Effective Date: January 6, 2021
Collection of Personal Information
Rigel collects Personal Information about you when you actively provide it to us, such as by completing an online form, responding to a request for information, signing up to receive communications from us (such as our investor information communications), providing through submission of enrollment forms for our prescription access programs, or sending us an email or letter. Some areas of the Sites ask you to submit Personal Information in order for you to benefit from the specified features or to participate in a particular activity. For example, if wish to receive information about a specific product, (i) if you are a health care provider, we collect your first and last name, postal address, e-mail address (you may also elect to provide your specialty type, practice type, and other medical profession information), and (ii) if you are a patient or care partner, we collect your e-mail address and information related to your medical condition (you may also elect to provide your year of diagnosis and whether you are currently receiving treatment for the medical condition).
For visitors who subscribe to our mailing list to be notified when our products are available for purchase, we collect your e-mail address.
For visitors who email us directly via an e-mail hyperlink, we collect your e-mail address and any Personal Information that may be included with the e-mail.
For health care providers who request access to any of our prescription access programs, such as our Expanded Access Program or Patient Assistance Program, we collect your username, first and last name, e-mail address, and for certain programs may also collect password as well as your clinical investigator’s name, address, e-mail address, and phone number.
We also may collect Personal Information about you from other sources, such as our business partners; the Internet, including social media websites; the press or other print media; and other organizations or individuals as permitted under applicable law.
Listed below are the types of Personal Information that we may have collected about you within the past 12 months. Some of these types of information may not be Personal Information, depending on other information we have access to about you. Each type of information listed below is Personal Information only if we are the information identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household.
- Identifiers, such as your name, postal address, online identifier, Internet Protocol (IP) address, email address, Social Security number, driver’s license number, or other similar identifiers.
- “Customer Records” information (some of which may be identifiers or professional/employment-related information as well), such as your name, signature, Social Security number, physical characteristics or description, address, telephone number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
- Commercial information, such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Geolocation data, such as the physical location of the device you use to connect with us online.
- Biometric information, such as fingerprints or voiceprints.
- Sensory data, such as audio, electronic, visual, or similar information.
- Professional or employment-related information, such as your current or past job history.
- Education information, such as your record of performance at an educational institution.
- Personal characteristics that are related to classifications legally protected from discrimination, such as race, national origin, ethnicity, marital status, age and gender.
- Inferences drawn from other Personal Information, such as a summary we might make based on your apparent personal preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.
- Internet or other similar network activity, such as browsing history, search history, information on your interaction with our website, mobile application(s), or an advertisement. This may include hardware and browser information of your computer or other online device. The information we collect in this category may include:
- The date, time, and duration of your visit to a Site and the Site’s pages and links you click on while navigating within our Sites;
- Information about your interactions with any content appearing on our Sites, such as the type of content accessed via our Sites;
- Information about your interactions with our email messages, such as the links you click on and whether you open or forward a message, the date and time of these interactions and the device you use to read emails;
- The site you visited before and after visiting our Sites;
- your Internet Protocol (IP) address (a numerical address assigned to your computer or device by your Internet service provider so that other computers or devices connected to the Internet can communicate with your computer or device online) that can sometimes be used to derive your general geographic area;
- Search terms you enter on our Sites or on a referral site;
- Information about your device such as your device type and model, screen size, browser type, language and other settings, memory capacity, operating system, Wi-Fi information, and time zone;
- If you are using a mobile device to access a Site, unique identifiers such as non-global mobile device identification numbers, radio type (e.g. LTE, 3G, etc.), and carrier code; and
- Information collected through cookies, pixel tags and other tracking technologies (see additional descriptions of these terms below).
We may also log information using small data files stored on your hard drive when you visit our Sites (“Cookies”). We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Sites. This type of information is collected to make the Sites more useful to you and to tailor your experience with us to your special interests and needs. In addition, when we post videos, we may use local shared objects, known as “Flash Cookies,” to store your preferences for volume control or to personalize certain video features. Flash Cookies are different from browser Cookies because of the amount and type of data and how the data is stored. Cookie management tools provided by your browser will not remove Flash Cookies. To learn more about Cookies, please visit http://www.allaboutcookies.org.
- Pixel Tags
We and our service providers may also use “Pixel Tags” (sometimes referred to as clear gifs, web beacons, or web bugs). Pixel Tags are tiny graphic images with a unique identifier, similar in function to Cookies, that are used to track online movements of web users. In contrast to Cookies, which are stored on a user’s computer hard drive, Pixel Tags are embedded invisibly in web pages. Pixel Tags allow us to send e-mail messages in a format that users can read, and they tell us whether e-mails have been opened to help us ensure that we are sending messages that are of interest to our users.
- Do Not Track
We do not currently respond to “do not track” signals from web browsers.
How We Use Personal Information
We may use the Personal Information we collect from you for a variety of purposes permitted by law, including:
- To facilitate the creation of and secure your account on our network;
- To send you a welcome e-mail to verify ownership of the e-mail address provided when your account was created;
- To determine the frequency of, or to eliminate the sending of, e-mail messages sent to you.
- To identify you as a user in our system;
- To provide improved administration of our Sites;
- To provide you with content that may be of interest to you;
- To provide the services you request;
- To respond to your e-mail inquiries and other requests, including providing you with notification regarding the availability our products for purchase;
- To measure and analyze audience traffic and improve the quality of your experience with our Sites, products, and services;
- To send investor information, new product availability information, administrative e-mail notifications (e.g. security or support and maintenance advisories);
- To understand how you use our Sites;
- For any other purposes disclosed to you at the time of collection or pursuant to your consent.
If you are an employment applicant, we may use your Personal Information to process and respond to your job application, including to assess your skills, interests, and qualifications for job opportunities, conduct reference checks, verify the information provided, and for compliance with corporate governance and legal and regulatory requirements. Personal Information that you submit may also be added to our candidate database for future consideration when job vacancies arise. If you are hired, we may also use the information collected during the application process for other business purposes relating to your employment.
How We May Share Personal Information
We may share any of the Personal Information we collect from you as follows:
- We may share some or all of your Personal Information in connection with or during negotiation of any contemplated or actual merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. Thus, if another company acquires our company, business, or assets, that company will possess the Personal Information collected by us. In the event of an insolvency, bankruptcy, or receivership, Personal Information may also be transferred as a business asset.
- For any other purpose you may agree to at or before the time the Personal Information is shared.
Absent your consent, we do not sell your Personal Information and we do not share your Personal Information with non-affiliated entities for them to use for their own direct marketing purposes.
Retention and Security of Personal Information
Our Sites are not designed for children under the age of 13. If we discover that a child under 13 has submitted Personal Information to us, we will attempt to delete the information as soon as possible. If you believe that we might have any Personal Information from a child under 13, please contact us at email@example.com
Links to Other Sites
- Cookies: You can typically remove and reject Cookies from our Sites with your browser settings. Many browsers are set to accept Cookies until you change your settings. If you remove or reject our Cookies, it could affect how our Sites work for you. To learn how to manage privacy and storage settings for Flash Cookies specifically, please visit: https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.
- Google Analytics: You may opt-out of tracking by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.
- Access and Correction: You may request to access or correct any of your Personal Information collected by Rigel by contacting firstname.lastname@example.org. (If you are a California resident, please see the section immediately below for more specific information on your access and other rights.)
California Residents’ Privacy Rights
If you are a resident of California, you have certain privacy rights under the California Consumer Privacy Act (“CCPA”). We honor those rights, as described below, and we are prohibited by law from discriminating against you for exercising any of those rights.
- Right to Know
If you are a California resident, you have the right to know what Personal Information we have collected about you, why we collected it, and the categories of third parties (excluding service providers) with whom we have shared the Personal Information during the past 12 months. (See below on “How to Submit a Request.”) You may request that we provide a description of the categories of Personal Information we have collected (a “Categories Request”) or a request for access to the specific pieces of Personal Information we have collected (a “Specific Pieces Request.”)
If you make a Categories Request, and you do not have any type of account with us, we will need you to provide us with at least two data elements specific to you, such as your cell phone number or mother’s maiden name (depending on the data elements we already maintain about you), so that we can verify your identity. After we confirm that your request is a verifiable consumer request, we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you (g., social media websites, government records available to the public, etc.).
- Our business or commercial purpose for collecting that Personal Information.
- The categories of third parties other than service providers (if any) with whom we shared the Personal Information.
If you make a Specific Pieces Request, we need to be sure we have verified your identity with great certainty to safeguard your privacy. In order for to verify your identity, if you do not have any type of account with us, you will need to provide to us at least three data elements specific to you, together with a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request. After we confirm that your request is a verifiable consumer request, we will disclose to you the specific pieces of Personal Information we collected about you that you requested.
- Right to Request Deletion
You have the right to request that we delete any of your Personal Information that we collected from you and retained. We are not obligated to comply with your request if we have a legal basis to retain the Personal Information. If you make a request for us to delete Personal Information, and you do not have any type of account with us, we may need you to provide us with at least two data elements specific to you so that we can verify your identity. Once we receive and confirm that your request is a verifiable consumer request (see below on “How to Submit a Request”), we will inform you whether we have deleted (and have directed our service providers to delete) your Personal Information from our records, or whether we are declining to grant your request to delete due to an exception to the CCPA deletion requirements.
If you are working for or seeking to work for Rigel, or if you are an employee or other representative of a business or other organization that is exploring or engaging in a business-to-business transaction with Rigel, the CCPA does not provide you with a “right to know” or “right to request deletion,” at least until January 1, 2023.
If we collect, either from you or otherwise, information related to your health and you as a patient, the privacy of that information is not regulated by the CCPA but rather by another California privacy law, the California Confidentiality of Medical Information Act. You therefore do not have the rights described above with respect to health-related information we collect about you as a patient (that information is not “Personal Information” for purposes of the CCPA).
- How to Submit a Request
To request access to or deletion of your Personal Information as described above, please submit a verifiable consumer request to us by either:
- Calling us at our Privacy Rights toll-free number: (833) 747-4435
- Sending us an email at email@example.com
- Mailing your request to: Rigel Pharmaceuticals, Inc., 611 Gateway Boulevard, Suite 900, South San Francisco, CA 94080, Attention: Privacy Officer
You may make a request on your own behalf, and if you are the parent or guardian of a minor child, you also may make a request related to your child’s Personal Information. If you wish to designate an authorized agent to make a request on your behalf, please provide us with a signed declaration stating that your intent is to permit that individual to act on your behalf and include such individual’s full name, address, email address, and phone number. That way we will be sure you have fully authorized us to act in accordance with the requests of that individual.
As indicated above, in order to protect your Personal Information from unauthorized disclosure or deletion at the request of someone other than you or your legal representative, Rigel requires identification verification before granting any request to provide copies of, know more about, or delete your Personal Information. We take special precautions to help ensure this. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm that the Personal Information relates to you. We will only use Personal Information collected in connection with a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing.
A Note to Users Outside of the United States
your Personal Information collected by us through our Sites or otherwise will be processed in the United States, where laws regarding the processing of Personal Information may be less protective than the laws in your country. By providing us with your Personal Information, you are consenting to our processing the information in the United States in accordance with applicable law. To the extent Rigel collects Personal Information about you from third parties located outside the United States, Rigel intends that the transfer of such information to Rigel complies with all applicable laws and regulations, including the European Union (“EU”) 2016/679 General Data Protection Regulation (“GDPR”). For Personal Information transferred to Rigel from third parties located within the European Economic Area, the transfers will be made pursuant to Standard Contractual Clauses (the form clauses issued by the European Commission), in conformity with the GDPR.
Rigel Pharmaceuticals, Inc.
611 Gateway Boulevard, Suite 900
South San Francisco, CA 94080