DATA PRIVACY POLICY – NOVOCURE.COM

The website www.Novocure.com (hereinafter “website”) is operated by Novocure Limited and its affiliates (hereinafter “Novocure”, “we” or “our”).

Novocure is responsible for the content of the website that relates to data privacy. We recognise the significance of your Personal Data and are under obligations to observe and protect it.

This Privacy Policy relates to the capturing and use of information by Novocure while you visit and use the website. If you are located in the European Union (“EU”), you may have particular rights and obligations in relation to your personal information collected by Novocure (which are explained below) and Novocure shall be the data controller under EU data protection laws, to the extent necessary and applicable.

In some circumstances, our use of your information will be subject to the requirements of the Health Information Portability and Accountability Act (commonly known as “HIPAA”). For example, this is the case in some situations when you enroll in one of our clinical trials, or if you are a United States citizen who is treated with a Novocure product. In those circumstances, our HIPPA Notice of Privacy Practices will also apply. If you have questions about which policy applies to the information you have submitted, please do not hesitate to Contact Us at dataprotection@novocure.com.

Please read this Privacy Policy carefully so that you know what information we capture from you, how this information will be used, who it may be disclosed to, what choices you have with regard to the capturing of your Personal Data, what rights you have in terms of this information, and what safety measures we have implemented to protect your Personal Data. This Privacy Policy is also part of the Terms and Conditions that are applicable for this website (hereinafter “Terms and Conditions”).

By using this website, you consent to our Terms and Conditions and this Privacy Policy.

We review our Privacy Policy and Data Privacy Procedures from time to time in order to ensure compliance with applicable law, and to optimise and further develop them, since the protection of your Personal Data is an important concern for us. Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Privacy Policy.

The Privacy Policy was last updated: in May 2016 and can be found here.

PERSONAL DATA

The term “Personal Data” as used in this Privacy Policy refers to information such as your name, birth date, e-mail address, mailing address, or telephone number that can be used to identify you. Generally, we will only process your Personal Data captured while you visit this website as described in this Privacy Policy. However, we reserve the right to conduct additional processing to the extent permitted or required by law, or in support of any legal or criminal investigation.

The next sections explain how and when we collect Personal Data from you and what we do with it.

CAPTURED PERSONAL DATA

We will collect and process the following Personal Data about you:

Information you give us: If you send us an e-mail to the e-mail addresses stated on the “Contact” page of the website, or if you correspond with us by other means such as the telephone, the Personal Data provided by you (which could include data concerning your medical condition) will be collected and processed by Novocure. This includes information such as your name, your e-mail address, and/or telephone number and information about your state of health and information about an adverse event, for example, if you have reported these in your e-mail.

Information we collect about you: We also automatically collect information from all of our website visitors, on each of their visits to our website. When you access the website, technical data is captured by our automated data capturing systems, which may include cookies and other common technologies. Certain standard information is captured with these technical options that are sent to the website by your browser, such as the type and language of your browser, access times and address of the website that you used to reach our website. Information could also be captured using your IP address or click stream data within our website (i.e. the pages that you view, the links that you click, or other behaviour associated with your use of the website).

CHILDREN

Our websites are directed toward adults. We do not knowingly collect or use any Personal Data from children under age of 16, and if we become aware that we have collected such data we will delete it.

USE OF PERSONAL DATA

We collect your Personal Data (which may include sensitive Personal Data) and may use that Personal Data, pursuant to this Privacy Policy, for the following purposes:

(i) to make contact with you to answer our surveys and requests (with prior opt-in consent);
(ii) for internal corporate purposes, including statistical analysis and recordkeeping;
(iii) for individual adaptation of the website to your needs and for your support while you use the website;
(iv) to send you promotional communications about our products (with your consent)
(v) to administer, troubleshoot, and optimise the website so that we have better knowledge of who is using the website and to gain a better understanding of the needs and interests of the visitors and users in this way;
(vi) so that adverse events or other reports that we have received based on the information that you submit remains undisclosed and cannot be disclosed to any unauthorized third parties;
(vii) to comply with applicable laws, provisions, or practical guidelines; and
(viii) to enforce the legal terms that govern your use of the website.

DISCLOSURE OF INFORMATION

Affiliates: We share your Personal Data with our affiliates as necessary to fulfil the purpose for which this information was provided including providing our product or communicating with you.

Service providers: We share information with service providers that assist us with certain functions of the website as well as with the provision of the product. This includes: direct marketing, website hosting, analytics, and technical support. All services providers must adhere to our Privacy Policy and use of the data is only permitted by them within the framework of providing services on our behalf.

Information security: The server used to operate the website automatically identifies a computer using its IP address. If we determined that the website has been used improperly, or that you have caused or have attempted to cause any damage to the website, we may carry out an investigation and work together with the relevant prosecution authorities in order to protect our rights or our property. Your Personal Data may be disclosed in the context of such an investigation.

Compliance with legal obligations: In a similar manner, we will disclose your Personal Data in accordance with any applicable law, regulation, legal process, or enforceable governmental request, or when directed to by state authorities, or if we are of the opinion that this disclosure is to protect our rights and our property, and/or the rights, property, or security of third parties, including consultants, prosecution authorities, legal, and regulatory authorities, as well as healthcare authorities such as the European Medicines Agency (EMA).

Business reorganization: We will transmit your Personal Data to third parties in the event we are involved in a merger, acquisition, restructuring, or if the entirety of our assets or business shares, or a part thereof, are acquired, or if our legal successor assumes control of, or becomes a part of our company if we are involved in liquidation proceedings.

LEGAL BASES FOR PROCESSING PERSONAL DATA

We process your Personal Data for the purposes described above, based on the following legal grounds:

(i) With your consent: We ask for your consent to process your information for specific purposes and you have the right to withdraw your consent at any time. For example, we will send you email updates about new features or our product. You may unsubscribe from this mailing at any time.

(ii) For our legitimate interests: We process your information for our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. For example, we process your information in order to help us:
• Provide, maintain, and improve our website;
• Perform analytics and research aimed at improving the accuracy, effectiveness, usability, or popularity of the website;
• Improve the content and features of the website or develop new content and features;
• Promote website content;
• Detect, prevent, or otherwise address fraud, abuse, security, or technical issues with our website;
• Protect against harm to the rights, property, or safety of Novocure, our employees, or the public as required or permitted by law;
• Share information with our third party providers in connection with the management or optimization of our website
• Share information with third parties in connection with a business reorganization or liquidation proceedings
• Enforce legal claims, including investigation of potential violations of applicable Terms and Conditions.

(iii) To fulfill our contractual obligations: We process your Personal Data to provide a service you have requested under a contract. For example, we will use your information to respond to inquiries that you have sent to us on the website.

(iv) To comply with legal obligations: We process your Personal Data when we have a legal obligation to do so, for example, if we are responding to legal process or an enforceable governmental request.

DATA TRANSMISSION

We are part of Novocure Limited, which is a global group of affiliates that has databases in different countries. Relevant to EU citizens, Personal Data captured on this website may be transferred to, and stored or otherwise processed at, a destination outside the European Economic Area (hereinafter “EEA”), including destinations that are not subject to data privacy provisions equivalent to those in the EEA countries in which you provided your Personal Data. By submitting your Personal Data, you agree to this transfer, storing, or processing. For example, if an EU citizen provides information for the purposes of a direct mailing, that Personal Data will be sent to the United States.

We will take all steps reasonably necessary to ensure that your Personal Data is processed safely and in accordance with this Privacy Policy. Novocure is in the process of entering into an Intercompany Data Transfer Agreement amongst affiliates which includes a system of principles, rules and tools, provided by European law, in an effort to ensure effective levels of data protection, in particular relating to transfers of personal information outside the EEA and Switzerland.

RETENTION OF PERSONAL DATA

We will retain your information for as long as is necessary for the purpose for which you provided the data and in accordance with our Records Retention Policy developed in accordance with applicable data protection law. We may retain information for a longer time to the extent that we are obliged to do so in accordance with applicable laws and regulations and/or as necessary to protect our legal rights or for certain business requirements.

Please note that even if you request that we delete your information, deletion by our third party providers may not be immediate, and the deleted information may persist in backup copies for a reasonable period of time.

YOUR RIGHTS

If our processing of your information is subject to the data protection laws of the European Union, you are entitled to:
• receive copies of your Personal Data under certain circumstances;
• to have the processing of your Personal Data restricted where you dispute its accuracy, if you think its processing is unlawful, or if you otherwise object to its processing, or when Novocure no longer needs your Personal Data and you need it in relation to a legal claim; and
• request the correction or deletion of erroneous or incomplete Personal Data to the fullest legally permissible extent.

Requests to delete Personal Data will be subject to any applicable legal and ethical reporting or document filing or retention obligations imposed on us.

If you would like to exercise the above-mentioned rights, please direct your written concerns to:
Novocure GmbH
Park 6
CH-6039 Root D4
Switzerland
Attn: EU Data Protection Officer Anastasios Papadopoulos c/o Todd Longworth, General Counsel and Privacy Officer
dataprotection@novocure.com +41414553600

Please do not send us any unencrypted Personal Data via e-mail. We would also like to inform you that in order to determine its authenticity, we must review and investigate any correspondence that we receive via e-mail that makes an application for access to, or amendment of your data.

You also have the right to to complain to a data protection supervisory authority in the EU if you feel that any of your Personal Data is not being processed in accordance with applicable data protection laws.

SECURITY

The safety of your Personal Data is an important concern for us. We take appropriate steps, including technical, administrative, and physical security measures to protect the Personal Data provided to us against loss, misuse, and unauthorised access, disclosure, amendment, and deletion. However, no Internet security or transmission processes are 100% safe. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Always exercise caution when transmitting Personal Data via the Internet.

COOKIES

Cookies are small text files that may be encrypted and are saved to the computer hard disk drive by the websites that you visit.

Cookies support the user by enabling efficient use of websites and also provide the website operator with important information. These cookies do not contain any software programs. Generally speaking, there are two types of cookies: Cookies that are only used while visiting the website and are deleted again once it is closed, and cookies of longer duration that are saved permanently on a website and are activated each time it is visited. Novocure uses both types of cookies in order to help improve the contents of the site and to compile aggregate statistics about individuals using our site for internal, market research purposes. You are able to delete both types of cookies using the appropriate browser settings at any time.

When you visit our website, we will place a “cookie” on your computer to allocate a session ID and based on the website content prepared in accordance with your interests, and it will enable you to navigate the website more easily when you visit the website again.

Internet browsers frequently enable the deletion of cookies from your hard disk drive, blocking cookies, and/or will notify you once you encounter a cookie. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you block cookies on your computer, you may not be able to use all the functions and features of the website. Further information about cookies, as well as about where they are placed, how they are administered and deleted can be found at www.allaboutcookies.org.

CONTACT US

If you have questions, comments, or suggestions regarding this Privacy Policy or our internal Data Privacy Procedures, please contact us at:

Novocure GmbH
Park 6
CH-6039 Root D4
Switzerland
or
Novocure Inc.
20 Valley Stream Parkway
Suite 300
Malvern, PA 19355

Attn: EU Data Protection Officer Anastasios Papadopoulos c/o Todd Longworth, General Counsel and Privacy Officer dataprotection@novocure.com +41414553600