (ir.proqr.com) with a hosting service in the United States of America (USA). By visiting these sections of the Site, automatic generated information is transferred to the USA. Any other information you submit here, for example, your contact information in any contact form, or when subscribing to a mailing list, is also transferred to the USA. In order to ensure an adequate level of protection for your rights and freedoms as a data subject, our hosting provider in the USA is EU-US Privacy Shield self-certified.

Our hosting provider in the USA also monitors whether the Site is correctly running using New Relic, as mentioned to the above table, for which cookies are placed when visiting the ir.proqr.com site. Any personal data that is processed using this tooling, is also transferred to New Relic in the USA. To ensure an adequate level of protection for your rights and freedoms as a data subject for any personal data processed that might be transferred to the USA for the use of New Relic is provided by New Relic’s EU-US Privacy Shield self-certification.

Finally, we use Google Analytics to provide us with basic analytic insight as described above. Visiting the Site while having cookies enabled, will transfer automatically generated information to Google in the USA. As mentioned above, we operate Google Analytics in privacy-friendly setting in accordance with the direction provided by the Dutch Data Protection Authority. To ensure an adequate level of protection for your rights and freedoms as a data subject for any personal data processed that might be transferred to the USA for the use of Google Analytics, it is protected by Google’s EU-US Privacy Shield self-certification.