Privacy and Cookies Policy

Effective as of May 25, 2018.

This “Privacy Policy” describes how Intercept Pharmaceuticals, Inc. and its subsidiaries (collectively, “Intercept”, “we”, “us”, or “our”) collect, use, disclose and otherwise process personal data in connection with this Website and any of our other websites, mobile applications, or online services that link to this Privacy Policy (collectively referred to as the “Sites”).

The Personal Data We Collect

We collect personal data about you on our Sites in the following ways:

Data you choose to provide

Personal data that you may provide through our Sites or otherwise share with us includes, but is not limited to:

  • Personal and business contact information, such as your first name, last name, postal
  • address, email address, telephone number, job title and employer name;
  • Professional credentials, such as educational and work history, institutional affiliations
  • and other types of information that would be included on a resume or curriculum vitae;
  • Profile information, such as your username and password, industry, interests and
  • preferences;
  • Feedback and correspondence, such as information you provide in your responses to
  • surveys, when you participate in market research activities, report a problem with the
  • Sites, receive customer support or otherwise correspond with us;
  • Transaction information, such as details about programs, events or other activities you
  • register for through the Sites;
  • Usage information, such as information about how you use the Sites and interact with
  • us; and
  • Marketing information, such as your preferences for receiving marketing
  • communications.

Information from social networking sites

Our Sites may include interfaces that allow you to connect with social networking sites (each a “SNS”). If you connect to a SNS through our Sites you authorize us to access, use and store the information that you agreed the SNS could provide to us based on your settings on that SNS. We will access, use and store that information in accordance with this Privacy Policy. You can revoke our future access to the information you provide to us through an SNS at any time by amending the appropriate settings within your account settings on the applicable SNS.

Information we get from others

We may also get information about you from other sources, and we may add this to information we get from our Sites. We may combine other publicly available information, such as information related to the organization for which you work, with the personal data that you provide to us through our Sites.

Information automatically collected

We may automatically log information about you and your computer or mobile device when you access our Sites. For example, we may log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the website you visited before browsing to our Sites, pages you viewed, how long you spent on a page, and access times and information about your use of, and actions on, our Sites. We collect this information about you using cookies. Please refer to the section below for more details.

Cookies and Similar Technologies

What are cookies?

We may collect information using “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Sites.

Cookies we use

We use two broad categories of cookies: (1) first-party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our Sites; and (2) third-party cookies, which are served by service providers on our Sites, and can be used by such service providers to recognise your computer or mobile device when visiting other websites.

Our Sites use the following types of cookies for the purposes set out below:

Type of cookie Purpose

Essential Cookies

These cookies are essential to provide you with services available through our Sites and to enable you to use some of their features. Without these cookies, the services that you request may not be possible to provide. We only use these cookies to provide you with those services.

Functionality Cookies

These cookies allow our Sites to remember choices you make when you use our Sites. The purpose of these cookies is to provide you with a more personalized experience and to avoid you from having to re-select your preferences every time you visit our Sites.

Analytics and Performance Cookies

These cookies are used to collect information about traffic to our Sites and how users use our Sites. The information gathered may include the number of visitors to our Sites, the websites that referred them to our Sites, the pages they visited on our Sites, what time of day they visited our Sites, whether they have visited our Sites before, and other similar information. We use this information to help operate our Sites more efficiently, to gather demographic information and to monitor the level of activity on our Sites.

We use Google Analytics for this purpose. Google Analytics uses its own cookies and is only used to improve how our Sites work. You can find out more information about Google Analytics, cookies, and about how Google protects your data on the Google website. You can prevent the use of Google Analytics relating to your use of our Sites by downloading and installing a browser plugin.

Disabling cookies

You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided in your browser (usually located within the “settings,” “help,” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.

If you do not accept our cookies, you may experience some inconvenience in your use of our Sites. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Sites.

Flash technology

We may use Flash cookies (which are also known as Flash Local Shared Object (“LSOs”)) on our Sites to collect and store information about your use of our Sites. Unlike other cookies, Flash cookies cannot be removed or rejected via your browser settings. If you do not want Flash cookies stored on your computer or mobile device, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel on the Adobe Flash Player website. You can also control Flash LSOs by going to the Global Storage Settings Panel at the Adobe Flash Player website and following the instructions. Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with our Sites

Pixel tags

We may also use pixel tags (which are also known as web beacons and clear GIFs) on our Sites to track the actions of users on our Sites. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of the Sites, so that we can manage our content more effectively. The information we collect using pixel tags is not linked to our users’ personal data.

Legal Bases for Processing

If you reside in the European Union (“EU”), we are required to inform you of the legal bases of our processing of your personal data on our Sites, which are described in the table below.

Processing Purpose Legal Basis

To provide services Processing is necessary to provide services to you or to take steps that you request prior to providing those services.

To communicate with you

For compliance, fraud prevention and safety purposes

To create anonymous data for analytics

These processing activities are based on our legitimate interests. We consider and balance potential impact on your rights and do not process your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

To comply with law

Processing is necessary to comply with our legal obligations.

With your consent

Processing is based on your consent. Where we rely on consent, you have the right to withdraw it at any time.

How We Use Your Personal Data

To provide you with information and administer our Sites

If you register to participate in our programs, events or other activities, or use our Sites, we use your personal data to:

  • Operate, maintain, administer and improve the Sites;
  • Process and manage registrations you make through the Sites;
  • Communicate with you regarding our programs, events, or activities for which you may have registered, including by sending you technical notices, updates, security alerts, and support and administrative messages;
  • Better understand your needs and interests, and personalize your experience with the Sites;
  • Provide support and maintenance for the Sites and our services; and
  • Respond to your service-related requests, questions and feedback.

To communicate with you

If you request information from us, register on the Sites, or participate in our surveys, programs, or events, we may send you Intercept-related marketing communications as permitted by law. You will have the ability to opt out of such communications.

To comply with law

We use your personal data as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal processes, such as to respond to requests from government authorities.

With your consent

We may use or share your personal data with your consent, such as when you consent to let us post your testimonials or endorsements on our Sites, you instruct us to take a specific action with respect to your personal data, or you opt into third party marketing communications.

For compliance, fraud prevention and safety

We use your personal data as we believe necessary or appropriate to (a) enforce the terms and conditions that govern use of our Sites; (b) protect our rights, privacy, safety or property; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

How We Share Your Personal Data

We disclose personal data to third parties under the following circumstances:

  • Affiliates. We may disclose your personal data to our subsidiaries and corporate affiliates for purposes consistent with this Privacy Policy.
  • Service providers. We may employ third party companies and individuals to administer and provide services on our behalf (such as training, customer support, website hosting, email delivery and database management services). These third parties use personal data as directed by us and in a manner consistent with this Privacy Policy.
  • Professional advisors. We may disclose your personal data to professional advisors, such as lawyers, auditors and insurers, where necessary in the course of the professional services that they render to us.
  • Compliance with laws and law enforcement; protection and safety. We may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests, such as to respond to requests from government authorities; (b) enforce the terms and conditions that govern use of the Sites; (c) protect the rights, privacy, safety or property of users of our Sites and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
  • Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal data, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Privacy Policy.

Careers

If you submit personal data in connection with job opportunities at Intercept via our Sites, we will use and disclose the data to process your application (including to contact you and/or your references and former employers if appropriate), to monitor recruitment statistics, and to comply with government reporting requirements. We also retain statistical information about applicants to help with our recruitment activities. We will process this information based on our legitimate interest in evaluating job candidates or, when you provide us with sensitive information, based on your consent.

Your Rights

Regardless of where you reside, you can submit privacy inquiries and requests by email to privacyprotection@interceptpharma.com or to our postal address provided below. If you reside in the EU, you may request that we take the following actions in relation to your personal data:

  • Access. Provide you with information about our processing of your personal data and give you access to your personal data.
  • Correct. Update or correct inaccuracies in your personal data.
  • Delete. Delete your personal data.
  • Transfer. Transfer a machine-readable copy of your personal data to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal data.
  • Object. Object to our legitimate interests as the basis of our processing of your personal data.

We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you reside in the EU and would like to submit a complaint about our use of your personal data or response to your requests regarding your personal data, you may contact us or submit a complaint to the data protection regulatory authority in your country.

Marketing Communications

You may opt out of marketing-related emails by clicking on a link at the bottom of each such email, or by contacting us at privacyprotection@interceptpharma.com. You may continue to receive service-related and other non-marketing emails for which you have not opted out.

Choosing Not to Share Your Personal Data

Where we are required by law to collect your personal data, or where we need your personal data in order to provide you with information or process your registration on our Sites or requests, we may not be able to provide you with such services if you do not provide this data when requested (or later ask to delete it).

Security

The security of your personal data is important to us. We take a number of organizational, technical and physical measures designed to protect the personal data we collect, both during transmission and once we receive it. However, no security safeguards are 100% secure and we cannot guarantee the security of your information.

Children

Our Sites are not directed to children under 16. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us. We will delete such information from our files as soon as reasonably practicable.

Sensitive Personal Data

If you send or disclose any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) to us when you use the Sites, you must consent to our processing and use of such sensitive personal data in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal data, you must not submit such sensitive personal data to our Sites.

International Transfer

Intercept is headquartered in the United States and has affiliates and service providers in other countries. Personal data may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your country. We will process your personal data in accordance with this Privacy Policy regardless of where your personal data is stored or accessed. Please note that Intercept Pharmaceuticals, Inc. is certified to the EU-US and Swiss-US Privacy Shield framework with respect to certain categories of personal data collected by entities located in the European Economic Area and Switzerland and transferred to Intercept Pharmaceuticals, Inc. in the United States. You can find further information about our Privacy Shield Certification at https://www.interceptpharma.com/privacy-shield-policy/.

Other Sites and Services

The Sites may contain links to other websites and services. These links are not an endorsement, authorization or representation that we are affiliated with those third parties. We do not exercise control over third-party websites and are not responsible for these websites. Other websites follow different rules regarding the use or disclosure of the personal data you submit to them.

We encourage you to read the privacy policies of the other websites you visit.

Your California Privacy Rights

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits California residents to request and obtain once a year, free of charge, information about the personal information (if any) that Intercept disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please email your request to: privacyprotection@interceptpharma.com.

Retention

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying legal, accounting, or reporting requirements. In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact Us

If you have any questions or concerns about our Privacy Policy, please feel free to email us at privacyprotection@interceptpharma.com, or write to us at:

Intercept Pharmaceuticals, Inc.

Legal Affairs Department

10 Hudson Yards

37th Floor

New York, NY 10001

If you reside in the European Economic Area or Switzerland and you seek to exercise any of your statutory rights, you may also contact our Data Protection Officer by sending an email to privacyprotection@interceptpharma.com with the subject line DATA PROTECTION OFFICER.