Privacy

This Privacy Notice (“Privacy Notice”) was last updated and effective on December 18, 2023.

Neurogene Inc. (“Neurogene”) respects the privacy of all individuals who entrust us with their personal data (i.e., information from or about an identified or identifiable person, including information that we can associate with an individual person). This Privacy Notice explains what types of personal data Neurogene may collect from you, how we collect it, how we use it, who we may disclose it to, and how you can manage it. It also describes the policies and practices that we have developed to safeguard personal data and to comply with applicable data protection laws. Please read this Privacy Notice and our Terms of Use carefully.

Our Privacy Notice is not a contract, and it does not create any legal rights or obligations. We may amend this Privacy Notice at any time. When this Privacy Notice is changed, the date of the latest revision will appear at the top of this page.

If you have any questions regarding Neurogene’s privacy practices or wish to access or correct personal data Neurogene has collected from you, please contact us using the information below:

Company name: Neurogene Inc.
Mailing address: 535 West 24th Street, 5th Floor New York, NY 10011

Person responsible for privacy inquiries: Carleen D. Lyken
Senior Counsel
Email address: Privacy@neurogene.com

 

Information We May Collect About You

We may collect, use, store and transfer different categories of personal data about you in electronic (e.g., email, photographs, documents) or paper media. We have grouped them together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, and title.
  • Contact Data includes address, email address and telephone numbers.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Website or intranet.
  • Usage Data includes information about how you use our Website, intranet, products and services, including: the domain name of the website that allowed you to navigate to our Website, search engines used, the length of time spent on our Website, the pages you looked at on our Website, the frequency of your visits to our Website, and other relevant statistics.
  • Professional, Employment-Related, and Candidacy Information. When you apply for a job with us, we will collect various of the information categories described above. In addition, we may collect additional identifiers, such as: Social Security Number, driver’s license or state identification number, veteran status, race or ethnic origin, gender and other personal and online identifiers; your resume or CV, cover letter, previous work and education experience, and any other professional data collected as part of your employment application and our hiring process; residency, citizenship, or work permit status; and information required for us to comply with laws, including at the direction of law enforcement authorities or court orders.
  • Surveys. We may contact you to participate in surveys. If you decide to participate, you may
    be asked to provide certain information which may include personal data.
  • Interactive Features. We and others who access our Website may collect personal data that you submit or make available through our interactive features (e.g., social media pages). Any information you provide on the public sections of these features will be considered “public”, unless otherwise required by applicable law, and is not subject to the privacy protections referenced herein.
  • Additional Information. Additional information that you provide to us, including through feedback, messages, emails, mail, or otherwise.

 

How We Collect Information About You

Direct interactions. You may give us your Identity Data and Contact by filling in forms or by corresponding with us by mail, phone, and e-mail or otherwise. This includes personal data you provide when you contact us through the Website, apply for employment with us.

Automated interactions. As you interact with our Website or intranet, we may automatically collect Technical Data and Usage Data about your equipment, browsing actions and patterns, subject to your consent where required. We collect this personal data by using cookies, and other similar technologies. For additional information about how Neurogene uses cookies and similar technologies, see “Cookies and Similar Technologies” section.

Third Parties (or publicly available sources). We may receive categories of personal data about you from various third parties and public sources as set out below:

  • Technical Data from analytics providers such as Google and search information providers.
  • Identity and Contact Data from recruitment agencies.

 

How We Use Your Information

Neurogene does not disclose, give, or sell any personal data you provide to any outside organizations for any reason (other than as described below). We may use any information we collect about you or about your use of the Website for the following purposes:

  • Provide Our Website. In connection with the operation of our business, as well as to improve the Website or to communicate with you about our business or otherwise in connection with our management of the Website. We may also use information we collect about you for security and protection of personnel, assets, and resources; regulatory compliance and monitoring; and compliance with legal requirements or to defend or pursue legal claims.
  • Website Administration and Development. We may also monitor traffic patterns and Website usage to maintain, protect, and improve our Website, ensure the technical functions of Our network, and help us develop the design and layout of the Website. We use application logs on your device and our server as well as “cookies” and other tracking technologies for the purposes described below as well as to enhance the functionality of the Website. This information may be stored in files on your device that we access.
  • Changes to Website. We may also use the information we collect to occasionally notify you about functionality changes to the Website.
  • Evaluate Your Candidacy for a Job with Us. As a job applicant or recruit, we may use your personal data to evaluate your candidacy for a position with us.
  • Legal Reasons. To comply with applicable law, respond to valid legal process, participate in legal proceedings, including civil discovery and litigation, protect you, us, and others from unlawful or fraudulent activities, and investigate potential violations of and enforce our policies, including our Terms of Use.
  • With Your Consent. We may otherwise use your personal data with your consent.

 

How We Share Your Information

We may share the personal data we collect about you as described below:

  • Service Providers. We may employ independent contractors, consultants, vendors, and suppliers, such as third-party service providers, call centers, mail houses, or any other third party who may need to receive or handle your personal data on our behalf (collectively, “Outside Contractors”) in connection with the performance of obligations under this Privacy Notice and to provide specific services and products related to the Website and our business. In the course of providing products or services to us, these Outside Contractors may sometimes have access to your personal data.
  • Subsidiaries and Affiliates. We may share your personal information with our subsidiaries and affiliates for the purposes described above or as reasonably necessary for our internal administrative and business purposes.
  • Legal Reasons. We may disclose information we have about you to regulatory authorities, law enforcement agencies, or as required by applicable law.
  • Change of Control Transaction. We may share personal data with a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by the Company about individuals who access our Website is among the assets transferred.
  • With Your Consent. We may otherwise share your personal information with your consent.

 

How We Protect Your Information

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

Cookies and Similar Technologies

Cookies are small files that many websites place on your hard drive that allow those websites to identify you. For example, if you allow a website to remember your login name or password, that website places a cookie on your computer.

We use cookies for technical purposes, statistical purposes and advertising purposes. Indeed, subject to your prior consent, we may place cookies on your computer to allow us to identify you during future visits to our Website. We may use cookies to measure web traffic and to customize your visit. If you consented to our use of cookies but later wish to opt out, you can change the browser settings, at any time, in order to block the cookies. If you block cookies, you may not be able to use certain features or functions of this Website, or this Website may not operate in optimal mode.

A beacon is an electronic tracking mechanism that usually consists of a single-pixel image. It can be embedded in a web page or in an email to transmit information, which could include personal data. For example, it allows an email sender to determine whether a particular email has been opened.

We may also use Google Analytics or other similar software or services, with your prior consent, to gather certain information in connection with the use of the Website. When we use Google Analytics, your web browser automatically sends certain information to Google about your use of the Website, such as the web address of the page you’re visiting and your IP address. You may opt-out by visiting this link. For more information on how Google Analytics collects, protects, uses, and shares your data, click here.

 

How We Respond to Do Not Track Signals

Some web browsers may transmit “do-not-track” signals to websites with which the browser communicates. Websites linked to this Privacy Notice do not currently respond to these “do-not-track” signals.

 

Choices You Have About Our Use of Your Information

You can write to us at any time to obtain a copy of your information and to have any inaccuracies corrected or if you no longer wish to be registered on the Website. Where appropriate, you may have your personal data erased, rectified, amended, or completed. In order to contact us regarding your information, you may send us an email at privacy@neurogene.com.

 

Links to Third Party Websites

The Website may contain links to other websites. These third-party sites may send their own cookies to you to collect data or solicit personal data. Please be aware that other sites are not subject to this Privacy Notice and Neurogene is not responsible for the privacy practices of these other sites. We encourage you to be aware when you leave our site and to read the privacy statements of each and every website that collects personal data. This Privacy Notice applies solely to information collected by the Website.

 

Children’s Privacy

The Website is not directed to children under the age of 13. We do not knowingly collect personal data from children under the age of 13. If an individual identifies themselves as a child under the age of 13, we will not collect, store, or use any personal data. If we receive personal data that we discover was provided by a child under the age of 13, we will promptly destroy such information.

 

Updating this Privacy Notice

From time to time, we may change our privacy practices.

We will post any updates to this Privacy Notice on our Website, with a “last updated and effective” date at the top of this document. Please check this page for updates.

 

SUPPLEMENTAL UK PRIVACY NOTICE

For purposes of United Kingdom (“UK”) data protection laws, Neurogene Inc. is the data controller, i.e., the company responsible for controlling the processing of personal data covered by this Privacy Notice.

The UK Data Protection Act 2018 (the “DPA 2018”) and the UK GDPR (as defined in section 3(10) (as supplemented by section 205(4)) of the DPA 2018) require Neurogene as the data controller to provide additional and different information about its data processing practices to data subjects in the UK. If you are a data subject within the UK, this Supplemental UK Privacy Notice applies to you in addition to the provisions above.

 
HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to do so. Most commonly, we will use your personal data in the following circumstances:

  • We need to perform the contract we are about to enter into or have entered into with you.
  • It is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • We need to comply with a legal or regulatory obligation.

We may also rely on consent as a legal basis for processing your personal data in certain circumstances, like sending direct marketing communications to you via email or text message. You have the right to withdraw consent at any time by contacting us.

We have set out below, in a table format, a description of many of the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for a different lawful basis for each purpose for which we are using your data. Please contact us if you need additional details about the specific legal ground we are relying on to process your personal data.

 

Purpose/ActivityCategory of personal dataLawful basis for processing  including basis of legitimate interest
To register you as a new customer, contractor, candidate or employee.(a) Identity
(b) Contact		Performance of a contract with you or to take steps prior to entering into a contract with you
To manage our relationship with you which will include:
(a) Notifying you about changes to our Terms of Use or Privacy Notice
(b) Asking you to provide feedback or take a survey
(c) As an employee		(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Financial		(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests
• to keep our records updated;
• to study how customers use our products/services; and
• to administer our relationships
To administer and protect our business and our intranet and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)(a) Identity
(b) Contact
(c) Profile
(d) Technical
(e) Usage		(a) Necessary for our legitimate interests
• for running our business and employee relationships;
• provision of administration and IT services, network security;
• to prevent fraud; and
• in the context of a business reorganization or group restructuring exercise.
 
(b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical		Consent.
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences(a) Technical
(b) Usage		Consent.
To make suggestions and recommendations to you about goods or services that may be of interest to you(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile		Consent.
To comply with legal requirements and to defend or pursue legal claims.(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile		Necessary for our legitimate interests
Necessary to comply with a legal obligation

 

CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the new legal basis. If such change of purpose requires your consent, you will have the choice to consent as to whether or not we may use your personal data in a different manner.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

 
INTERNATIONAL TRANSFERS OF PERSONAL DATA
We are based outside the UK, so the processing of your personal data may involve a transfer of data outside the UK. Information on how to contact our privacy officer can be found at the introduction of this Notice.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Secretary of State.
  • Regarding transfers to a country whose legislation has not been recognized by the UK Secretary of State as having an adequate level of protection (for instance, transfers to the US), we are required to incorporate the International Data Transfer Agreement in agreements in order to provide similar protection to personal data shared within the UK. In this regard, please note that we will provide you with a copy of applicable safeguards upon request, at the contact details specified at the end of this Notice.

 
HOW LONG WE RETAIN YOUR PERSONAL DATA
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

With respect to the services and products provided to you, we will keep your personal data during the period of our contractual relationship extended by the applicable limitation period. With regard to marketing communications with prospects, we will keep your personal data for three (3) years after the last correspondence with us.

With respect to the processing carried out in order to protect or defend your and our rights, property and security, we will keep your personal data for the time of the relevant dispute or statute limitation period.

As to the processing carried out in order to comply with a legal requirement, we will keep your personal data for the duration of such obligation.

 
YOUR DATA PROTECTION RIGHTS
Under certain circumstances, visitors from within the UK have the following data protection rights:

  • access to your personal data.
  • correction of your personal data.
  • erasure of your personal data.
  • object to processing of your personal data.
  • restrict of processing your personal data.
  • transfer of your personal data (data portability).
  • withdraw consent to any consent that you have previously given.

If you wish to exercise any of the rights set out above, please contact our privacy officer. You can also contact the Information Commissioner’s Office at this link to make a complaint.

VeraSafe has been appointed as Neurogene’s representative in the UK for data protection matters, pursuant to Article 27 of the UK GDPR. VeraSafe can be contacted in addition to or instead of Neurogene’s privacy officer, only on matters related to the processing of personal data.

To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003.

Alternatively, VeraSafe can be contacted at:
VeraSafe United Kingdom Ltd. 37 Albert Embankment London SE1 7TL United Kingdom.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee or refuse to comply with your request if it is clearly unfounded, repetitive or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.