PRIVACY POLICY

Introduction

This policy applies to all information relating to any identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (“Personal Data”).

We respect the privacy of individuals of all nationalities in the processing of their Personal Data, recognizing the fundamental rights to lawfulness, fairness, and transparency. We adhere to the principles of data privacy by design and by default, including data minimization to the extent possible. We adhere to laws relating to data protection in all jurisdictions in which we conduct business, including but not limited to the Health Insurance Portability and Accountability Act (“HIPAA”), the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the California Consumer Protection Act (“CCPA”), and the United Kingdom Data Protection Act of 2018 and United Kingdom GDPR.

Personal Data of Children Under the Age of 16

This website is not intended for, or designed to attract, children under the age of 16. No Personal Data should be submitted to us through the website by visitors who are less than 16 years old.

California Residents:

We adhere to the applicable provisions of the CCPA. If you are a resident of California, you may contact us pursuant to the “Contact Us” section below to enquire about the collection of your Personal Data, including any request to delete your Personal Data. We may collect, use, and disclose your Personal Data as required or permitted by applicable law, and this may override your CCPA rights. We are not obligated to comply with requests to the extent that doing so would infringe on our, or any other person’s, rights or conflict with other applicable law.

If you are a California resident, you have the right to send us a request, no more than twice in a twelve-month period, for any of the following. Our response will be limited to the twelve-month period prior to the request date:

  1. The categories of personal data we have collected about you.
  2. The categories of sources from which we collected your personal data.
  3. The business or commercial purposes for our collecting or selling your personal data.
  4. The categories of third parties with whom we have shared your personal data.
  5. A list of the categories of personal data disclosed for a business purpose, in the prior twelve months, along with the categories of recipient for each category of personal data, or that no disclosure occurred.
  6. A list of the categories of personal data sold about you in the prior twelve months, along with the categories of recipient for each category of PI, or that no sale occurred.

We may disclose your personal data for the following purposes, which are not a sale: (i) if you direct us to share it; (ii) to comply with your requests under the CCPA; (iii) as part of a merger or asset sale; and (iv) as otherwise required or permitted by applicable law.

We do not sell, or offer for sale, any personal data as that term is defined in the CCPA. We do not recognize or respond to browser initiated Do Not Track signals. You have the right to be free from unlawful discrimination for exercising your rights under the CCPA.

The Personal Data that we collect

Website visitors
  • If you use our website, we may collect information about you, such as your IP address and location. We also may collect Personal Data if you submit an inquiry on our website.
  • The purpose of collecting this Personal Data is our legitimate interest.
  • If you choose to contact us and provide us with your Personal Data, we will collect and use your Personal Data to respond to you, to provide you with information that you have requested (which may relate to our products or services), or to communicate with you for other purposes which are requested by you in your inquiry. Such other purposes may include, from time to time, monitoring our regulatory compliance, and compiling profiles and personal information about you in order to identify suitable education/awareness programs or suitable opportunities to collaborate with you.
  • We will disclose your Personal Data within our company, and to our corporate affiliates who agree to treat it in accordance with this Privacy Policy. Personal Data also may be transferred to third parties who act for and on our behalf, for further processing in accordance with the purpose(s) for which the data were originally collected. These third parties have contracted with us to only use Personal Data for the agreed upon purposes and not to sell or disclose your Personal Data to third parties except as required by law, or as stated in this Privacy Policy.
Personal Data of Clinical Trial Subjects
  • If you are a participant in a clinical trial that is sponsored by us, we will collect Personal Data from you. This data may include coded (“pseudonymized”) medical and health information which is collected by investigators and their staff at the study sites.

    When consent is required for the processing of Personal Data, the physician investigators overseeing the trial are responsible for ensuring that you understand and consent to the gathering of your Personal Data, including the transfer of such pseudonymized information to third parties who may be providing services for the clinical trial.

  • The purposes of collecting the Personal Data of clinical trial participants is to promote the global development of safe and effective medical therapeutics. We are committed to conducting clinical trials in a manner that strictly adheres to all national and international ethical requirements and clinical trial regulations. Effective adherence to clinical trial regulations requires the gathering, recording, processing, storing, and transmitting of personal data of clinical trial participants, clinical trial investigators, vendors, support staff, and employees.
  • Pursuant to Opinion 03/2019 of the European Data Protection Board, the processing of Personal Data of EU citizens participating in a clinical trial is necessary for the performance of a task carried out in the public interest. Specifically, the processing of sensitive categories of data is carried out for reasons of public interest in the area of public health, and/or archiving for scientific purposes in accordance with Article 89(1) of the GDPR.
Use of Cookies

Cookies are small text files that are stored on browsers or devices by websites, apps, online media, and advertisements. We use cookies and similar technologies for purposes such as:

  • Authenticating users
  • Remembering user preferences and settings
  • Determining the popularity of content
  • Analyzing site traffic and trends, and generally understanding the online behaviors and interests of people who interact with our services

Your web browser may be programmed to notify you when you are receiving a cookie, giving you the choice to accept it or not. You can also refuse all cookies by turning them off in your browser.

How we use your Personal Data

Website visitors

We may use information gathered from our website for a variety of purposes related to our business. This may include:

  • To enhance the user experience of our website, including internal operations necessary to provide our services, such as troubleshooting software bugs and operational problems; conducting website traffic data analysis, testing, and research; and to monitor and analyze usage and activity trends.
  • To respond to inquiries regarding our business or service
  • We may use your Personal Data to investigate or address claims or disputes relating to our business, or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries. We may share your Personal Data if we believe it is required by applicable law, legal process or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns. This includes sharing Personal Data with law enforcement officials, public health officials, other government authorities, or other third parties as necessary to enforce our Code of Conduct or other policies; to protect our rights or property; or the rights, safety, or property of others; or in the event of a claim or dispute relating to our business operations.
Clinical trial participants

Personal Data collected from you during a clinical trial is used to test the safety and efficacy of experimental drugs and medical devices. If you are a participant in a clinical trial sponsored by Sebela Pharmaceuticals or an affiliate, please review the informed consent form that you received from your study doctor for more information about how your Personal Data will be used and protected.

We retain user Personal Data for as long as necessary for the purposes described above. We will retain different categories of Personal Data for different periods of time depending on the category of user to whom the Personal Data relates, the type of Personal Data, and the purposes for which we collected the Personal Data.

We do not sell or share user Personal Data with third parties for their direct marketing.
We do not engage in automated decision-making using Personal Data.

How we protect your Personal Data

We use physical, electronic and organizational procedures to safeguard and secure your Personal Data. This includes encryption, firewalls, access controls, and other procedures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

Personal Data is restricted to authorized individuals, who only can access it on a "need to know" basis.

We may store some business records or clinical trial documents in hard copy (paper or disk) format, as required by law or regulation, or pursuant to the fulfilment of a legitimate business purpose. In this case, documents are retained for the minimum time necessary, and then securely destroyed. Long-term storage of hard copy documents may be carried out by a qualified third-party vendor.

Where we may transfer your Personal Data

Transfer to Third Parties

Your Personal Data may be shared with third parties to fulfill the purposes for which it was originally collected. Personal Data is transferred to third parties pursuant to contractual obligations consistent with Article 28(4) of GDPR when applicable, and with this Privacy Policy. Recipients of Personal Data may be regulatory authorities, ethical committees, and third parties associated with a clinical trial study, the Institution where the study takes place, or a CRO and its affiliated companies.

Transfer to Third Countries

Your Personal Data may be transferred to a third country outside of the EU or European Economic Area, or to a country where data protections are not as strong as in your country. Please be aware that any personal data you provide to us will be transferred to, processed, and stored in the United States. You consent to the transfer of your information, including personal information, to the United States as set forth in this Privacy Policy by visiting our site or submitting an inquiry to us. Transfers to these countries are made using appropriate safeguards as outlined in Article 46 of the GDPR.

Your rights to access and choice

We are committed to cooperating to the full extent of applicable law in the exercise of the rights of data subjects. If you would like to exercise your rights under applicable data privacy law, or to inquire about the processing of your Personal Data by Sebela Pharmaceuticals, an affiliate, or a CRO, contact us pursuant to “Contact Us” link below.

EU and Swiss citizens whose Personal Data is processed have a right to be informed of the choices and means available for limiting its use and disclosure. EU and Swiss citizens may have the right to access, modify, or suppress your Personal Data, to elect not to have Personal Data transferred to a third party, or to object to your Personal Data being used for any purpose materially different from that disclosed to you, or stated within this Privacy Policy. We will honor your request to access, modify, suppress, prevent or stop transferring, or delete your Personal Data to the extent reasonably possible. We may, pursuant to the law, disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Please note that pursuant to clinical trial regulations, some Personal Data may be retained even if you request that it be deleted.

If you are a clinical trial participant, you should first contact the study site at which you participated, or the Principal Investigator of the study, to enquire about your choices and the means available for limiting the use and disclosure of your Personal Data under applicable data privacy laws. The rights available to you as a clinical trial participant may be limited pursuant to an exception to the applicable data privacy law to preserve the integrity or scientific value of the clinical trial data that was collected.

Your rights to enforcement and recourse

If you are an EU resident, you have a right to lodge a complaint with the appropriate EU supervisory authority, and also a right to an effective judicial remedy against data controllers and processors.

Residents of California may have a private right of action in the event of a data breach. Pursuant to California law, affected individuals must first notify us of the alleged violation and provide us 30 days to cure the violation.