PRIVACY POLICY
ORBUS THERAPEUTICS, INC.
Last Updated: April 4, 2023
This privacy policy ("Policy") describes how Orbus Therapeutics, Inc. and its related companies ("Orbus") collect, use, store and share (together “process”) individual’s personal information and explains the rights and choices available to individuals.
The notice applies to individuals whose personal data is processed by or shared with our service providers or research partners in the course of your relationship with Orbus.
Orbus may provide additional privacy notices to individuals at the time we collect their data (e.g. clinical trial participants or employment candidates) that describe our privacy practices in connection with specific activities and will apply to the information you provide at that time, in addition to this notice.
Please note this Privacy Notice does not apply to Orbus’ processing of employee or contractor data.
BY PROVIDING YOUR PERSONAL DATA TO ORBUS OR OTHERWISE USING OUR WEBSITES OR MOBILE APPLICATIONS, YOU ACKNOWLEDGE THAT YOU UNDERSTAND THE TERMS OF THIS PRIVACY NOTICE AND WISH TO CONTINUE TO PROVIDE YOUR PERSONAL DATA FOR THE PURPOSES DESCRIBED.
WHAT WE COLLECT
We collect personal data from the following types of individuals: clinical trial participants, patients, patient family members, caregivers or advocates, physicians and other healthcare providers, clinical trial investigators, researchers, pharmacists, contractors, consultants, job applicants, volunteers, visitors to our offices, and other individuals who interact directly with Orbus or its service providers or research partners.
How we collect your personal data
Information You Give Us:
You directly provide Orbus with most of the data we collect. We collect and process your personal data when you:
Provide the information to us in person, via phone, or via email
Enter your personal data via our websites and mobile apps
Use or view our websites or mobile applications via your browser’s cookies
Information We Get From Others:
We may get information about you from other sources. Orbus may also receive your partially deidentified or “pseudonymized” data indirectly from the following sources:
Healthcare providers, such as your doctor(s). Your authorization or release will be obtained prior to obtaining this information to the extent required by applicable law
Research organizations and clinical trial investigators with whom we contract
Public records
Third party service providers or business partners with whom we contract
Recruiters
Types of personal data we collect include:
Health and medical information, we collect in connection with sponsoring and managing clinical trials, conducting research, providing patient support programs, and tracking adverse event reports
Personal and business contact information and preferences (such as name, job title and employer name, email address, mailing address, phone number, and emergency contact information)
Biographical and demographic information (such as date of birth, age, gender, marital status, and information regarding any parents or legal guardians)
Professional credentials, educational and professional history, institutional and government affiliations, background checks, performance reviews, and information of the type included on a resume or curriculum vitae
If you are a third party with whom we have or are contemplating a contractual relationship, such as a healthcare professional, we collect publicly available information related to your practice, such as license information, disciplinary history, prior litigation and regulatory proceedings, and other due diligence related information
Payment-related information we need to pay for services and products that individuals may provide to us (such as tax identification number and financial account information)
From healthcare professionals, we collect information about the programs and activities in which you have participated, our interactions with you, and the agreements you have executed with us
Security and access credentials, such as username and password that may be created in connection with establishing an account on our websites or mobile applications
Your photograph, social media handle or digital or electronic signature
If you are a visitor to an Orbus office location, we may collect visual images captured on closed circuit television (CCTV)
Other information you provide to us (such as in emails, on phone calls, through our websites or mobile applications, or in other correspondence)
USE OF PERSONAL INFORMATION
To the extent permitted by applicable local law, we collect your personal data for the following purposes:
Communicating with you about the products and services we offer, and responding to requests, inquiries, comments, and suggestions
Analyzing and enhancing our communications and strategies (e.g. effectiveness of emails or our websites and mobile applications)
Operating, securing, and improving our business (including both physical premises and digital environments)
Developing and personalizing relationship management activities, including the delivery of programs and materials, as well as surveys and market research
Staffing, facilitating, conducting and managing clinical trials
Tracking and responding to safety and product quality concerns (including product recalls)
Complying with regulatory monitoring and reporting obligations (including those related to adverse events, product complaints, spend transparency, and patient safety)
Defining and managing appropriate patient engagement and enrollment activities
Identifying, interacting, and engaging with healthcare professionals, including thought leaders and external experts
Facilitating and improving our recruitment activities (such as processing employment applications, evaluating a job candidate for an employment activity, analyzing trends, and monitoring recruitment statistics)
In some situations, we may have a separate agreement or relationship with you with respect to a specific type of processing of your data, such as if you participate in a special program, activity, event, or clinical trial. These situations will be governed by specific terms, privacy notices, or consent forms that provide additional information about how we will use your personal data that we collect at that time.
Cookies and other automated information collection:
We may log information using "cookies" or similar technology such as web beacons and other technologies (“Automated Information”). Cookies are small data files stored on your hard drive by a website. For additional information about cookies, visit www.allaboutcookies.org.
We or our service providers and business partners may collect Automated Information about your online activities over time and across our own and third-party websites when you use our websites and mobile applications, including to deliver commercial content on our behalf. In jurisdictions where Automated Information is considered personal data, or if we associate Automated Information with personal data, we will treat Automated Information as personal data and process such information in accordance with this Privacy Notice.
The Automated Information that we collect from time to time includes:
Details about the devices that are used to access our websites or mobile applications (e.g. IP address, and type of operating system and web browser)
Dates and times of visits to, and use of, our websites and mobile applications
Details about your interactions with emails that we may send you, including the links on which you click and your interactions with our linked sites
Information about how our websites and mobile applications are used (such as the content that is viewed on our websites and how users navigate our pages)
URLs that refer visitors to our websites
Web browsers may offer users of our websites the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly. You can visit www.aboutcookies.org/how-to-control-cookies for information about cookies and how to disable them.
SHARING OF PERSONAL INFORMATION
We may share your personal information for the purposes described in either this Privacy Notice or through a specific “in-time” privacy notice provided at the time we collect the information as follows:
We may share personal information with your consent:
Unless prohibited by applicable law we may share personal information when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
We may share personal information for legal, protection, and safety purposes:
We may share information to comply with laws.
We may share information to respond to lawful requests and legal processes.
We may share information to protect the rights and property of Orbus Therapeutics, Inc. This includes enforcing our agreements, policies, and terms of use.
We may share information in an emergency. This includes protecting the safety of our employees and agents.
We may share information with those who need it to do work for us including:
Contract research organizations that conduct clinical trials on our behalf
Customer service and patient support providers (including for product quality and adverse event reporting etc.)
Data storage and analytics and technology providers (including technology support, marketing and laboratory service providers)
Event planning and travel organizations that help facilitate Orbus programs
We may share personal information with regulators worldwide, as required by law, including in connection with monitoring, review and approval of our studies, products and services, and adverse event reporting.
As part of our research activities we may share personal information with healthcare professionals, researchers, academics, and public health organizations.
Orbus does not sell your personal data or make your personal data available to any other party for their own proprietary purposes, except as required by applicable law.
International data transfers
We may transfer your personal data to countries other than the country in which the data was originally collected for the purposes described in this Privacy Notice. The countries to which we transfer your personal data may not have the same data protection laws as the country in which you initially provided the information. When we transfer personal data across borders, we consider a variety of requirements that may apply to such transfers, but in any event, we will only transfer your personal data to a destination and in a manner that ensures your personal data remains protected to the same or equivalent level as in the country of origin, including executing contractual clauses which commit the recipient to process personal data in accordance with applicable law in the country of origin.
Orbus operates in the United States. Our servers and offices are located in the United States, so your personal data may be transferred to, stored, or processed in the United States.
INFORMATION CHOICES AND CHANGES
You have the right to exercise the following rights in relation to the personal data that we collected about you. Please note that if your exercise of these rights limits our ability to process your personal data, we may not be able to provide our products or services to you, or to otherwise engage with you going forward.
We will verify the identity of each individual making any request regarding personal data, to help ensure that we provide the information only to individuals to whom the personal data pertains and allow only those individuals or their authorized representatives to exercise rights with respect to that personal data. In the event we cannot comply fully or at all, with your request, we will notify you of the reasons.
Right to withdraw your consent
Where you provided consent to Orbus to process your personal data, you may withdraw such consent by following the instructions provided at the time of collection or by contacting us using details in the Contact Us section below. In some instances, withdrawing your consent may mean we can no longer provide products or services to you or otherwise engage with you.
Right to access your personal data
You have the right to request from Orbus copies of the personal data that we maintain about you. This includes the right to request us to disclose to you the: categories of personal data we collected about you; categories of sources from which the personal data is collected; business or commercial purpose for collecting your personal information; categories of third parties with whom we share your personal information; and specific pieces of personal information we collected about you.
Right to rectification
You have the right to request Orbus to correct any errors in your personal data. You also have the right to request us to complete personal data you believe is incomplete.
Right to object to processing of your personal data
You have the right to object to or “opt-out” of our processing of your personal data.
Right to erasure
You have the right to request that we delete your personal data from our records, under certain conditions.
No discrimination
You have the right to not be discriminated against by Orbus because you exercise any of the above rights.
You have the right to file a complaint with a regulator or data protection supervisory authority in your jurisdiction.
As stated above Orbus does not “sell” personal data as that term is defined under applicable privacy laws. To request further information about this, you can email privacy@orbustherapeutics.com.
When submitting a request to exercise any of these rights, please describe your relationship with us and your request, with sufficient detail to allow us to properly understand, evaluate, and respond to it. We will need to verify your identity before processing your request, which may require us to request additional personal data from you.
Minors:
We do not knowingly collect personal data from children under age 13 through our websites or mobile applications. If we learn that we have collected personal data directly from a child under the age of 13, we will delete that information.
How we protect personal data:
Orbus securely stores your data and maintains reasonable and appropriate administrative, technical and physical security procedures and practices designed to protect the personal data we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, due to the nature of digital communications and technologies, we cannot guarantee that the measures we maintain will ensure the security of your personal data. We will keep your personal data in a form that permits identification of you only for as long as necessary for the purposes for which it was processed.
Links to third-party websites and content:
For your convenience and information, we may provide links to websites and other third-party content that is not owned or operated by Orbus. The websites and third-party content to which we link may have separate privacy notices or policies. Our privacy policy applies only to our websites and applications, and Orbus is not responsible for the privacy practices of any entity that we do not own or control, or for the legality of any third party content. If you click on a link to another website, you should read the privacy policy associated with that website.
CONTACT INFORMATION
We welcome your comments or questions about this privacy policy or our privacy practices, or to exercise your rights regarding your personal data processed by us. When raising a request or complaint, please provide sufficient details (including your relationship with us) and any relevant documentation. You may contact us at our address:
Orbus Therapeutics Inc.
2479 E. Bayshore Road, Suite 105
Palo Alto, CA 94043
privacy@orbustherapeutics.com
CHANGES TO THIS PRIVACY POLICY: We may change this privacy policy. If we make any changes, we will change the “Last Updated” date above.