On July 16, 2020, the Court (Grand Chamber) of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield Framework as a mechanism for the transfer of personal data to the U.S., and on September 8, 2020, Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) indicated that the Swiss-U.S. Privacy Shield Framework does not provide adequate protection for the transfer of personal data from Switzerland to the U.S. Notwithstanding these rulings, the U.S. Department of Commerce continues to administer the Privacy Shield Program and participating organizations, including Geron, continue to be bound by the Privacy Shield obligations in connection with Privacy Shield Personal Data transferred pursuant to the Privacy Shield Frameworks.
Geron does not use or share the Privacy Shield Personal Data we collect for purposes other than the purposes we disclose to the relevant individuals. Geron does not use clinical trial participants’ Privacy Shield Personal Data for purposes other than those described in the informed consent form for the relevant clinical trial. The informed consent form for the relevant clinical trial sets out choices trial participants may have under laws and regulations that govern clinical trials, such as the choice to withdraw consent for further participation in a clinical trial.
Geron has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please visit www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. If neither Geron nor JAMS resolves your complaint, you may have the ability to engage in binding arbitration through the Privacy Shield Panel. Additional information on the arbitration process is available on the Privacy Shield website at www.privacyshield.gov.
Geron may be required to disclose Privacy Shield Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
INFORMATION AND DATA WE COLLECT
Geron and our service providers may collect personal information from different sources:
- Directly from individuals, including by email and phone
- Through the Sites
- From hospitals, clinics, CROs and healthcare professionals
- From government agencies or public records
- From third-party service providers or business partners
- From industry and patient groups and associations
- From social media and other public forums
Personal information and other information we may collect from you includes:
- Health and medical information (such as medical insurance details, information about physical and mental health conditions and diagnoses, treatments for medical conditions, genetic information, family medical history, and medications you may take, including the dosage, timing, and frequency) that we collect in connection with managing and supporting clinical trials, conducting research, development and potential commercialization, providing patient support programs, managing compassionate use and expanded access programs, and monitoring and assessing safety and tracking adverse events related to clinical trials;
- Personal and business contact information and preferences (such as name, job title and employer name, email address, mailing address, phone number, and emergency contact information);
- Biographical and demographic information (such as date of birth, age, gender, marital status, and information regarding any parents or legal guardians);
- Professional credentials, educational and professional history, institutional affiliations, background checks, and information of the type included on a resume or curriculum vitae (such as work experience, education, salary, and languages spoken);
- Payment-related information we need to pay for services that individuals may provide to us (such as tax identification number and financial account information);
- If you are a health care professional, we collect information about the programs and activities in which you have participated, your administration of our product candidate, payments made to or by you, and the agreements you have executed with us;
- Your photograph, social media handle, or digital or electronic signature;
- Publicly available information (such as comments describing support for and experience with our product candidate);
- Other information you provide to us (such as in emails, on phone calls, in market research surveys, or in other correspondence with us or our service providers or business partners);
- Data that is collected automatically (such as IP Address, your device's operating system, your Internet service provider and location, browser type and language, and website content you access) and information about the date, time and duration of your visit; and
- Identifiers that are used to identify your mobile device such as your unique device ID (persistent/non-persistent), hardware type, medial access control ("MAC") address.
We may combine other publicly available information, such as information related to the organization for which you work, with the personal information that you provide us.
HOW WE USE THE DATA WE COLLECT
Geron may use personal information for the following purposes:
To communicate with you
- To provide you with investor, media or other materials;
- To send you copies of our press releases or other information; or
- To send you surveys or other marketing communications, but you may opt out of receiving them as described in the "Your Choices" section below.
In connection with our Sites, including to:
- Operate and improve our Sites;
- Better understand your needs and interests, and personalize your experience with the Sites
- Respond to your comments, questions, and service-related requests; and
- Provide support and maintenance for the Sites.
To perform and administer clinical trials, research, and product-development activities, including to:
- Staff and manage clinical trials, including by identifying and recruiting potential investigators and trial participants;
- Track and respond to safety and quality concerns;
- Support public health initiatives, symposia, conferences, and scientific, educational, and volunteer events;
- Facilitate medication adherence activities;
- Define and manage appropriate patient engagement activities and patient support programs;
- Identify and engage thought leaders and external experts;
- Award honoraria and research grants; and
- Attribute authorship to academic and promotional materials.
To provide information concerning Geron’s product candidate, including to:
- Manage access to our product candidate, including where access is limited by law to use in clinical trials; and
- Pay for services that physicians, researchers, and other individuals may provide to us.
We may also use your personal information as we believe necessary or appropriate to:
- Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
- Comply with regulatory monitoring and reporting obligations, such as those related to adverse events, product complaints, safety, and financial disclosures;
- Enforce the terms and conditions that govern our product candidate;
- Protect our rights, privacy, safety or property, and/or that of you or others; and
- Protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
In some cases we may ask for your consent to collect, use, or share your personal information, such as when required by law or our agreements with third parties. We may also create de-identified data from personal information by excluding information that makes the data personally identifiable to you. We may use de-identified data for our lawful business purposes.
Opt out of marketing communications. You may opt out of marketing-related emails by clicking the "Unsubscribe" link at the bottom of each such email. If you opt out, you will continue to receive service-related and other non-marketing emails.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Geron takes reasonable measures to protect your personal information from unauthorized access and against loss, misuse or alteration. Although we take a number of organizational, technical and physical measures designed to protect your personal information, both during transmission and once we receive it, no safeguards are completely secure and we cannot guarantee the absolute security of your personal information.
You may contact Geron at email@example.com to request to have access to your personal information, or to request to correct, amend, or delete the personal information we maintain about you in certain circumstances. We will evaluate your request and determine whether and to what extent we can comply with your request. We will inform you of the results of our determination.
INDIVIDUALS LOCATED IN THE EUROPEAN UNION
Data protection law in Europe requires a "lawful basis" for processing the personal information of individuals located in the European Economic Area. Our lawful bases are as follows:
- Legal compliance: We may need to collect, use, and otherwise process your personal information to comply with our legal obligations, such as regulatory monitoring and reporting obligations.
- Legitimate interests: This is a technical term in data protection law which essentially means we have a good and fair reason to use your personal information, and that this reason is not outweighed by any potential impact on you and your rights. We do not use your personal information for activities where we believe our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).
- Contract: We may need to use your personal information to perform a contract with you or to take steps that you have requested prior to entering into the contract.
- Necessity: We may need to process your personal information to protect your vital interests, or those of another person.
- Consent: In some cases, we may rely on your consent to process your personal information. Where we rely on your consent, you have the right to withdraw it at any time in the manner indicated when we requested the consent or by contacting us at firstname.lastname@example.org.
European data protection laws may give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information we hold:
- Right of access: provide you access to your personal information.
- Right to correct: correct or update your personal information.
- Right of deletion: delete your personal information.
- Right to data portability: transfer your personal information in machine readable form to you or a third party of your choosing.
- Right to Restrict: restrict processing of your personal information.
- Right to object: object to our reliance on our legitimate interests as the basis of our processing of your personal information.
You may submit these requests by contacting us at email@example.com. If permitted by law, we may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
Whenever we transfer your personal information out of the European Economic Area ("EEA") to countries not deemed by the European Commission to provide adequate level of personal information protection, the transfer will be based on safeguards that allow us to conduct the transfer in accordance with the EEA’s data protection laws.
THIRD-PARTY SITES AND SERVICES
HOW WE DISCLOSE THE DATA WE COLLECT
We may engage other companies and individuals to perform services on our behalf, including:
- Companies that analyze data and provide business support (such as data storage and technology services);
- Companies that support the quality and safety of our product candidate;
- Event planning and travel organizations that help facilitate our programs and services;
- Companies that assist us in clinical research and development activities;
- Companies that support us in product marketing and commercialization; and
- Professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.
We may also share your personal information with healthcare professionals, researchers, institutions, academics, public health organizations, and publishers for purposes consistent with this Policy. We may disclose your personal information to partners or collaborators in connection with the research and development of our product candidate. We will ask for your consent before disclosing your personal information to our business partners where required by applicable law.
ADDITIONAL PRIVACY TERMS
In some situations, we may have a separate agreement or relationship with you with respect to a specific type of processing of your personal information, such as if you participate in a special program, activity, event, or clinical trial. These situations will be governed by specific terms, privacy notices, or consent forms that provide additional information about how we will use your personal information. We will honor these additional terms with respect to your information and thus, strongly recommend you review the additional terms prior to participating in any programs.
We retain your personal information for as long as needed to fulfill the purposes for which we collected it, including for the purposes of complying with our legal obligations, resolving disputes, and enforcing our agreements. We may anonymize your personal information so that it can no longer be associated with you, in which case we may use this information indefinitely without further notice to you.
OUR POLICY REGARDING CHILDREN
We do not knowingly collect or solicit personal information from anyone under the age of 13 through our Sites, or knowingly allow such persons to use our Sites. In the event that we learn that we have collected personal information from a child under age 13 through our Sites, we will delete that personal information as soon as reasonably practicable. If you believe that we might have any personal information from or about a child under the age of 13, please contact us.
We may transfer personal information that we collect about you to us and other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. Please note that these countries and jurisdictions may not have the same data protection laws as your own jurisdiction and the European Commission has not issued an adequacy decision with respect to many such countries and jurisdictions. Regardless, we take reasonable steps to ensure adequate safeguards are in place to enable transfer of personal information to the U.S. and other jurisdictions.
If we transfer your personal information from Europe to a country outside of it and are required to apply additional safeguards to that personal information under European data protection laws, we will do so. If you have questions about the mechanism(s) upon which we rely for the transfer of your personal information, please contact us.
CHANGES TO THIS POLICY
919 E. Hillsdale Blvd., Suite 250
Foster City, CA 94404
Attn: Legal Department
If you have any questions or concerns about our data privacy practices, or if you have any requests for resolving issues with your personal information, please contact us at: firstname.lastname@example.org
Individuals located in the European Union or United Kingdom may contact our EU or UK Representative via email, webform or physical mailing address. Please refer to this document for contact information.
Last updated: March 19, 2021
Effective date: March 19, 2021