Privacy Policy – Cartemis de

Personal Data We May Collect

We do not identify visitors to our website unless visitors are asked and elect to register for Cartemis program or offer. However, when you visit our website, we will collect the following data which the browser transmits to our server and the server stores temporarily (for 90 days):

The IP address of your computer or smart device
Date and time of access
Name and address of the called file
Amount of data transmitted
Message whether the retrieval was successful
Identification data of the browser and operating system used
The name of your internet service provider

Use of this data is necessary so you can, to the extent required, register with our site, and avail yourself of our programs, in addition to optimizing your use of the website. We may also analyze, anonymize, and/or aggregate the data in such a way as not to identify you or any individual users. Cartemis uses this information for statistical purposes, and to ensure system security, technical administration of the network infrastructure, and to improve your online experience.

Personal Data We Collect From You or From Other Sources

Cartemis may collect Personal Data (“Personal Data” as bulleted below (as a part of a registration or consenting process, or to communicate with you in response to inquiries. Cartemis may also obtain Personal Data indirectly, such as from publicly available sources (e.g., websites or publicly accessible databases), third-party data vendors, health care providers and health insurance companies, and third-party partners and collaborators. We may combine Personal Data from multiple online and off-line sources. The categories of Personal Data that Cartemis may collect about you include:

Direct identifiers and contact information, including your name, address, phone number, or email address
Registration information, such as your username and password
Relationship data, including information about products, treatments and health conditions that are of interest to you
Transaction data, including purchases and inquiries
Financial account data, such as your credit card number
Income and demographic information, such as when you request financial assistance for one of our products
Health-related information, such as information about a health condition, safety, and health information in relation to any of our products, or insurance and demographic information
Payment-related information if you provide a service to Cartemis

How We May Use Personal Data

We may use your Personal Data for business and commercial purposes, for communicating with you, for improving Cartemis services or offerings, and for other internal business purposes.

ADMINISTERING PROGRAMS, SERVICES, AND OTHER INTERACTIONS WITH YOU

We may use your Personal Data for everyday business purposes, such as website administration, corporate governance, and reporting obligations. We may also use your Personal Data to provide you with the programs or services that you requested, or to administer cartemis clinical programs and other services. We may also use your Personal Data to respond to your questions, provide you with your requested information, offer you an optimal customer experience, perform our contractual obligations to you, or perform actions based on your consent.

MARKETING COMMUNICATIONS AND DISEASE AWARENESS

We provide marketing communications that promote the use of, or offer participation in, CARTEMIS products, services, programs, research, clinical trials, or other events, or to provide other information that may be of interest to you, such as information on certain health conditions. We will use your Personal Data to send you marketing communications and to determine the types of marketing communications to send. You can opt-out of marketing communications at any time. Opt-out instructions for marketing communications are included in each marketing communication you receive.

CUSTOMIZED EXPERIENCES AND IMPROVING ALLIANCES

Personal Data may be used to create customized offers, information, or services tailored to your interests and preferences. In some cases, we collect your Personal Data and use it based on your consent. In other cases, we collect this information for our legitimate business interests to optimize and customize Cartemis programs.

BUSINESS AND PRODUCT ADMINISTRATION AND IMPROVEMENT

In order to discover new facts that could help Cartemis better understand customer needs and help improve, develop, and evaluate programs and treatments, Cartemis analyzes Personal Data for its legitimate interests in business, product development, and improvement.

COMPLIANCE WITH LAWS AND REGULATIONS

We may process your Personal Data to comply with laws and regulations, including those related to pharmacovigilance. We may also use Personal Data to monitor compliance with our policies and procedures, for fraud prevention, and to investigate and prosecute users who violate our rules or who engage in behavior that is illegal or harmful to others or to others’ property.

How We May Disclose Personal Data

We generally share Personal Data with third parties for the business and commercial purposes described below, including third parties we use for recruiting, website analytics, reporting, public relations, and marketing. We do not and will not sell your Personal Data to third parties.

AFFILIATES AND VENDORS

We have Alliances with various vendors, including our affiliated companies, that help us operate our business. It may be required for these vendors and affiliated companies to have access to your Personal Data while providing services to Cartemis. Personal Data collected through the Cartemis Alliances requires the same be handled in accordance with appropriate contractual privacy and security provisions.

BUSINESS AND RESEARCH PARTNERS

We may partner with other companies, including public and private organizations to provide you with products, content, or services. You should be aware that, in such cases, in addition to this Privacy Notice, the relevant partner’s privacy notice may also apply. In addition, we may disclose Personal Data to our external auditors, attorneys, accountants, and similar professionals based on our legitimate interest in the operation of our business and our obligations to comply with applicable laws and regulations.

DISCLOSURES FOR LEGAL OBLIGATIONS TO AUTHORITIES AND FOR PRODUCT SAFETY

If you contact Cartemis regarding your experience using our products, we may use the information you provide to us to submit our reports to the U.S. Food and Drug Administration, other similar health, and medicine government agencies outside of the United States, or if required of us by law. We also may use the information to contact your prescribing physician (or other healthcare providers associated with a clinical trial in which you may be participating) to follow up regarding an unexpected event involving the use of our product.

In certain limited circumstances, we may need to disclose your Personal Data to comply with a legal obligation, process, or demand and for reasons of public interest, such as to comply with reporting obligations to our governing regulatory authorities regarding the safety of our products, in response to a subpoena, or to meet national security or law enforcement requirements.

DISCLOSURE TO SUBSEQUENT OWNER OR OPERATOR

We may transfer your Personal Data to a successor entity upon a merger, consolidation, or other corporate reorganization, to a purchaser of all or a portion of our assets, or pursuant to a financing arrangement or co-promotional agreement. The Personal Data we have about you may be transferred to parties to the transaction based on our legitimate interest in preparing for and completing the transaction. Any successor entity shall be bound by terms and conditions reasonably similar to this Privacy Notice.

Additional Information for Online Interactions and Cookies

We may collect additional categories of Personal Data relating to your online interactions with us, as described in this section. We also use, share, and disclose your Personal Data for online interactions for the additional purposes described in the section. The categories of Personal Data collected, and the purposes of use and disclosure described in this section are in addition any other collection, use, and disclosure of Personal Data practices described separately in this Privacy Notice. This section also describes how we use cookies and other data-collection technologies and how you can manage cookies that are not required to operate our websites and mobile applications.

Personal Data That May be Collected Automatically Through Our Websites and Mobile Applications

We may collect the following additional categories of Personal Data through your usage of our websites and mobile applications.

IP ADDRESS

We may record the Internet Protocol (“IP”) address of your computer or other electronic device when you visit our website. An IP address identifies the electronic device you use to access websites, which allows us to maintain communication with your device and to customize content.

COOKIES AND OTHER DATA-COLLECTION TECHNOLOGIES

We collect information automatically through your online interactions with us through tracking and data-collection technologies such as cookies, web beacons and pixels, APIs, web services, scripts, browser analysis tools, and server logs. A “cookie” is a unique numeric code that is transferred to your computer to track your interests and preferences and to recognize you as a return visitor. Cookies that are set by us are called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our recruiting, advertising, and marketing efforts. A “Web beacon” (also known as a pixel tag) is a transparent graphic image placed on a website, email, or advertisement that enables the monitoring of things such as user activity and site traffic, including the collection of data about the website and mobile application you were visiting before and after you came to our website or mobile application. To learn more about cookies and other data-collection technologies, please visit all about cookies.

We classify our cookies into the following categories:

Required Cookies or Strictly Necessary Cookies: These cookies are necessary for core features of a site to operate properly. These are always active. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. First party cookies in this category include OptanonConsent and OptanonAlertBoxClosed.
Functional Cookies or Performance Cookies: These cookies allow us to analyze site usage to evaluate and improve its performance. They are also used to provide a better user experience on the site, such as measuring interactions with particular content or remembering settings. These are always active. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
Advertising Cookies: These cookies are used to show you ads that are more relevant to you. We may share this information with advertisers or use it to better understand your interests. For example, advertising cookies may be used to share data with advertisers so that the ads you see are more relevant to you, allow you to share certain pages with social networks, or allow you to post comments on our site.
For California residents: Sale of Personal Data: Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt-out of the sale of personal information by using the toggle switch. If you opt-out we will not be able to offer you personalized ads and will not hand over your personal information to any third parties. Additionally, you may contact our compliance department for further clarification about your rights as a California consumer by using the Exercise My Rights link.

You can disable cookies through your browser. Please note that some cookies are essential to the functioning of our websites and deleting or disabling them on your browser will reduce the site’s functionality. If you have enabled privacy controls on your browser (such as with a plugin), we have to take that as a valid request to opt-out. Therefore, we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

How We May Use Personal Data Through Online Interactions

In addition to the uses described separately in this Privacy Notice, we may use your Personal Data collected online for the additional purposes as described in this section.

CUSTOMIZED USER EXPERIENCES

We may use your IP address and the Personal Data that we obtain automatically through the use of cookies or similar tracking technologies to make our websites and mobile applications easier for you to use and navigate, to assist in your registrations and login, to personalize the content by anticipating the information and services that may be of interest to you, and to personalize and improve our interactions with you by making the information we provide more relevant to you.

CONSENT AND LEGITIMATE BUSINESS INTERESTS FOR EU RESIDENTS

In some cases, we collect this Personal Data with your consent. In other cases, we collect this information for our legitimate business interests to optimize and customize your user experience.

As for Consent. Insofar as we obtain the consent of data subjects for the Processing of Personal Data, Art. 6(1)(a) of the GDPR serves as the legal basis.

As for Legitimate Business Interests. In the Processing of Personal Data required for the performance of a contract of which an EU data subject is a contracting party, Art. 6(1)(b) GDPR serves as the legal basis for such Processing. This also applies to Processing operations that are necessary to carry out pre-contractual measures.

Insofar as the Processing of Personal Data is required to fulfill a legal obligation to which the Cartemis is subject, Art. 6(1)(d) GDPR serves as the legal basis for such Processing for EU data subjects.

In the case that vital interests of the concerned person or another natural person necessitate the Processing of Personal Data, Art. 6(1)(f) of the GDPR serves as the legal basis for such Processing.

If the Processing is required for safeguarding the legitimate interest of Cartemis, or that of a third-party, and if the interests, fundamental rights and freedoms of the data subject do not outweigh the interest, Art. 6(1)(f) of the GDPR serves as the legal basis for such Processing.

DIGITAL ANALYTICS AND IMPROVEMENT

We may use the Personal Data that you provide to us and the online information we collect automatically through cookies and similar tracking technologies to monitor user traffic patterns and preferences. We may also track email communications through web beacons or similar tracking technology in emails to create aggregated statistics and reports to analyze the effectiveness of and improve our marketing campaigns. We collect this information for our legitimate business interests of security, improvement, analytics, and optimization of Cartemis.

SOCIAL MEDIA ANALYSIS

We may also analyze public sources, such as websites and social media channels, to monitor, analyze, and improve our understanding of interactions with and views of our products, services, and events. Cartemis and its service providers will respect the privacy notices and terms of use applicable to such sources in performing such activities.

DATA SECURITY AND RETENTION

Cartemis maintains appropriate technical, administrative, and physical controls to reasonably safeguard any Personal Data collected through Cartemis. However, there is always some risk that an unauthorized third-party could intercept an internet transmission, or that someone may find a way to thwart our security systems. We urge you to exercise caution when transmitting Personal Data over the internet, especially your health-related information. We cannot guarantee that unauthorized third parties will not gain access to Personal Data about you; therefore, when submitting Personal Data to us, you must weigh both the benefits and the risks.

We will only keep Personal Data if necessary for the fulfillment of the purposes outlined in this Privacy Notice, except if otherwise required by applicable laws or legal orders. The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal or best practice retention obligation to which we are subject; and (iii) whether retention is needed for litigation or regulatory investigations.

How Your Personal Data May be Shared Through Online Interactions

In addition to the types of disclosures of Personal Data described separately in this Privacy Notice, we may share Personal Data online for the additional purposes as described in this section.

THIRD-PARTY ADVERTISING AND ONLINE BEHAVIORAL ADVERTISING

We may provide you with online advertisements for Cartemis products and services on third-party websites and mobile services that are tailored to you, which may be based on the Personal Data that you provide to us or to a third-party website that you are visiting, or on your browsing activity, purchases, or interests. We may share some of your device information with our advertising service providers that we have obtained from cookies and other data-collection and tracking technologies as allowed for use with Cartemis.

You can disable cookies through your browser.

LINKS TO THIRD-PARTY SITES AND SOCIAL MEDIA PLUG-INS

This Privacy Notice only applies to Cartemis linked to this Privacy Notice and does not apply to third-party websites to which Cartemis may link, including links to outside websites or advertisements from third parties. We encourage you to review the privacy statements provided by all third parties prior to providing them with Personal Data.

Additional Information for Health Care Professionals

We may collect additional categories of Personal Data if you are a health care professional, as described in this section. We also use and disclose Personal Data about health care professionals for the additional purposes described in this section. The categories of Personal Data collected, and the purposes of use and disclosure described in this section are in addition to any other collection, use, and disclosure of Personal Data practices described separately in this Privacy Notice.

Additional Uses of Data in the Context of Clinical Trials

With your consent, if applicable, we may use and disclose your Personal Data for clinical trial purposes, for drug safety, adverse event reporting, and/or to provide health care professionals with information about your participation in a Cartemis clinical program. Based on our legal obligations and for reasons of public interest, we may use and disclose your Personal Data in our programs for safety monitoring, reporting, and auditing, and responding to inquiries or issues in relation to our products, as well as to comply with applicable laws and regulations. We will also use Personal Data that does not directly identify you for the purpose of analytics, research, and related publication, including to evaluate, develop, and improve Cartemis programs and related services.

Our Contact Information

You may also contact us by emailing our Data Protection Officer if you have questions about this Privacy Notice or have any other privacy request or inquiry.

In all communications to us, please include the email address used for registration (if applicable), the website address, mobile application, or the specific program to which you provided Personal Data.

Your Privacy Rights and Choices

Under applicable data protection law, you may have the right to request access to and/or rectify, block, or delete Personal Data relating to you, transmit Personal Data to another Controller, withdraw your consent at any time (this will not affect the lawfulness of previous data-Processing activities), or object to any use of your Personal Data. If we are not able to provide the requested information or make the change you requested, you will be provided with the reasons for such decisions. Under local law, you may be entitled to lodge a complaint with your local data-protection authority.

You may have the right to object to the Processing activities described in this Privacy Notice that are based on our legitimate interests.

Data Security and Retention

There is always some risk that an unauthorized third-party could intercept an Internet transmission, or that someone could find a way to evade or penetrate our security systems. We urge you to exercise caution when transmitting Personal Data over the Internet, especially your health-related information. We cannot guarantee that unauthorized third parties will not gain access to Personal Data about you; therefore, when submitting Personal Data to us, you must weigh both the benefits and the risks.