Privacy policy


Introduction

Welcome to Geron Corporation’s privacy policy.

Your privacy is important to us. Therefore, we have developed this Privacy Policy to describe how Geron Corporation (“Geron”, “we” or “us”) collects, stores, uses and otherwise processes personal data in compliance with applicable data protection laws, including the European General Data Protection Regulation (GDPR).

This Privacy Policy applies to the personal data we collect on our website(s) that link to this Privacy Policy (the “Sites”), the personal data individuals provide to us by other means (such as by email, by phone help line or in person at a conference) and the personal data we collect from third parties. This Privacy Policy also explains the rights and choices available to individuals whose personal data we maintain.

Please note that this Privacy Policy does not apply to personal data of clinical trial participants that we handle in connection with ongoing clinical trials. Our privacy practices in connection with ongoing clinical trials are governed by applicable clinical trial protocols and additional privacy notices that may be specific for each clinical trial.

In some circumstances, we may provide additional privacy notices to you in connection with your participation in our programs, events or other engagements with Geron. Such in-time notices will govern our privacy practices in connection with those engagements to the extent there is any conflict between this Privacy Policy and the in-time notice.

Privacy sheild

Geron complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union and Switzerland to the United States. Geron has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. Further, Geron acknowledges that we are subject to investigatory and enforcement powers of the U.S. Federal Trade Commission regarding compliance with the Privacy Shield Principles.

On July 16, 2020, the Court (Grand Chamber) of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield Framework as a mechanism for the transfer of personal data to the U.S., and on September 8, 2020, Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) indicated that the Swiss-U.S. Privacy Shield Framework does not provide adequate protection for the transfer of personal data from Switzerland to the U.S. Notwithstanding these rulings, the U.S. Department of Commerce continues to administer the Privacy Shield Program and participating organizations, including Geron, continue to be bound by the Privacy Shield obligations in connection with Privacy Shield Personal Data transferred pursuant to the Privacy Shield Frameworks.

Geron may collect, use and disclose Privacy Shield personal data as described in this Privacy Policy. Geron maintains contracts with our third-party service providers restricting their access, use and disclosure of Privacy Shield personal data in compliance with our Privacy Shield obligations. Geron may be liable if these service providers fail to meet the obligations we impose on them, and we are responsible for the event giving rise to the damage.

Individuals have the right to request to access or correct their Privacy Shield Personal Data as described in the Your Rights section of this Privacy Policy.

Geron does not use or share the Privacy Shield Personal Data we collect for purposes other than the purposes we disclose to the relevant individuals. Geron does not use clinical trial participants’ Privacy Shield Personal Data for purposes other than those described in the informed consent form for the relevant clinical trial. The informed consent form for the relevant clinical trial sets out choices trial participants may have under laws and regulations that govern clinical trials, such as the choice to withdraw consent for further participation in a clinical trial.

Geron does not use website visitors’ or healthcare providers’ Privacy Shield Personal Data for purposes other than those described in this Privacy Policy. Website visitors and healthcare providers have the ability to opt out of receiving marketing communications, as described in this Privacy Policy.

In compliance with the Privacy Shield Principles, Geron commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should submit inquiries as specified in the Contact Information of Data Controller section of this Privacy Policy.

Geron has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. If neither Geron nor JAMS resolves your complaint, you may have the ability to engage in binding arbitration through the Privacy Shield Panel. Additional information on the arbitration process is available on the Privacy Shield website at www.privacyshield.gov

Information and data we collect

Geron and our service providers may collect personal data from different sources:

  • Directly from individuals, including by email and phone
  • Through the Sites
  • From hospitals, clinics, CROs and healthcare professionals
  • From government agencies or public records
  • From third-party service providers or business partners
  • From industry and patient groups and associations
  • From social media and other public forums

Personal data and other information we may collect from you includes:

  • Health and medical information (such as medical insurance details, information about physical and mental health conditions and diagnoses, treatments for medical conditions, genetic information, family medical history, and medications you may take, including the dosage, timing, and frequency) that we collect in connection with managing and supporting clinical trials, conducting research, development and potential commercialization, providing patient support programs, managing compassionate use and expanded access programs, and monitoring and assessing safety and tracking adverse events related to clinical trials;
  • Personal and business contact information and preferences (such as name, job title and employer name, email address, mailing address, phone number, and emergency contact information);
  • Biographical and demographic information (such as date of birth, age, gender, marital status, and information regarding any parents or legal guardians);
  • Professional credentials, educational and professional history, institutional affiliations, background checks, and information of the type included on a resume or curriculum vitae (such as work experience, education, salary, and languages spoken);
  • Payment-related information we need to pay for services that individuals may provide to us (such as tax identification number and financial account information);
  • If you are a health care professional, we collect information about the programs and activities in which you have participated, your administration of our product candidate, payments made to or by you, and the agreements you have executed with us;
  • Your photograph, social media handle, or digital or electronic signature;
  • Publicly available information (such as comments describing support for and experience with our product candidate);
  • Other information you provide to us (such as in emails, on phone calls, in market research surveys, or in other correspondence with us or our service providers or business partners);
  • Data that is collected automatically (such as IP Address, your device's operating system, your Internet service provider and location, browser type and language, and website content you access) and information about the date, time and duration of your visit; and
  • Identifiers that are used to identify your mobile device such as your unique device ID (persistent/non-persistent), hardware type, medial access control ("MAC") address.

We may collect this information using cookies and similar technologies. We may set cookies when you use our Sites to understand how you use the Sites, help you navigate between pages efficiently, remember your preferences and generally improve your browsing experience. Analytics service providers may also set cookies on our Sites. In addition to cookies, our Sites and emails may use pixel tags (also known as web beacons and clear GIFs) to compile statistics about use of the Sites, measure the success of our marketing campaigns and indicate whether recipients of our emails open or click links within them. Please refer to the Cookie Policy for more details.

We may combine other publicly available information, such as information related to the organization for which you work, with the personal data that you provide us.

How we use the data we collect

Geron may use your personal data for the following purposes:

To communicate with you

  • To provide you with investor, media or other materials;
  • To send you copies of our press releases or other information; or
  • To send you surveys or other marketing communications, but you may opt out of receiving them as described in the "Your Choices" section below.

In connection with our Sites, including to:

  • Operate and improve our Sites;
  • Better understand your needs and interests, and personalize your experience with the Sites;
  • Respond to your comments, questions, and service-related requests; and
  • Provide support and maintenance for the Sites.

To perform and administer clinical trials, research, and product-development activities, including to:

  • Staff and manage clinical trials, including by identifying and recruiting potential investigators and trial participants;
  • Track and respond to safety and quality concerns;
  • Support public health initiatives, symposia, conferences, and scientific, educational, and volunteer events;
  • Facilitate medication adherence activities;
  • Define and manage appropriate patient engagement activities and patient support programs;
  • Identify and engage thought leaders and external experts;
  • Award honoraria and research grants; and
  • Attribute authorship to academic and promotional materials.

To provide information concerning Geron’s product candidate, including to:

  • Manage access to our product candidate, including where access is limited by law to use in clinical trials; and
  • Pay for services that physicians, researchers, and other individuals may provide to us.

We may also use your personal data as we believe necessary or appropriate to:

  • Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • Comply with regulatory monitoring and reporting obligations, such as those related to adverse events, product complaints, safety, and financial disclosures;
  • Enforce the terms and conditions that govern our product candidate;
  • Protect our rights, privacy, safety or property, and/or that of you or others; and
  • Protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

In some cases, we may ask for your consent to collect, use or share your personal data, such as when required by law or our agreements with third parties. We may also pseudonymize some personal data by excluding information that makes the data directly personally identifiable to you. We may use such data for our lawful business purposes.

Your choices

Opt out of marketing communications. You may opt out of marketing-related emails by clicking the “Unsubscribe” link at the bottom of each such email. If you opt out, you will continue to receive service-related and other non-marketing emails.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit https://www.allaboutdnt.com.

Security

Geron takes reasonable measures to protect your personal data from unauthorized access and against loss, misuse or alteration.

Legal basis

Data protection law requires a “lawful basis” for processing the personal data. Our lawful bases are as follows:

  • Legal compliance: We may need to collect, use, and otherwise process your personal data to comply with our legal obligations, such as regulatory monitoring and reporting obligations.
  • Legitimate interests: This is a technical term in data protection law which essentially means we have a good and fair reason to use your personal data, and that this reason is not outweighed by any potential impact on you and your rights. We do not use your personal data for activities where we believe our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).
  • Contract: We may need to use your personal data to perform a contract with you or to take steps that you have requested prior to entering into the contract.
  • Necessity to protect vital interests: We may need to process your personal data to protect your vital interests, or those of another person.
  • Consent: In some cases, we may rely on your consent to process your personal data. Where we rely on your consent, you have the right to withdraw it at any time in the manner indicated when we requested the consent or by contacting us at privacy@geron.com.

Your rights

You have certain rights regarding your personal data. You may ask us to take the following actions in relation to your personal data we hold:

Right of access: provide you access to your personal data.

  • Right to correct: correct or update your personal data.
  • Right of deletion: delete your personal data.  
  • Right to data portability: transfer your personal data in machine readable form to you or a third party of your choosing.
  • Right to Restrict: restrict processing of your personal data.
  • Right to object: object to our reliance on our legitimate interests as the basis of our processing of your personal data.

You may submit these requests by contacting us at privacy@geron.com. If permitted by law, we may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal data or response to your requests regarding your personal data, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

Third-party sites and services

We may provide links to third-party applications, services or websites that are not owned or operated by Geron. These links are not an endorsement, authorization or representation that we are affiliated with that third party. You understand that when you click on these links, any data which you provide to the third party is subject to that third-party’s privacy policy and not to ours. We can take no responsibility for the content, safety, privacy or security of any third-party application, service or website.

How we disclose the data we collect

We may engage other companies and individuals to perform services on our behalf, including:

  • Companies that analyze data and provide business support (such as data storage and technology services);
  • Companies that support the quality and safety of our product candidate;
  • Event planning and travel organizations that help facilitate our programs and services;
  • Companies that assist us in clinical research and development activities;
  • Companies that support us in product marketing and commercialization; and
  • Professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.

These agents and service providers may have access to your personal data in connection with the performance of services for Geron. These agents and service providers may use your information only as directed by Geron and in a manner consistent with this Privacy Policy, they and are prohibited from using or disclosing your information for any other purpose.

We may also share your personal data with healthcare professionals, researchers, institutions, academics, public health organizations and publishers for purposes consistent with this Privacy Policy. We may disclose your personal data to partners or collaborators in connection with the research and development of our product candidate. We will ask for your consent before disclosing your personal data to our business partners where required by applicable law.

We may disclose your personal data to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to comply with applicable law and lawful requests and legal process, such as a subpoena or request from a government authority; investigate fraud; enforce or apply our rights or policies, including our Terms of Use and this Privacy Policy; protect the rights, property, or safety of us, our users or others; or protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

We may sell, transfer or otherwise share your personal data in connection with any business deal (or potential business deal) such as a merger, consolidation, sale of some or all of our business or assets, financing or acquisition, reorganization or in the event of bankruptcy, in which we will make reasonable efforts to require the recipient to honor this Privacy Policy.

Additional privacy terms

In some situations, we may have a separate agreement or relationship with you with respect to a specific type of processing of your personal data, such as if you participate in a special program, activity, event or clinical trial. These situations will be governed by specific terms, privacy notices or consent forms that provide additional information about how we will use your personal data. We will honor these additional terms with respect to your information and thus, strongly recommend you review the additional terms prior to participating in any programs.

Data retention

We retain your personal data for as long as needed to fulfill the purposes for which we collected it, including for the purposes of complying with our legal obligations, resolving disputes and enforcing our agreements.

Our policy regarding children

We do not knowingly collect or solicit personal data from anyone under the age of 13 through our Sites, or knowingly allow such persons to use our Sites. In the event that we learn that we have collected personal data from a child under age 13 through our Sites, we will delete that personal data as soon as reasonably practicable. If you believe that we might have any personal data from or about a child under the age of 13, please contact us.

International transfer

We may transfer personal data that we collect about you to us and other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. Please note that these countries and jurisdictions may not have the same data protection laws as your own jurisdiction, and the European Commission has not issued an adequacy decision with respect to many such countries and jurisdictions. Regardless, we take reasonable steps to ensure adequate safeguards are in place to enable transfer of personal data to the U.S. and other jurisdictions.

If we transfer your personal data from the European Economic Area (“EEA”) to a country outside of it, we will apply additional safeguards. In particular, we seek to apply the Standard Contractual Clauses of the European Commission. If you have questions about the mechanism(s) upon which we rely for the transfer of your personal data, please contact us.

Changes to this policy

We may update this Privacy Policy to reflect changes to our data and personal data privacy practices. If we make any material changes to this Privacy Policy, we will take appropriate steps to notify you of such changes. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact information of data controller

Geron Corporation
919 E. Hillsdale Blvd., Suite 250
Foster City, CA 94404
Attn:  Legal Department

If you have any questions or concerns about our data privacy practices, or if you have any requests for resolving issues with your personal data, please contact our Data Protection Officer, DPO Centre, at: privacy@geron.com. You may also contact our EU and UK Representative via email, webform or physical mailing address. The contact information for our data representatives in the UK and Ireland are as follows:

DataRep, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom

DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland

Please refer to this document for contact information in the EU. 

Last updated: September 8, 2022

Effective date: September 8, 2022