Vertex respects the privacy of your personal information.  These policies are intended to inform you of our policies and practices regarding the collection, use and disclosure of any information collected or submitted to us.  Click on the links below to access our policies.


We at Vertex are committed to maintaining the privacy and security of the personal information of all visitors to our websites. We are also committed to complying with all laws applicable to the collection, use and disclosure of personal information. Please read this privacy policy – it governs our use of your personal information and, by submitting any such information, you are agreeing to its terms.

Privacy Policy Updates

Vertex reserves the right to change this policy at any time, based on the needs of our customers, our business or the evolution of our websites. Please check the date at the bottom of this page to see when the policy was last revised. Use of Vertex websites by our visitors will be subject to the current Privacy Policy.

The Information We Collect

First, we passively collect information that is automatically sent to us by your web browser. This information typically includes your domain name (the website name after the "@" in your e-mail address). It may also contain additional information. The amount of information sent depends on the settings you have on your web browser; please refer to your browser to learn what information it sends.

Second, we may actively obtain website usage information about you by installing a "cookie" on your computer. Cookies are computer-generated, unique identifiers. By providing each user a unique identifier, we can recognize repeat visitors and compile data on how our websites are used. Your computer can be specially configured to reject cookies; please refer to your browser for more information. In the event that we use cookies, our cookies will generate only limited information (as described in this Privacy Policy); they will not, in general, tell us where you go on the Internet.

Third, we may collect personally identifiable information that you submit via online registration forms, mail, e-mail, fax, or phone, or when you contact us at the employment, business contact, program enrollment, or events calendar areas of our websites. If you e-mail us, you are voluntarily releasing information to us. In addition, we may have collected similar information from you in the past. By using our websites you are consenting to our continued use of any such information.


Registered visitors to our websites must be 18 years of age or older. If you are a user under the age of 18, and wish to register to obtain information or participate in a survey, your parent or guardian must register to access this information.

How We Use Information

We use the information we automatically receive from your web browser, and any information that may be generated by cookies, to see which pages you visit within our websites, which website you visited before coming to ours, and which website you visit after you leave. Vertex can then develop statistics that are helpful to understanding how our websites are used, and how we can continue to improve them.

Information obtained from you may be used to generate a welcome email or other communication, notify you of website updates or provide you with services or information in response to your interests or data that you have provided. We may also use your information in order to better understand your needs and how we can improve our websites.

For Vertex marketing programs, you may "Opt-in" to allow Vertex and/or companies working on its behalf to send you information about health and wellness offerings, Vertex products, and services that may be available. Vertex may also invite you to participate in surveys and other market research. Survey questions may include demographic information, questions regarding your medical condition, or other data that will help us to provide you with useful information and services. We may also use this information to help us develop or improve services. If at any point you no longer wish to receive these messages, you may unsubscribe by following the instructions provided in each communication from Vertex.

We use information consistent with your expectations. If you register for one of our websites, we may provide you with information or services consistent with the information you provide. If you send information related to potential employment, we review the information, maintain it on file, and use it to contact you and/or your references, former employers, etc., if appropriate. If you send business contact information, we will use the information you provide to explore business opportunities with you or your company. If you submit information to the events calendar area of our website, we will send you alerts according to the preferences you choose. You may always re-set your alert preferences to stop receiving news and alerts from us. Vertex does not sell, rent, or give your personal information to non-affiliated third parties, except as described in this Privacy Policy.

Sharing and Disclosure

We may contract with third parties to maintain and host our websites. We may also partner with other service providers in order to provide fulfillment of information requests or other services. These companies may have access to personal information you submit to our websites, but we contractually require that our partners maintain the confidentiality of your personally identifiable information and limit their ability to re-use or re-disclose it.

We may also use any information you submit to investigate security breaches or cooperate with authorities pursuant to a legal or other matters where we reasonably believe we are required to do so by law, regulation or other government authority. We may also remove all the personally identifiable information and use the rest for historical, statistical or business planning purposes.

We will not sell your information to any other company or organization. However, in the event of a merger, consolidation or other corporate reorganization, we may transfer your personally identifiable information to a successor who is bound by the terms and conditions of this policy.

Changes or Updates to Your Information

Vertex understands that you may wish to change your information or preferences that you have provided to us. If you wish to change any of the information provided to us, you may contact Vertex by visiting the specific website at which you registered and following the instructions provided.


Vertex and its third-party partners use physical and technical security measures to protect the information you submit at our websites from unauthorized use or access. These measures include limited access to our computer facilities. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its security.

Additional Information

When you submit personal information at one of our websites, it goes to Vertex in the United States. If you are outside of the United States, by submitting personal information to this website, you are consenting to send that information to the United States for the purposes described in this Privacy Policy. If you are outside of the United States, please note that the United States may have different laws concerning the privacy of personal information than your country of residence.

For your convenience, this website contains hyperlinks to other websites outside Vertex. While Vertex has adopted this Privacy Policy, we can make no promises or guarantees regarding data collection on the hyperlinked pages and websites that are not owned by Vertex. We therefore recommend that you read the privacy policy/statement for each website you visit.



  • Data Privacy Policy
  • Approved By:  Corporate Compliance Committee
  • Prepared by: Corporate Compliance
  • Effective Date: October 12, 2012


The following capitalized terms are used throughout this document and are defined as follows:

 "Business Partners" means a Third Party who is an agent of Vertex, or who otherwise interacts with HCPs or the general public on Vertex's behalf.

"Clinical Parties" means patients, HCPs, and others involved in Vertex's clinical and safety operations, including but not limited to clinical trials, drug safety/pharmacovigilence activities, Medical Affairs' activities, and any other clinically-related activities.

"Commercial Parties" means any patients, HCPs and others involved in Vertex's commercial operations, including but not limited to Business Partners and Third Parties who act as intermediaries, including distributors and wholesalers.

 "EEA" means the European Economic Area which is composed of the following thirty (30) countries: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Ireland, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and United Kingdom.

"Employees" means any temporary, permanent, former, and retired Vertex director, officer, or staff member, and any and all dependents thereof. For purposes of this Policy only, the term "Employees" shall also include any of Vertex's independent contractors and job applicants that are Individuals.

"Healthcare Professional" ("HCP") means any member of the medical, dental, pharmacy or nursing professions or any other Person who in the course of his or her professional activities may prescribe, recommend, purchase, supply, or administer a medicinal product.  This includes persons who are capable of influencing or determining which product is supplied to the end consumer, such as certain purchasing personnel employed by a healthcare provider, group purchasing organization, pharmacy benefit manager, or government entity. This definition excludes intermediaries in the supply chain, such as distributors and wholesalers.

"Individual" or collectively, "Individuals" means any person, including but not limited to, a Vertex Employee, lawful citizen or citizens of any EEA country or Switzerland, Clinical Parties, and Commercial Parties.

"Personal Data" means any information or set of information that can be used to directly or indirectly identify, locate or contact an Individual, including, but not limited to: (a) first name or initial and last name, (b) home or other physical address, (c) telephone number; (d) personal email address or online identifier associated with the Individual, (e) driver's license number, social security number or other government-issued identifier; (f) employment, financial or health information (e.g., financial account number or credit or debit card number (with or without any required security code, access code, personal identification number or password, that would permit access to an Individual's financial account), (g) characteristic associated with the Individual, or (h) any other information relating to an Individual that is combined with any of the above.  The term "Personal Data" does not include anonymized information or information that is reported in the aggregate (provided that such aggregated information is not identifiable to a natural person).

"Privacy Principles" collectively means the following seven (7) privacy principles as described in each of the U.S.-EU Safe Harbor Framework and U.S.-Swiss Safe Harbor Framework:  (1) Notice, (2) Choice, (3) Onward Transfer, (4) Access, (5) Security, (6) Data Integrity, and (7) Enforcement, and the associated guidance set forth in those certain "Frequently Asked Questions" as agreed to by the United States Department of Commerce and, as applicable, the European Commission or Federal Data Protection and Information Commissioner of Switzerland. Please visit for additional information.

"Sensitive Personal Data" means Personal Data that reveals race, ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, any information that concerns physical or mental health or sex preference and activity, or information relating to the commission or alleged commission of a criminal offense.

"Third Party" is any person with whom Vertex interacts and that is not a Vertex legal entity or an Employee.

"Vertex" for purposes of this Policy only, means Vertex Pharmaceuticals Incorporated, including all business units, divisions, subsidiaries, and any affiliate under the control of Vertex Pharmaceuticals Incorporated.

 Capitalized terms not defined above have the definitions set forth in the respective paragraphs of this Policy.


Vertex is committed to protecting individual privacy in accordance with applicable laws and regulations.  To ensure that appropriate privacy protections are in place, Vertex has developed this Policy to describe how Vertex and its affiliates worldwide collect, use, disclose, transfer and store Personal Data. To ensure that Personal Data is private and secure, Vertex has developed information security/data protection guidelines for its Employees, and strictly enforces related safeguards within the company.

3.1 Global Privacy and Data Protection Overview; Safe Harbor Certification

In the course of its ordinary business activities, Vertex collects information on Healthcare Professionals ("HCPs"), Employees, patients, distributors, and other Individuals throughout the world. This data may be transferred to or accessed by Vertex Employees or affiliates nationally and internationally, internally within Vertex, or by external Third Parties or Business Partners, who may process Personal Data as directed by Vertex, or disclosed by Vertex for use on its behalf. The collection, compilation, analysis and delivery of Personal Data are governed nationally and regionally by data protection laws and regulations.  In furtherance of this commitment, Vertex has certified to abide by the principles under both the U.S.-EU Safe Harbor Framework and U.S.-Swiss Safe Harbor Framework regarding Personal Data collected from Individuals from any EEA country or Switzerland in support of Vertex's human resources, commercial, and clinical operations. Details of Vertex's certification can be found at the United States Department of Commerce Website,


This Global Policy applies to all Vertex Employees, Business Partners and Third Parties who provide, handle, process, use and transfer an Individual's Personal Data.  

This Policy describes the principles pursuant to which Vertex manages Personal Data in the course of its ordinary business activities received from: (i) Employees, acting within the scope of their employment; (ii) Commercial Parties, through Vertex's commercial operations; (iii) Clinical Parties, in the course of Vertex's clinical operations; and (iv) Business Partners and Third Parties with whom Vertex engages.  The categories of Personal Data covered by this Policy are Personal Data relating to Employees, Commercial Parties, and Clinical Parties.  While the types of Personal Data that require data protection vary from country to country, Personal Data typically includes information from one or more of the following categories of Vertex's business activities:

  • Clinical Trial Data: Personal Data about Individuals collected in connection with clinical trials.
  • Drug Safety/Pharmacovigilance Data: Personal Data about Individuals collected in connection with drug safety procedures.
  • Human Resources Data:  Personal Data about Employees.
  • Sales and Marketing Data:  Personal Data about HCPs to whom Vertex supplies or may wish to supply any type of goods or services.
  • Medical Information Practices: Personal Data about HCPs who have contacted Vertex's medical information service and whose details are retained in Vertex's systems.
  • Other: Other Personal Data about Individuals with whom Vertex may deal as representatives of another organization, such as distributors.
  • Patient Services Date: Personal Data about patients who have enrolled in Vertex's Guidance and Patient Support program for the purpose of obtaining reimbursement or product support services.

In connection with Vertex's Operations, Vertex may now and/or in the future: (a) transfer Personal Data of Employees, Commercial Parties and/or Clinical Parties outside of the EEA/Switzerland to the United States; and/or (b) access Personal Data regarding such individuals from the United States.


5.1 Overview

Subject to the local, national, regional and international laws, regulations, and rules of an applicable jurisdiction that govern, Vertex endeavors to ensure that the Personal Data it receives is handled in a manner consistent with the following data handling practices.  The Personal Data is:

  • fairly and lawfully collected, handled, processed, used and transferred;
  • processed for specified and lawful purposes;
  • adequate, relevant and not excessive;
  • accurate and, where necessary, kept up-to-date;
  • not kept longer than necessary;
  • processed in accordance with the Individual's rights;
  • kept secure;
  • not transferred to countries with in adequate protection and
  • neither transferred to, nor accessed by, any national of a country or jurisdiction which is deemed, by Vertex, to have inadequate protections in place.

To effectuate these practices and to abide by the Privacy Principles set forth in the US-EU Safe Harbor Accord and the US-Swiss Safe Harbor Framework, Vertex will endeavor to abide by the following:

5.2 Notice

In the event that Vertex collects Personal Data from an Individual, Vertex will furnish a notice to the Individual that describes: (i) the types of Personal Data that it collects about such Individuals, (ii)the purposes for which it collects such information, (iii) the types of Business Partners and Third Parties to which it discloses such information, and (iv) how to contact Vertex with any inquiries or complaints.  Notice will be provided in clear and conspicuous language at the time the Personal Data is collected or as soon as reasonably practicable thereafter.  In any event, notice will be provided before Vertex uses or discloses the Personal Data for a purpose other than the original purpose for which the Personal Data was initially collected.  Notice may not be provided where required by law.  Where legally required, Vertex will also obtain consent at the time of providing notice. 

5.3 Choice

In the event that Personal Data is to be used for a new purpose incompatible with the purposes for which the Personal Data was originally collected or subsequently authorized, or transferred to a Third Party exercising independent control over the Personal Data, Individuals will be given, where practical and appropriate, an opportunity to decline to have their Personal Data so used or transferred. In the event that the Personal Data used for a new purpose or transferred to the control of a Third Party is Sensitive Personal Data, the Individual's explicit consent will be obtained prior to the use or transfer of the Sensitive Personal Data.

5.4 Onward Transfers

Vertex will only transfer Personal Data to a Business Partner or Third Party if that Business Partner or Third Party has given assurances that it provides at least the same level of privacy protection as is required by the Privacy Principles and this Policy. Where legally required, Vertex takes steps designed to ensure that Business Partners and Third Party service providers are capable of maintaining appropriate security measures to protect Personal Data. Where Vertex has knowledge that a Business Partner or Third Party is using or sharing Personal Data in a way that is contrary to the Privacy Principles and/or this Policy, Vertex will take reasonable steps to prevent or stop such processing.  Vertex will only transfer Personal Data to a Third Party (i.e., not a Business Partner) where Individuals have been provided notice and have given their consent.  Vertex will endeavor to abstain from providing Personal Data, and/or access to such data to any national of a country or jurisdiction that Vertex deems to have inadequate protections in place. 

5.5 Security

Vertex takes reasonable and appropriate administrative, technical and physical precautions to protect the confidentiality, integrity and availability of Personal Data, regardless of whether such Personal Data is in electronic or tangible, hard copy form.

5.6 Access

Individuals will have reasonable access to their Personal Data and may request corrections, deletions, or additions, as appropriate.  Vertex reserves the right to deny such access where the burden or expense of providing access would be disproportionate to the risks to the Individual's privacy or where the rights of Individuals other than the subject Individual would or could be violated.

5.7 Data Integrity

Vertex limits the collection, usage, and retention of Personal Data to that which is necessary, adequate, relevant, and not excessive for the purposes for which it was collected, and takes reasonable steps to ensure that all Personal Data is reliable, accurate, complete, current and not retained longer than necessary, as deemed by Vertex.  Vertex depends on its Employees to keep their own Personal Data reliable, accurate, complete and current.

5.8 Enforcement

Vertex has implemented mechanisms to verify its ongoing compliance with the Privacy Principles and this Policy.  Any party that violates the Privacy Principles and/or this Policy will be subject to disciplinary processes, up to and including termination. 

5.9 Dispute Resolution

In the event of a dispute, Individuals are able to seek resolution of their questions or complaints regarding use and disclosure of their Personal Data in accordance with the Privacy Principles above. If you feel that Vertex is not abiding by or complying with the terms of this Policy, please contact Vertex at the contact information provided below.  In addition, with respect to its EU/Swiss-US Safe Harbor certifications related to Commercial and Clinical Parties, Vertex has agreed to hire TRUSTe Safe Harbor Dispute Resolution Program.  For EU/Swiss-US Safe Harbor certifications related to human resources and Employees, Vertex agrees to cooperate with EU and Swiss data protection authorities.

5.10 Limitation on Scope of Policy and Privacy Principles

Vertex adheres to this Policy and the Privacy Principles except: (i) as required or allowed by law, (ii) to meet legal, governmental, law enforcement or national security obligations, and/or (iii) to protect the health or safety of an Individual.


If you have questions regarding this Policy or any of Vertex's privacy practices, please contact us by mail or e-mail at the following addresses:

Vertex Pharmaceuticals Incorporated
Attn: Corporate Compliance
130 Waverley Street
Cambridge, MA 02139


This Policy may be amended by Vertex from time to time in a manner that is consistent with the requirements of the Privacy Principles and/or other leading privacy standards. When this Policy is updated, the "Effective Date" date at the top of this document shall be amended accordingly.  Any material changes to this Policy will be posted on Vertex's website and available to the general public.


Last Updated: October 12, 2012

contact us

contact us

Should you have any queries regarding the VIA programme or the process of submitting a proposal, please complete the online form below.