Effective Date: January 3, 2019
A Note to Users Outside of the United States
Rigel intends that all transfers of personal data comply with all applicable international laws and regulations, including the GDPR.
When transferring personal data out of the European Economic Area (EEA), adequate safeguards will be used, such as including standard contractual clauses issued by the European Commission in contracts with third parties. Specifically, for example, for transfers of personal data from Switzerland and the EU to the US, Rigel follows and complies with the EU-US Privacy Shield and the Swiss-U.S. Privacy Shield Principles published by the U.S. Department of Commerce. Rigel certifies that it adheres to the Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. To learn more about the Privacy Shield please visit https://www.privacyshield.gov/list. Transfers of personal data outside of the European Union, other than to the U.S. shall be made in accordance with the data protection principals prescribed by the international law and regulations applicable in the relevant countries. In cases of onward transfer to third parties of Personal Data received pursuant to the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, Rigel is potentially liable. Rigel shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless Rigel proves that it is not responsible for the event giving rise to the damage.
The Federal Trade Commission has jurisdiction over Rigel’s compliance with the Privacy Shield.
In compliance with the US-EU and Swiss-US Privacy Shield Principles, Rigel commits to resolve complaints about our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding our Private Shield policy should first contact Rigel at: firstname.lastname@example.org. Rigel has selected a third party to serve as its independent recourse mechanism (IRM) for dispute resolution arising from certain transfers or processing of Personal Information (non-HR data) under Privacy Shield. Rigel has further committed to refer unresolved Privacy Shield complaints under the EU-US and Swiss-US Privacy Shield Principles to Judicial Arbitration and Mediation Services, Inc. (JAMS), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS at: https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Collection of Personal Information
For subscribers to our investor information mailing list, we collect your e-mail address and any Personal Information you enter into the form.
For visitors who sign up to receive information about a specific product, (i) if you are a health care provider, we collect your first and last name, postal address, e-mail address, and you may also elect to provide your specialty type, practice type, and other medical profession information or (ii) if you are a patient or care partner, we collect your e-mail address and information related to your medical condition, and you may also elect to provide your year of diagnosis and whether you are currently receiving treatment for the medical condition.
For visitors who subscribe to our mailing list to be notified when our products are available for purchase, we collect your e-mail address.
For visitors who email us directly via an e-mail hyperlink, we collect your e-mail address and any Personal Information that may be included with the e-mail.
For health care providers who request access to any of our prescription access programs, such as our Expanded Access Program or Patient Assistance Program, we collect your username, first and last name, e-mail address, and for certain programs may also collect password as well as your clinical investigator’s name, address, e-mail address, and phone number. We also collect patient identifiable information that you provide through submission of enrollment forms for our prescription access programs. We may also collect Anonymous Data about the patient for which you are interested in obtaining our product. “Anonymous Data” means data, either individual or in the aggregate, that does not permit the identification of individual persons and that is not associated with or linked to Personal Information.
For all visitors: As you navigate our Site, certain passive information will also be collected, including but not limited to:
- The date, time, and duration of your visit to the Site and the Site’s pages and links you click on while navigating within our Site;
- Information about your interactions with any content appearing on our Site, such as the type of content accessed via our Site;
- Information about your interactions with our email messages, such as the links you click on and whether you open or forward a message, the date and time of these interactions and the device you use to read emails;
- The site you visited before and after visiting our Site;
- Your Internet Protocol (IP) address (a numerical address assigned to your computer or device by your Internet service provider so that other computers or devices connected to the Internet can communicate with your computer or device online) that can sometimes be used to derive your general geographic area;
- Search terms you enter on our Site or on a referral site;
- Information about your device such as your device type and model, screen size, browser type, language and other settings, memory capacity, operating system, Wi-Fi information, and time zone;
- If you are using a mobile device to access the Site, unique identifiers such as non-global mobile device identification numbers, radio type (e.g. LTE, 3G, etc.), and carrier code; and
- Information collected through cookies, pixel tags and other tracking technologies (see additional descriptions of these terms below).
Regarding clinical trial investigators and other parties, Rigel will provide specific Privacy Notices as required upon the first collection of personal data or no later than 30 days from the collection of such data. Clinical trial participants will be provided with relevant privacy information in the Informed Consent Form and clinical trial enrollment process.
Cookies We may also log information using small data files stored on your hard drive when you visit our Site (“Cookies”). We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. This type of information is collected to make the Site more useful to you and to tailor the experience with us to meet your special interests and needs.
Flash Cookies When we post videos, third parties may use local shared objects, known as “Flash Cookies,” to store your preferences for volume control or to personalize certain video features. Flash Cookies are different from browser Cookies because of the amount and type of data and how the data is stored. Cookie management tools provided by your browser will not remove Flash Cookies. To learn how to manage privacy and storage settings for Flash Cookies, go to: https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.
Do Not Track We do not currently respond to “do not track” signals from web browsers.
Pixel Tags We and our service providers may also use “Pixel Tags” (sometimes referred to as clear gifs, web beacons, or web bugs). Pixel Tags are tiny graphic images with a unique identifier, similar in function to Cookies, that are used to track online movements of web users. In contrast to Cookies, which are stored on a user’s computer hard drive, Pixel Tags are embedded invisibly in web pages. Pixel Tags also allow us to send e-mail messages in a format that users can read, and they tell us whether e-mails have been opened to help us ensure that we are sending messages that are of interest to our users. We may use this information to, among other things, reduce the frequency of or eliminate messages sent to a user.
Use of Personal Information In general, Personal Information you submit to us is used to respond to requests that you make, aid us in serving you better, or improve our Site, products, and services. Depending on your intended use of this Site, we may use your Personal Information for a variety of purposes, including:
- To facilitate the creation of and secure your account on our network;
- To send you a welcome e-mail to verify ownership of the e-mail address provided when your account was created;
- To identify you as a user in our system;
- To provide improved administration of our Site;
- To provide you with content that may be of interest to you;
- To provide the services you request;
- To respond to your e-mail inquiries and other requests, including providing you with notification regarding the availability our products for purchase;
- To measure and analyze audience traffic and improve the quality of your experience with our Site, products, and services;
- To determine your patient’s eligibility in participating in our prescription access programs, as applicable;
- To send investor information, new product availability information, administrative e-mail notifications (e.g. security or support and maintenance advisories);
- To understand how you use our Site;
- For any other purposes disclosed to you at the time of collection or pursuant to your consent.
If you are an employment applicant, we may use your Personal Information to process and respond to your job application, including to assess your skills, interests, and qualifications for job opportunities, conduct reference checks, verify the information provided, and for compliance with corporate governance and legal and regulatory requirements. However, we will only use your Personal Information to make employment decisions to the extent permitted under federal, state, or local equal employment opportunity laws. Personal Information that you submit may also be added to our candidate database for future consideration when job vacancies arise. If you are hired, we may also use the information collected during the application process for other business purposes relating to your employment.
We may create Anonymous Data records from Personal Information by excluding information (such as your name) that makes the data personally identifiable to you. We reserve the right to use Anonymous Data for any purpose and disclose Anonymous Data to any third parties in our sole discretion.
Retention of Personal Information The purposes, methods, storage limitation and retention period of personal data are consistent with the information contained above, and/or in the relevant Privacy Notice. We retain personal data and maintain the accuracy, integrity, confidentiality and relevance of personal data based on the processing purpose. Adequate security mechanisms designed to protect personal data are used to prevent personal data from being stolen, misused, or abused and prevent personal data breaches.
Sharing of Personal Information We may share Personal Information in any manner for which you provide consent. We may share your Personal Information with third-party service providers that we employ to provide services on our behalf, such as to: provide you with services that you request; conduct quality assurance testing; facilitate creation of accounts; or provide technical support.
We may share some or all of your Personal Information in connection with or during negotiation of any contemplated or actual merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, Personal Information may also be transferred as a business asset.
If another company acquires our company, business, or assets, that company will possess the Personal Data collected by us.
Rigel reserves the right to share individuals’ personal information as required by law or duly authorized information request of governmental authorities.
Regarding Children Our Site is not designed for children under the age of 13. We will not deliberately gather Personal Information about visitors in this age group, and do not collect any information on this Site with respect to age. If we discover that a child under 13 has submitted Personal Information to us, we will attempt to delete the information as soon as possible. If you believe that we might have any Personal Information from a child under 13, please contact us at email@example.com
You may opt-out of tracking by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout. You may request to access or correct any other Personal Information collected by Rigel by contacting firstname.lastname@example.org
Access to Your Data
When acting as a data controller, Rigel provides you with a mechanism to enable you to access your personal data and allows you to update, rectify, erase, or transmit your personal data, if appropriate or required by law.
You have the right to receive, upon request, a copy of the data you provided to Rigel in a structured format and to transmit those data to another controller, for free. Rigel´s Data Protection Officer is responsible to ensure that such requests are processed within one month, are not excessive and do not affect the rights to personal data of other individuals.
Right to be Forgotten
Upon request, you have the right to obtain from Rigel the erasure of your personal data, if applicable. When Rigel is acting as a controller, Rigel will take necessary actions to inform the third-parties who use or process that data to comply with the request.