Privacy Policy

INTRODUCTION

Welcome to Geron Corporation's Privacy Policy.

Your privacy is important to us. Therefore, we have developed this Privacy Policy to describe how Geron Corporation ("Geron", "we" or "us") collects, stores, uses, and otherwise processes personal information.

This Privacy Policy applies to the personal information we collect on our website(s) that link to this Privacy Policy (the "Sites"), the personal information individuals provide to us by other means (such as by email, by phone help line or in person at a conference), and the personal information we collect from third parties. This Privacy Policy also explains the rights and choices available to individuals whose personal information we maintain.

Please note that this Privacy Policy does not apply to personal information of clinical trial participants that we handle in connection with ongoing clinical trials.  Our privacy practices in connection with ongoing clinical trials are governed by applicable clinical trial protocols. 

In some circumstances, we may provide additional privacy notices to you in connection with your participation in our programs, events, or other engagements with Geron.  Such in-time notices will govern our privacy practices in connection with those engagements to the extent there is any conflict between this Privacy Policy and the in-time notice.

PRIVACY SHIELD

Geron complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union or Switzerland to Geron in the United States ("Personal Data").  Geron has certified to the Department of Commerce that it adheres to the Privacy Shield Privacy Principles ("Privacy Principles").  If there is any conflict between the terms in this Privacy Policy and the Privacy Principles, the Privacy Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.  Geron also acknowledges that we are subject to the investigatory and enforcement powers of the United States Federal Trade Commission regarding the Privacy Principles.

Geron may transfer Personal Data to third parties as described in this Privacy Policy. Geron maintains contracts with its third-party service providers restricting their access, use and disclosure of personal information in compliance with our Privacy Shield obligations.  Geron may be liable if these service providers fail to meet the obligations we impose on them and we are responsible for the event giving rise to the damage.

In compliance with the Privacy Principles, Geron commits to resolve complaints about our collection or use of Personal Data.  European Union and Swiss individuals should submit inquiries or complaints regarding our privacy practices as specified in the Contact Information of Data Controller section of this Privacy Policy.

Geron has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please visit www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. If neither Geron nor JAMS resolves your complaint, you may have the ability to engage in binding arbitration through the Privacy Shield Panel. Additional information on the arbitration process is available on the Privacy Shield website at www.privacyshield.gov.

Geron may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

INFORMATION AND DATA WE COLLECT

Geron and our service providers may collect personal information from different sources:

  • Directly from individuals, including by email and phone
  • Through the Sites
  • From hospitals, clinics, CROs and healthcare professionals
  • From government agencies or public records
  • From third-party service providers or business partners
  • From industry and patient groups and associations
  • From social media and other public forums

Personal information and other information we may collect from you includes:

  • Health and medical information (such as medical insurance details, information about physical and mental health conditions and diagnoses, treatments for medical conditions, genetic information, family medical history, and medications you may take, including the dosage, timing, and frequency) that we collect in connection with managing and supporting clinical trials, conducting research, development and potential commercialization, providing patient support programs, managing compassionate use and expanded access programs, and monitoring and assessing safety and tracking adverse events related to clinical trials;
  • Personal and business contact information and preferences (such as name, job title and employer name, email address, mailing address, phone number, and emergency contact information);
  • Biographical and demographic information (such as date of birth, age, gender, marital status, and information regarding any parents or legal guardians);
  • Professional credentials, educational and professional history, institutional affiliations, background checks, and information of the type included on a resume or curriculum vitae (such as work experience, education, salary, and languages spoken);
  • Payment-related information we need to pay for services that individuals may provide to us (such as tax identification number and financial account information);
  • If you are a health care professional, we collect information about the programs and activities in which you have participated, your administration of our product candidate, payments made to or by you, and the agreements you have executed with us;
  • Your photograph, social media handle, or digital or electronic signature;
  • Publicly available information (such as comments describing support for and experience with our product candidate);
  • Other information you provide to us (such as in emails, on phone calls, in market research surveys, or in other correspondence with us or our service providers or business partners);
  • Data that is collected automatically (such as IP Address, your device's operating system, your Internet service provider and location, browser type and language, and website content you access) and information about the date, time and duration of your visit; and
  • Identifiers that are used to identify your mobile device such as your unique device ID (persistent/non-persistent), hardware type, medial access control ("MAC") address.

We may collect this information using cookies. Please refer to the Cookie Policy for more details.

We may combine other publicly available information, such as information related to the organization for which you work, with the personal information that you provide us.

HOW WE USE THE DATA WE COLLECT

Geron may use personal information for the following purposes:

To communicate with you

  • To provide you with investor, media or other materials;
  • To send you copies of our press releases or other information; or
  • To send you surveys or other marketing communications, but you may opt out of receiving them as described in the "Your Choices" section below.

In connection with our Sites, including to:

  • Operate and improve our Sites;
  • Better understand your needs and interests, and personalize your experience with the Sites
  • Respond to your comments, questions, and service-related requests; and
  • Provide support and maintenance for the Sites.

To perform and administer clinical trials, research, and product-development activities, including to:

  • Staff and manage clinical trials, including by identifying and recruiting potential investigators and trial participants;
  • Track and respond to safety and quality concerns;
  • Support public health initiatives, symposia, conferences, and scientific, educational, and volunteer events;
  • Facilitate medication adherence activities;
  • Define and manage appropriate patient engagement activities and patient support programs;
  • Identify and engage thought leaders and external experts;
  • Award honoraria and research grants; and
  • Attribute authorship to academic and promotional materials.

To provide information concerning Geron’s product candidate, including to:

  • Manage access to our product candidate, including where access is limited by law to use in clinical trials; and
  • Pay for services that physicians, researchers, and other individuals may provide to us.

We may also use your personal information as we believe necessary or appropriate to:

  • Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • Comply with regulatory monitoring and reporting obligations, such as those related to adverse events, product complaints, safety, and financial disclosures;
  • Enforce the terms and conditions that govern our product candidate;
  • Protect our rights, privacy, safety or property, and/or that of you or others; and
  • Protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

In some cases we may ask for your consent to collect, use, or share your personal information, such as when required by law or our agreements with third parties. We may also create de-identified data from personal information by excluding information that makes the data personally identifiable to you.  We may use de-identified data for our lawful business purposes. 

YOUR CHOICES

You may opt out of marketing-related emails by clicking the "Unsubscribe" link at the bottom of each such email. If you opt out, you will continue to receive service-related and other non-marketing emails.

SECURITY

Geron takes reasonable measures to protect your personal information from unauthorized access and against loss, misuse or alteration. Although we take a number of organizational, technical and physical measures designed to protect your personal information, both during transmission and once we receive it, no safeguards are completely secure and we cannot guarantee the absolute security of your personal information.

ACCESS, CORRECTION AND DELETION

You may contact Geron at privacy@geron.com to request to have access to your personal information, or to request to correct, amend, or delete the personal information we maintain about you in certain circumstances. We will evaluate your request and determine whether and to what extent we can comply with your request.  We will inform you of the results of our determination. 

INDIVIDUALS LOCATED IN THE EUROPEAN UNION

Data protection law in Europe requires a "lawful basis" for processing the personal information of individuals located in the European Economic Area. Our lawful bases are as follows:

  • Legal compliance: We may need to collect, use, and otherwise process your personal information to comply with our legal obligations, such as regulatory monitoring and reporting obligations.
  • Legitimate interests: This is a technical term in data protection law which essentially means we have a good and fair reason to use your personal information, and that this reason is not outweighed by any potential impact on you and your rights. We do not use your personal information for activities where we believe our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).
  • Contract: We may need to use your personal information to perform a contract with you or to take steps that you have requested prior to entering into the contract.
  • Necessity: We may need to process your personal information to protect your vital interests, or those of another person.
  • Consent: In some cases, we may rely on your consent to process your personal information. Where we rely on your consent, you have the right to withdraw it at any time in the manner indicated when we requested the consent or by contacting us at privacy@geron.com.

European data protection laws may give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information we hold:

  • Right of access: provide you access to your personal information.
  • Right to correct: correct or update your personal information.
  • Right of deletion: delete your personal information.  
  • Right to data portability: transfer your personal information in machine readable form to you or a third party of your choosing.
  • Right to Restrict: restrict processing of your personal information.
  • Right to object: object to our reliance on our legitimate interests as the basis of our processing of your personal information.

You may submit these requests by contacting us at privacy@geron.com. If permitted by law, we may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

Whenever we transfer your personal information out of the European Economic Area ("EEA") to countries not deemed by the European Commission to provide adequate level of personal information protection, the transfer will be based on safeguards that allow us to conduct the transfer in accordance with the EEA’s data protection laws.

WEBSITE AND DEVICE INFORMATION

While you are browsing the Sites, your computer's operating system, Internet Protocol (IP) address, access times, browser type and language and referring website addresses may be logged automatically. We may use this information to monitor, develop and analyze your use of the Sites.

TRACKING TECHNOLOGIES

We may use technologies such as cookies, beacons, scripts, and tags to identify a user's computer/device and to store information about your visit. Information contained in a cookie may be linked to other information we maintain about you, such as your user ID, for purposes such as improving the quality of our Sites and making the Sites easier to use. For additional information about our use of cookies, please refer to the Cookie Policy for more details.

THIRD-PARTY SITES AND SERVICES

We may provide links to third-party applications, services or websites that are not owned or operated by Geron. These links are not an endorsement, authorization, or representation that we are affiliated with that third-party. You understand that when you click on these links any data which you provide to the third party is subject to that third-party's privacy policy and not to ours. We can take no responsibility for the content, safety, privacy or security of any third-party application, service or website.

HOW WE DISCLOSE THE DATA WE COLLECT

We may engage other companies and individuals to perform services on our behalf, including:

  • Companies that analyze data and provide business support (such as data storage and technology services);
  • Companies that support the quality and safety of our product candidate;
  • Event planning and travel organizations that help facilitate our programs and services;
  • Companies that assist us in clinical research and development activities;
  • Companies that support us in product marketing and commercialization; and
  • Professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.

These agents and service providers may have access to your personal information in connection with the performance of services for Geron. These agents and service providers may use your information only as directed by Geron and in a manner consistent with this Privacy Policy, and are prohibited from using or disclosing your information for any other purpose.

We may also share your personal information with healthcare professionals, researchers, institutions, academics, public health organizations, and publishers for purposes consistent with this Policy. We may disclose your personal information to partners or collaborators in connection with the research and development of our product candidate. We will ask for your consent before disclosing your personal information to our business partners where required by applicable law.

We may disclose your personal information to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to comply with applicable law and lawful requests and legal process, such as a subpoena or request from a government authority; investigate fraud; enforce or apply our rights or policies, including our Terms of Use and this Privacy Policy; protect the rights, property, or safety of us, our users, or others; or protect, investigate, and deter against fraudulent, harmful, unauthorized, unethical, or illegal activity.

We may sell, transfer, or otherwise share your personal information in connection with any business deal (or potential business deal) such as a merger, consolidation, sale of some or all of our business or assets, financing or acquisition, reorganization, or in the event of bankruptcy, in which we will make reasonable efforts to require the recipient to honor this Privacy Policy. 

ADDITIONAL PRIVACY TERMS

In some situations, we may have a separate agreement or relationship with you with respect to a specific type of processing of your personal information, such as if you participate in a special program, activity, event, or clinical trial. These situations will be governed by specific terms, privacy notices, or consent forms that provide additional information about how we will use your personal information. We will honor these additional terms with respect to your information and thus, strongly recommend you review the additional terms prior to participating in any programs.

DATA RETENTION

We retain your personal information for as long as needed to fulfill the purposes for which we collected it, including for the purposes of complying with our legal obligations, resolving disputes, and enforcing our agreements. We may anonymize your personal information so that it can no longer be associated with you, in which case we may use this information indefinitely without further notice to you.

OUR POLICY REGARDING CHILDREN

We do not knowingly collect or solicit personal information from anyone under the age of 13 through our Sites, or knowingly allow such persons to use our Sites. In the event that we learn that we have collected personal information from a child under age 13 through our Sites, we will delete that personal information as soon as reasonably practicable. If you believe that we might have any personal information from or about a child under the age of 13, please contact us.

INTERNATIONAL TRANSFER

We may transfer personal information that we collect about you to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. Please note that these countries and jurisdictions may not have the same data protection laws as your own jurisdiction, and we take reasonable steps to ensure adequate safeguards are in place to enable transfer of personal information to the U.S.

CHANGES TO THIS POLICY

We may update this Privacy Policy to reflect changes to our data and personal information privacy practices. If we make any material changes to this Privacy Policy we will take appropriate steps to notify you of such changes. We encourage you to periodically review this page for the latest information on our privacy practices.

CONTACT INFORMATION OF DATA CONTROLLER

Geron Corporation
149 Commonwealth Drive
Menlo Park, CA 94024

Attn:  Legal Department

If you have any questions or concerns about our data privacy practices, or if you have any requests for resolving issues with your personal information, please contact us at: privacy@geron.com

Individuals located in the European Union may contact our EU Representative via email, webform or physical mailing adderss. Please refer to this document for contact information.

 

Last updated: March 26, 2019

Effective date: April 2, 2019