PLEASE READ THIS POLICY CAREFULLY TO UNDERSTAND HOW WE TREAT YOUR PERSONAL INFORMATION AS WELL AS YOUR CHOICES AND RIGHTS. IF YOU DO NOT AGREE WITH THE TERMS OF THIS POLICY, YOU SHOULD NOT ACCESS OR USE OUR SITES.

OUR SITES ARE INTENDED FOR USERS LOCATED IN THE UNITED STATES, AND THEY ARE NOT INTENDED FOR USERS LOCATED IN OTHER COUNTRIES, INCLUDING THE EUROPEAN UNION AND THE EUROPEAN ECONOMIC AREA.

privacy policy

Collegium Pharmaceutical, Inc. (“Collegium,” “we,” “us,” or “our”) is committed to protecting the privacy and security of the Personal Information we collect, use, share, and otherwise Process as part of our business. We also believe in transparency, and we are committed to informing you about how we treat the data we collect and Process.

This privacy policy (“Privacy Policy”) describes our practices for handling the information we collect about you through our websites that include an authorized link to or reference to this Privacy Policy (“Sites”). This Policy is intended for U.S. audiences only.  Please read this entire Privacy Policy before using our Sites or submitting information to Collegium through its Sites.

This Privacy Policy applies as follows:

  • This Privacy Policy applies to all Personal Information collected, used, shared, or otherwise Processed by Collegium within the United States.  This Policy is intended for U.S. audiences only. If you are accessing or using our Sites from outside the United States, please be aware that your Personal Information will be Processed and stored in the United States, and U.S. privacy laws may not offer the same level of protection as those in your country of residence. If you are located outside the United States and do not wish to have your information Processed in the United States or under U.S. law, please do not use our Sites. Otherwise, by using our Sites, you acknowledge and agree that:
    • Your Personal Information may be Processed and retained by Collegium as set forth in this Privacy Policy;
    • This Privacy Policy and our data practices are governed exclusively by applicable U.S. laws;
    • We do not represent or warrant that our Processing of your Personal Information will comply with the data protection or privacy laws of your home jurisdiction; and
    • You may not have the same rights or remedies under U.S. privacy laws as you would under the laws of your country.
  • Clinical trials and pharmacovigilance/adverse event reporting may be governed by additional or different notices (e.g., informed consent forms or program-specific privacy notices).
  • Job applicants and employees/contractors are covered by separate notices provided at the time of collection.
  • This Privacy Policy does not apply to third-party websites, applications or services of companies that Collegium does not own or control, or to services that may be linked from our Sites.  We encourage you to review the privacy policies of those third parties before providing any Personal Information.

Definitions

“Cookies” are small text files that a website or its service provider transfers to your device’s hard drive through your web browser (if you allow Cookies within your browser settings) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. Cookies may be used for purposes such as saving user preferences, keeping users logged in, and tracking website usage for analytics or advertising. Information collected by Cookies may be considered Personal Information under some U.S. state laws if it can be linked to an identifiable individual.

“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.

“Process” means collecting, using, disclosing, analyzing, or modifying Personal Information.

“Sensitive Personal Information” means Personal Information that includes: (1) data revealing (i) racial or ethnic origin; (ii) religious beliefs; (iii) health data; (iv) sex life; (v) sexual orientation; (vi) status as transgender or nonbinary; (vii) national origin; (viii) citizenship or immigration status; (ix) political opinions; or (x) union membership; (2) genetic data or biometric data; (3) Personal Information of a minor (under 18); (4) precise geolocation data; and (5) account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.

Data Collection

We only Process Personal Information from the following sources:

  • You (forms you submit, communications with us, event registrations).
  • Your devices (via Cookies, pixels, SDKs, and similar tools).
  • Service providers/contractors (e.g., analytics, website hosting, customer support).
  • Business partners (e.g., co-marketing, event partners).
  • Public and commercial sources (e.g., NPPES/NPI registry, professional directories).
  • Social media platforms (when you interact with our pages or share content).

Third parties may also share information about you with us.

Collegium is not a HIPAA “covered entity” or “business associate.” Please do not submit Protected Health Information (PHI) through public forms or channels on our Sites. If Collegium receives PHI in connection with a specific program, it will be handled according to the program-specific notice and applicable law.

Categories of Your Personal Information We Process

We may Process the following categories of Personal Information:

  • Identifiers/Contact Information (e.g., name, postal address, email, phone number, picture, birthdate)
  • Our Sites use Cookies and similar technologies. Please see the “Cookies and Similar Tracking Technologies” section of this Privacy Policy, below, and our Cookie Policy for more information. When you visit Our sites we may collect the following information:
  • IP address, pages visited, time spent on Our Sites, and geographical data.
  • Engagement data regarding engagement with Our sponsored content.
  • Information regarding communications and content you submit to us or you receive from us including data regarding which emails are opened and which links are accessed by You.
  • Professional information (for Healthcare Providers, e.g., NPI, professional address/phone, specialty, license status)
  • Inferences drawn from other Personal Information (e.g., preferences, interests, characteristics).

Collegium does not intentionally collect or Process Sensitive Personal Information through its Sites. If you choose to provide Sensitive Personal Information to us, you consent to our Processing of such information in accordance with this Privacy Policy and applicable law.

How We Process Your Personal Information

We Process your Personal Information for the following purposes:

  • To provide, operate, and improve our Sites including to: (a) correct technical problems and malfunctions with our Sites; (b) determine the effectiveness of our Sites; (c) protect the security and integrity of our Sites.
  • To communicate with you, including responding to your inquiries and sending administrative or marketing communications.
  • To process transactions and fulfill your requests.
  • For analytics, research, and product development.
  • To comply with legal obligations and regulatory requirements.
  • For security, fraud prevention, and integrity of our Sites.
  • To protect our rights and property and the rights and property of others.
  • To take precautions against liability.
  • For any other purpose described to you at the time of collection or with your consent.

We do not sell your Personal Information for monetary consideration. However, certain data sharing activities, such as sharing information with analytics, marketing, and advertising partners, may constitute “sharing” under California and other state privacy laws. You have the right to opt out of such sharing as described in the “Your Privacy Rights” section below.

Sharing of Your Personal Information

We do not sell your Personal Information for monetary consideration. However, certain data sharing activities, such as sharing information with analytics, marketing, and advertising partners, may constitute “sharing” under California and other state privacy laws. You have the right to opt out of such sharing as described in the “Your Privacy Rights” section below.

We may share your Personal Information with the following categories of third parties:

  • Service providers and contractors who perform services on our behalf.
  • Affiliates and subsidiaries of Collegium.
  • Business partners.
  • Analytics, marketing, and advertising partners.
  • Law enforcement, regulators, and government agencies as required by law.
  • In connection with a merger, acquisition, or sale of all or a portion of our assets.

For the purpose of determining the effectiveness of our Sites, Collegium may hire certain organizations that collect, analyze and report on non-personally identifiable data or provide website support services. To the extent commercially reasonable, we will require these organizations to conform to Collegium’s Privacy Policy.

Cookies and Similar Tracking Technologies

We use both Cookies and similar tracking technologies to collect information about your interactions with our Sites.  Details regarding our use of Cookies can be found in our Cookie Policy.

We use “Necessary Cookies” to help make our Sites usable by enabling basic functions like page navigation and access to secure areas of the website. The Sites cannot function properly without these Cookies.

We use “Preference Cookies” to enable our Sites to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. These Cookies track page visits and how you interact with our websites, including pages visited and links clicked, in order to help us analyze our websites usage more accurately and tailor your experience.

We use “Statistic Cookies” to help the Site owners to understand how visitors interact with websites by collecting and reporting information anonymously.

We use “Marketing Cookies” to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.

Our use of Cookies can be viewed within our Cookie declaration within our Cookie Policy. Additionally, you can change or withdraw your consent to Cookies on our Sites at the “Change your consent” or “Withdraw your consent” links with our Cookie Policy.

In addition to Cookies, we may use other data collection technologies, such as Internet tags, web beacons, pixels (clear gifs, pixel tags, and single-pixel gifs), and navigational data collection (log files, server logs, etc.) that can be used to collect data as you navigate through and interact with a website. For example, web beacons are tiny graphics with unique identifiers that are used to understand browsing activity. UTM codes are strings that can appear in a URL when you move from one web page or website to another. The string can represent information about your browsing, such as which advertisement, page, or publisher sent you to the receiving website.

We use Google Analytics, DeepIntent, or similar tools to collect and Process statistical data about the number of people using the Site and to better understand how they find and use the Site. The data collected includes data related to your device/browser, your IP address, and on-site activities to measure and report statistics about user interactions. The information stored is reduced to a random identifier. Any data collected is used in accordance with this Policy and Google’s privacy policy. You may learn more about Google Analytics by visiting google.com/policies/privacy/partners/ and support.google.com/analytics/answer/6004245. You can learn more about Google’s restrictions on data use by visiting the Google Privacy Policy at: google.com/policies/privacy. To opt-out of Google Analytics, visit: tools.google.com/dlpage/gaoptout and install the opt-out browser add-on feature

For more details, visit the “Google Analytics opt-out browser add-on” page located at: support.google.com/analytics/answer/181881?hl=en.

Please note that linked, non-Collegium websites may also use Cookies or other tracking technologies. Collegium cannot control the use of Cookies or other tracking technologies by these third-party websites. We also want you to know that when you link from a Collegium website to another website, that website may have the ability to recognize that you have come from a Collegium website. If you do not want any other websites to know that you have been on our websites, we recommend that you do not use the links provided in our websites.

Most web browsers are set by default to accept Cookies. If you do not wish to receive Cookies, you may set your browser to refuse all or some types of Cookies or to alert you when Cookies are being stored. These settings may affect your enjoyment of the Site’s functionality. Adjusting the Cookie settings may not fully delete all of the Cookies that have already been created. To delete them, you should review your web browser settings after you have changed your Cookie settings. The links below provide additional information about how to disable Cookies or manage the Cookie settings:

Google Chrome: support.google.com/chrome/answer/95647?hl=en

Firefox: support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Microsoft Edge: support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

Safari: support.apple.com/guide/safari/manage-cookies-sfri11471/mac and support.apple.com/en-us/HT201265

For more information about how to modify your browser settings to block or filter Cookies, visit aboutcookies.org.

You may learn more about internet advertising practices and related consumer resources at youradchoices.com/control, thenai.org/about-online-advertising/faq, and networkadvertising.org/choices.

Please note that our websites do not respond to “Do Not Track” signals at this time.

How we collect Personal Information

We collect Personal Information through the information request form on our Sites. We may collect other information regarding your use of our Sites, including web logs and analytics information as set forth in the Cookies and Similar Tracking Technologies Section, above.

Data Retention

We will retain Personal Information we collect as long as there is a legitimate business purpose for the information and applicable regulatory requirements are met. When Personal Information is no longer needed, we will delete or de-identify it in accordance with our data retention policies and applicable law.

Data Security

We implement reasonable administrative, technical and physical safeguards designed to protect the Personal Information you share with us from unauthorized access, use, disclosure, alteration, or destruction. However, no security system is completely secure. We cannot guarantee that our website is 100% safe from illegal tampering or “hacking,” as any data transmitted over the Internet may be at risk. If we become aware of a data breach affecting your Personal Information, we will notify you as required by law.

We only permit authorized employees who are trained in the proper handling of third-party Personal Information to have access to that information. Employees who violate Collegium’s Privacy Policy will be subject to Collegium’s normal disciplinary process.

Children’s Online Privacy Protection Act

Our Sites are not directed to children under the age of 18 and we do not knowingly Process Personal Information from children under 18. No one under the age of 18 may access, browse, or use the Sites, or provide any information to us. If we learn that we have Processed Personal Information from a child under 18 without parental or legal guardian consent, we will take steps to stop collecting that information and to delete it. If you believe we have received information from a child under the age of 18, please contact us using the “Contact Us” details provided below.

For more information about the Children’s Online Privacy Protection Act, please visit the Federal Trade Commission’s website at: ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule

State-Specific Privacy Rights

We comply with all applicable state-specific privacy laws. California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia and other states with comprehensive privacy laws may provide their residents with specific rights regarding their Personal Information as set forth under the Your Privacy Rights Section below.

Your Privacy Rights (California and other States)

Residents of California have the following privacy rights. Depending on your state of residence (e.g., Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia), you also may have one or more of the following rights regarding your Personal Information:

  • Right to know/access:
    • the categories and specific pieces of Personal Information we have collected about you;
    • the categories of sources from which your Personal Information was collected;
    • the business or commercial purpose for collecting or selling your Personal Information;
    • the categories of third parties to whom we share your Personal Information;
    • the specific pieces of Personal Information we have collected about you;
    • the categories of your Personal Information that is sold and to whom the Personal Information was sold.
  • Right to delete your Personal Information;
  • Right to correct your Personal Information if it is inaccurate;
  • Right to opt out of the sale or sharing of Personal Information, including for targeted advertising and profiling in furtherance of decisions that produce legal or similarly significant effects;
  • Right to data portability;
  • Right to limit the use and disclosure of Sensitive Personal Information (where applicable under state law);
  • Right to non-discrimination for exercising your privacy rights;
  • Right not to be subject to a decision based solely on automated Processing, including profiling, which produces legal effects or similarly significant effects;
  • Right to appeal our decision regarding your privacy request.

California. Under California Civil Code § 1798.83, California residents who provide Personal Information in obtaining products or services for personal, family, or household use may be entitled to request and obtain from us, once each calendar year, information about the information we shared (if any) with other businesses for direct marketing uses. We do not currently share your Personal Information with third parties for those third parties’ direct marketing purposes. Please be aware that not all information sharing is covered by California’s “Shine the Light” requirements, and only information regarding covered sharing (if any) will be included in our response. As a part of the California Online Privacy Protection Act, all users of our Site may make any changes to their information as set forth in the “How to Exercise Your Rights” Section, below. This Privacy Policy also complies with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), which provide California residents with specific rights regarding their Personal Information as described in this Policy.

Nevada. Nevada residents may submit a verified request to us as set forth in the “How to Exercise Your Rights” Section, below, to request that we not make any sale (as defined under Nevada law) of any covered information (as defined under Nevada law) that we have collected or will collect about you. Please provide your name and contact information in your request, and we will respond to your request in accordance with Nevada law.

How to Exercise Your Rights

To exercise your data privacy right applicable to you under your State’s laws, please submit a verifiable consumer request to us by either:

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity and confirm the Personal Information relates to you. To protect your privacy, we will verify your identity before fulfilling your request, which may require you to provide additional information. Some States allow you to designate an authorized agent to make a request on your behalf. For your security, requests from authorized agents will be processed only if they comply with applicable state laws, which may require the agent to provide proof of your written authorization, proof of their own identity, and verification that they are registered with the applicable Secretary of State (where required). We may also contact you directly to confirm the agent’s authority.

We will respond to your request within the timeframes required by applicable law. Under most state privacy laws, we will respond within 45 days of receipt, though some states may require shorter timeframes. If we require more time (up to 90 days under most laws, or as otherwise permitted), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. Subject to applicable law, you may generally exercise your rights up to twice in a 12-month period, though some states may provide for additional requests or have different limitations.

For verified data portability requests, we will provide your Personal Information in a portable and, to the extent technically feasible, readily useable format that allows you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. You will have the opportunity to withdraw your request before we charge any fee.

Upon a verified request to delete any of your Personal Information, we will delete (and direct our service providers to delete) your Personal Information, unless it is reasonably necessary for us or our service providers to:

  • Complete the transaction for which the Personal Information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated by you within the context of a our ongoing business relationship with you, or otherwise perform a contract between us and you;
  • Help to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for those purposes;
  • To identify and repair errors that impair existing intended functionality;
  • Exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law;
  • Comply with the California Electronic Communications Privacy Act or other applicable legal obligations;
  • Engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the ability to complete such research, if you have provided informed consent;
  • To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us and compatible with the context in which you provided the information; or
  • Comply with a legal obligation.

If we deny your privacy rights request, you have the right to appeal our decision. To submit an appeal, please contact us by

We will respond to your appeal within the timeframes required by applicable law and provide you with a written explanation of our decision. If we deny your appeal, we will inform you of any further appeal mechanisms available under your state’s law, including how to contact your state attorney general to submit a complaint.

Third-Party Links and Websites

As a resource to our visitors, we may provide links to other websites that we believe may offer useful information. You should carefully review the privacy policies and practices of these websites, as Collegium Pharmaceutical, Inc. cannot control or be responsible for their privacy practices and is not liable for the content, privacy policies, or practices of any third-party websites.

Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights under applicable law. This means we will not deny you goods or services, charge you different prices or rates, or provide you with a different level or quality of goods or services solely because you exercised your privacy rights.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last Updated” date at the top of this Policy indicates when it was last revised. If we make material changes, we will notify you by posting a notice on our website and/or by other means as required by law. Unless direct notice is required by applicable law, your continued use of our Sites after any changes constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us by:

 

[Last Updated: November 24, 2025]