Privacy Notice

LEO PHARMA INC.

Effective Date: December 19, 2019

Last Reviewed On: December 19, 2019

This Privacy Notice describes how LEO Pharma Inc. (“LEO” or “Company”) collects, uses, and shares your personal information through any LEO PHARMA INC. website (collectively, the “Websites”), offline, or otherwise in the course of Company’s business (the “Services”).  LEO is committed to maintaining the privacy and security of your personally identifiable information. Please carefully read this Privacy Notice.

Company may amend this Privacy Notice at any time without specific notice to you. The most recent form of this Privacy Notice will be posted at all times on the Websites, and you should review this Privacy Notice each time upon visiting or using the Websites. You agree that each time you enter or use the Websites, you accept and comply with, and agree to be bound by, this Privacy Notice, as modified, and the Legal Disclaimer and Terms of Use. Capitalized terms not defined in this Privacy Notice have the meaning ascribed to them in the Legal Disclaimer and Terms of Use

This Privacy Notice also applies to information that we receive through third party websites or services when it is stated that such information will be subject to this Privacy Notice. Otherwise, this Privacy Notice does not apply to information collected from any third party (including our affiliates and subsidiaries) or by us offline or through other means.

Personal Information We Collect

Company collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). We collect or obtain the following categories of personal data about you.  Please see “How We Use and Share Personal Information” for more information about why we collect the categories of information below. 

 

Category

Examples of Information We Collect

Identifiers.

 

We collect names, addresses, phone numbers and email addresses (“Contact Information”) of patients and health care professionals (“HCPs”) to provide our services and for the other business purposes listed below.  We collect identifiers about HCPs, such as license number and NPI number, for regulatory compliance purposes.

We may also collect Contact Information when you communicate with us.

We may automatically collect your Internet Protocol address when you visit us to improve our products and communications (see More About Cookies below). 

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

 

We collect names, Contact Information, and professional affiliation of HCPs to provide and promote our products and services, to process grant applications, and for the other business purposes listed below.  We collect patients’ names, Contact Information, and medical information to improve our product quality and safety and for the other business purposes listed below.  We may also learn patients’ insurance information in the course of responding to patient communications.

If you are a consultant with us, we obtain your Social Security number, tax ID, bank account number, and other financial information in order to transact with you and for other business purposes listed below.

Protected classification characteristics under California or federal law.

 

We obtain information about patients’ age and gender to improve our product quality and safety and for the other business purposes listed below.  We obtain information about HCPs’ age for regulatory compliance purposes and for the other business purposes listed below.

Commercial information.

We obtain transactional data pertaining to our products to comply with our legal obligations, to improve our products, and for the other business purposes described below.

Internet or other similar network activity.

 

We collect information about how HCPs, patients, or visitors browse or search our website, for our brand, or for our products.  We use cookies to identify visitors.  (See More About Cookies below.)

Geolocation data.

We collect and use generalized location information to improve our product offerings, to comply with our legal obligations, and for the other business purposes listed below.

Professional or employment-related information.

We obtain information about the institutional affiliations of HCPs and grant applicants to provide our services, process grant applications, and for the other business purposes described below.

We do not collect:

  • Biometric information.
  • Sensory data.
  • Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
  • Profiles or inferences drawn from other personal information.

The “personal information” listed above does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.  Company may use or disclose de-identified or aggregated information (that is no longer personally identifiable) for any purpose.  We may share this aggregate data with our parent, affiliates, agents, advertisers, manufacturers and business partners. We may also disclose aggregated user statistics in order to describe our services to current and prospective business partners and to other third parties for other lawful purposes.
  • Information covered by sector-specific privacy laws like the Health Insurance Portability and Accountability Act of 1996 (HIPAA); the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
  • Information about our contractors, employees, or candidates for employment—if you are a Company contractor, employee, or candidate, please see the Company’s Contractor/Employee Privacy Notice for more information.

Sources of Personal Information

We may obtain all of the categories of personal information listed above from the following categories of sources:

  • Directly from you. For example, from forms you complete or products and services you purchase.
  • Indirectly from you. For example, from observing your actions on our Websites using cookies. 
  • From third-party service providers. For example, we obtain demographic data from a third-party service provider to use for marketing analytics.

More About Cookies

We may automatically collect information using automatic data collection technologies:

  • From your activity. In an ongoing effort to improve the Websites and our Services, we automatically collect certain information when you visit the Websites and/or use the Services. Such information includes without limitation, your IP address, Internet service provider, browser type and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Websites you visit, number of links you click while on the Websites, search terms, operating system, website traffic and related statistics, keywords, key word searches and/or other data concerning your use of the Websites and/or the Services. 
  • From JavaScript Tags or cookies. JavaScript tags trigger a sequence of events that includes viewing a first-party cookie (or setting that cookie if it does not already exist). We may use JavaScript tags to help us tailor and optimize our Websites and provide you relevant LEO advertisements outside of our Websites.
  • From Web beacons. Web beacons, also known as “clear gif” technology, are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web site users. Unlike cookies, which can be stored on a user’s computer hard drive, clear gifs are embedded invisibly on web pages and are about the size of the period at the end of this sentence. We may use web beacons to help us manage information on the Websites by tracking what information is effective.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). The information we collect automatically is statistical data and may not include personal information, or we may maintain it or associate it with personal information we collect in other ways or receive from third parties.

How We Use and Share Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason you provided the information.
  • To provide, support, personalize, and develop our Websites, products, and services.
  • To create, maintain, customize, and secure your account with us.
  • To process your requests, purchases, transactions, and payments, to confirm and communicate with you about appointments and products, and to prevent transactional fraud.
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  • To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
  • To help maintain the safety, security, and integrity of our Websites, products and services, databases and other technology assets, and business.
  • For testing, research, analysis, and product development, including to develop and improve our Websites, products, and services.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
  • As described to you when collecting your personal information; or
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users is among the assets transferred.

Disclosures of Personal Information for a Business Purpose

In the preceding 12 months, we have disclosed the following categories of personal information to our third-party service providers for the business purposes described above:

  • Identifiers.
  • Personal information categories listed in the California Customer Records statute
  • Protected classification characteristics under California or federal law.
  • Commercial information.
  • Internet or other similar network activity.
  • Professional or employment-related information.

Under applicable law, we are permitted to disclose personal information to service providers in accordance with written contracts requiring our service providers to keep the information confidential.

In addition to third-party service providers, we share all of the categories of personal information we collect with government entities (if required by law or reasonably necessary to avoid harm).  We may also share your personal information, at your request, to business partners that provide services selected by you. 

Sales of Personal Information

In the preceding twelve 12 months, we have not sold personal information.  Our policy is that we do not and will not sell your personal information, unless you give us your consent or direct us to do so.

Your Rights and Choices About Your Personal Information

Access to Information and Opting-Out

Company strives to keep your personal information accurate. We will provide you with access to your information, including making reasonable efforts to provide you with online access to your information. To protect your privacy and security, we will also take reasonable steps to verify your identity before granting you access or enabling you to make updates or corrections.

Your California Privacy Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    • sales, identifying the personal information categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

We do not disclose personal information to any third parties for their direct marketing purposes.

In addition, under California law, web site operators are required to disclose how they respond to web browser 'do not track' signals or other similar mechanisms that provide consumers with the ability to exercise choice regarding the collection of personal information of a consumer over time and across third party web sites, to the extent the operator engages in that collection. We do not respond to any such 'do not track' signals.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by:

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.  We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

More About Your Privacy

California Non-Discrimination Disclosure

We will not discriminate against you for exercising any of your California privacy rights under the California Consumer Privacy Act.  For example, if you exercise your California privacy rights, we may not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

External Websites

The Websites may contain links to other websites, including, but not limited to, investor relations sites, job applicant information gathering, assessment, and testing sites. These third-party sites have their own measures to secure and protect your information. This Privacy Notice (and related Terms of Use) does not apply to these third-party sites.

Security and Third Parties

We take commercially reasonable steps to protect your information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Secured socket layer (“SSL”) technology is used for processing payment transactions with our third party service providers.

Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information that you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Websites may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail. Therefore, you acknowledge and agree that we assume no liability regarding the theft, loss, alteration or misuse of personal or other information or content, including, without limitation, such information that has been provided to third parties or other users, or with regards to the failure of a third party to abide by the agreement between us and such third party. 

Website Communications

If you register on the Websites, we may send you certain notifications, advertisements, promotions, and other information. We may also send you any legally required notifications and certain notifications, including but not limited to, service related notices or notices regarding a change to any of our policies. For example, we may send you a notice regarding server problems or scheduled maintenance to the Websites. In order to opt-out of receiving these notices, you may need to deactivate your account. You can opt-out of receiving certain communications from LEO, its successors, affiliated companies and/or its agents, including emails, mail, SMS, and phone calls relating to our products, Services, and programs, and/or disease awareness information. We may provide various ways to opt-out, which may include opt-out boxes on materials sent by regular mail, and unsubscribe functions in emails. You cannot, however, opt-out of receiving transactional communications from LEO related to your account. 

Changes to This Privacy Notice

This Privacy Notice is effective as of the date stated at the top of this Privacy Notice. We may change this Privacy Notice from time to time. Please be aware that, to the extent permitted by applicable law, our use of your information is governed by the Privacy Notice in effect at the time we collect the information. If you visit the Websites and/or use the Services after a change to this Privacy Notice is posted on the Websites, you will be bound by such change. Please refer back to this Privacy Notice on a regular basis. 

Important Notices to Non-U.S. Residents

The Websites and the Services are operated in the United States. If you are located outside of the United States, please be aware that any information you provide to us may be transferred to, processed, maintained, and used on computers, servers, and systems located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction.  If you are located outside the United States and choose to use the Websites, and/or the Services, you hereby irrevocably and unconditionally consent to such transfer, processing, and use in the United States. 

Children’s Privacy

As we are committed to protecting the privacy of children, we do not collect personal information from anyone who is, to our knowledge, under the age of 13. If you are under the age of 13, please do not provide any personal information through the Websites, and/or the Services. Company does not knowingly collect any Personally Identifiable Information from children. Please do not allow children under the age of 13 to provide any Personally Identifiable Information, ask questions, or submit information via the Websites. If you become aware that a child under 13 has provided personal information to Company, please contact us as described in the “How to Contact Us” section, so that we can delete the information.

Questions

If you have any questions regarding this Privacy Notice, please contact us as described in the “How to Contact Us” section. 

How to Contact Us

You can contact us in one of the following ways:

Email:  us.privacy@leo-pharma.com 

Or write to us at:

LEO Pharma Inc.

7 Giralda Farms – 2nd Floor

Madison, NJ 07940

USA