PRIVACY POLICY
This Privacy Policy explains how Eureka Therapeutics, Inc. (“Eureka”), handles Personal Information in connection with its interactions and communications, products, services, apps, and websites both online and offline (collectively, the “Services”). This Privacy Policy applies to all Personal Information received and processed by Eureka. Your access to and use of the Services is subject to this Privacy Policy and Eureka’s Terms of Use.
HOW WE COLLECT
We may collect Personal Data from you in a variety of ways, including, but not limited to:
- Directly from you, (e.g., when you fill out a form, send us an inquiry, respond to a survey, register an account, or in connection with other activities, services, features, or resources we make available through our Services, including EurekaConnectMe)
- Through our websites and mobile apps
- Participation in clinical trials
- From healthcare professionals
- From contract research organizations and clinical trial investigators
- From government agencies or public records
- From third-party service providers, data brokers, or business partners
- From industry and patient groups and associations
From time to time, we may use or augment the personal data we have about you with information obtained from other sources, such as public databases, social media platforms, and other third parties. For example, we may use such third-party information to confirm or verify licensure of healthcare professionals or to better understand your interests by associating demographic information with the information you have provided.
INFORMATION WE COLLECT
We may collect the following Personal Information
- Contact information and preferences such as name, email address, mailing address, phone number, and emergency contact information
- Biographical and demographic information, such as date of birth, age, gender, ethnicity, marital status, and sexual orientation
- Health and medical information, such as information about physical and mental health conditions and diagnoses, treatments for medical conditions, genetic information, family medical history, and medications an individual may take, including the dosage, timing, and frequency of medication
- Information we collect in connection with managing clinical trials, conducting research, providing patient support programs, distributing and marketing our products, managing compassionate use and expanded access programs
- Financial information to complete a transaction or determine eligibility for patient assistance programs
- Publicly available information
- Inferences drawn from other Personal Data listed above, to create a profile reflecting your preferences, characteristics, behavior, attitudes, and abilities
- Adverse event information
- We may use the Personal Data we collect about you with information obtained from other sources, such as public databases, social media platforms, and other third parties
- In limited circumstances and only with additional notice and consent, genetic information and biometric markers
- Internet activity, such as your browsing history, your search history, and information on your interaction with our Services and advertisements
- Username and password and any other information you provide in connection with establishing an account on our websites or mobile apps
- Your photograph, social media handle, or digital or electronic signature
- If you are a healthcare professional, we may also collect:
- Professional credentials, educational and professional history, institutional and government affiliations, and information included on a resume or curriculum vitae education and work history (such as work experience, education, and languages spoken)
- Information about the Eureka programs, products, and activities with which you have engaged
- Details about our interactions with you, your prescribing of our products, and the agreements you have executed with us
- Publicly available information related to your practice, such as license information, disciplinary history, prior litigation and regulatory proceedings, and other due diligence related information
We may use or augment the Personal Data we collect about you and your practice with information obtained from other sources, such as public databases, social media platforms, and other third parties. For example, we may use public information to confirm contact or financial information, to verify licensure of healthcare professionals, or to better understand your interests by associating demographic information with the information you have provided.
HOW WE USE PERSONAL DATA
Eureka processes your Personal Data for the following purposes:
- Communicating with you about Eureka Services
- Where you have requested participation in a clinical trial with Eureka or one of Eureka’s partners
- Disease management, education, or decision support systems related to the use of Eureka investigational products and market product
- Where you have requested support from Eureka, assisting you in the completion of your application, the assessment of your eligibility for any requested offering, the processing and maintenance of the offering, as well as any applicable renewal of such offering
- Responding to your inquiries about applications, trials, and other offerings
- Making proposals for future needs
- Allowing our affiliated companies to notify you of certain products or services offered by our affiliated companies
- Processing transactions through service providers
- Conducting research and secondary research
- Meeting legal, security, processing, and regulatory requirements
- Protecting against fraud, or suspicious or other illegal activities
- Compiling statistics for analysis of our sites and our business
WHY WE PROCESS PERSONAL DATA
Eureka processes Personal Data where it has a legal basis for doing so. Legal bases include:
- The transfer or processing is in Eureka’s legitimate interest in providing you with access to our Services and programs
- The transfer or processing is necessary for the performance of a contract between you, or your Provider, and Eureka (or one of its affiliates)
- The transfer or processing is necessary for the performance of a contract, concluded in your interest, between Eureka (or one of its affiliates) and a third party
- The transfer or processing is necessary, or legally required, on important public interest grounds, for the establishment, exercise, or defense of legal claims, or to protect your vital interests
- The transfer or processing is required by applicable law
HOW WE SHARE PERSONAL DATA
Within our family of companies
In the normal course of performing services for our clients, Personal Data may be shared within Eureka and its affiliates for research and statistical purposes, drug safety and efficacy purposes, disease management, system administration and crime prevention or detection, or any purpose otherwise identified in this Privacy Policy.
With our Service Providers
We may retain other companies and individuals to perform services on our behalf and we may collaborate with other companies and individuals with respect to particular products or services. Examples of service providers include data analysis firms, customer service and support providers, email and SMS vendors, web hosting and development companies, and fulfillment companies. Providers also include our co-promote partners for products that we jointly develop and/or market with other companies. Some providers may collect Personal Data on our behalf.
In connection with Business Transactions
As we continue to develop our business, we might sell or buy assets. In such transactions, user information, including Personal Data, generally is one of the transferred business assets. Also, if either Eureka itself or substantially all of Eureka assets were acquired, your Personal Data may be one of the transferred assets. Therefore, we may disclose and/or transfer your Personal Data to a third party in these circumstances.
To comply with our legal obligations
Eureka reserves the right to disclose without your prior permission any Personal Data about you or your use of the Services if Eureka has a good faith belief that such action is necessary to: (a) protect and defend the rights, property, or safety of Eureka, employees, other users of the Services, or the public; (b) enforce the terms and conditions that apply to use of the Services; (c) as required by a legally valid request from a competent governmental authority and/or to comply with a judicial proceeding, court order, or legal process; or (d) respond to claims that any content violates the rights of third parties. We may also disclose Personal Data as we deem necessary to satisfy any applicable law, regulation, legal process, or governmental request.
We may also disclose aggregate or de-identified data that is not personally identifiable to third parties for any purpose.
Please note, Eureka does not sell Personal Data to third parties.
COOKIES AND OTHER TOOLS
Eureka websites and apps may collect information that could be potentially personally identifiable about your visits without you actively submitting such information. This information may be collected using various technologies, such as cookies and web beacons. Cookies are small text files that are transferred to your computer’s hard disk by a website. Web beacons (also referred to as GIFs, pixels, or internet tags) help Eureka understand how you navigate around the Eureka websites. As part of your use of the site, your internet browser automatically transmits to Eureka websites some of this unidentified information, such as the URL of the website you just visited and the browser version your computer is operating. Passive information collection technologies can make your use of Eureka websites easier by allowing Eureka to provide better service, customize Eureka websites based on consumer preferences, compile statistics, analyze trends, and otherwise administer and improve Eureka websites. You can prevent the storage of cookies by adjusting the settings on your browser, though certain features of Eureka websites may not work without use of passive information collection technologies. Information collected by these technologies cannot be used to identify you without additional information.
Some of Eureka’s business partners, with whom Eureka contracts to carry out the Services (e.g., website providers), may use their cookies on Eureka websites and apps. Although Eureka may not have direct access to or control over such cookies, this Privacy Policy governs the use of cookies by Eureka and such business partners on Eureka websites and apps. Eureka may also allow social media companies (e.g., Facebook) to put “widgets” on Eureka websites. These third-party tools may also be used to track you across websites. For example, so long as you are logged into Facebook, every time you land on a webpage that has a Facebook widget, Facebook will know you are on that webpage. Eureka does not control the privacy practices of these third parties.
Some internet browsers allow you to limit or disable the use of tracking technologies that collect unidentified information, such as a “Do Not Track” (“DNT”) setting. Currently, we do not respond to DNT signals.
SPECIAL PROGRAMS AND CLINICAL TRIALS
Eureka may offer apps, special programs, clinical trials, activities, events, or promotions (“Programs”) that have unique or additional specific terms, privacy notices, and/or consent forms that explain how any information you provide will be processed in connection with the Programs. Certain Programs may include coupons, discounts, or other financial incentives. Where required, we may provide additional terms. You should review the terms applicable to the Programs before interacting or participating in the Program.
CHILDREN
The Services Eureka provides are not intended to target children under the age of 13, and we do not knowingly collect information directly from children under this age through our websites or apps. We may handle the information of children in connection with certain programs, but only with the consent of a parent or legal guardian.
If you believe that a child of whom you are the parent or legal guardian has improperly provided us with Personal Data, please contact Eureka using one of the methods specified herein and Eureka will work with you to address this issue.
INTERNATIONAL DATA TRANSFERS
Eureka maintains servers and other storage facilities in the United States. Eureka may transfer Personal Data outside of its country of origin for the purposes, and in the manner, set out above; including for processing and storage by service providers and Affiliates in connection with such purposes. In all situations, Eureka takes reasonable steps to ensure that your privacy is protected. Such steps include, but are not limited to: implementing privacy, security, and contractual controls; as well as steps noted above, as required by applicable law.
To the extent that any Personal Data is sent out of an individual’s country, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts, or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.
Eureka endeavors to obtain assurances from its Service providers and Affiliates that they will safeguard Personal Data consistent with this Privacy Policy. An example of appropriate assurances that may be provided by Service providers and Affiliates includes a contractual obligation that they provide at least the same level of protection as is required by Eureka’s privacy principles set out in this Privacy Policy. Where Eureka has knowledge that a Service provider or Affiliate is using or disclosing Personal Data in a manner contrary to this Privacy Policy, Eureka will take appropriate steps to prevent or stop the use or disclosure.
CHOICE
Where Eureka relies on consent for the fair and lawful processing of Personal Data, the opportunity to consent will be provided prior to when the Personal Data in question is collected. Your consent may be given through your authorized representative such as a legal guardian, agent, or holder of a power of attorney. Where Eureka relies on consent, you will be entitled to withdraw that consent at any time.
DATA INTEGRITY, PURPOSE LIMITATION, AND RETENTION
Eureka will use Personal Data only in ways that are compatible with the purposes for which it was collected, or consented to by the individual. Eureka will have appropriate steps in place to ensure that Personal Data is relevant to its intended use, accurate, complete, and current. Eureka will only store Personal Data for as long as it is needed to fulfill the purposes for which it was collected, subject to applicable data retention periods imposed upon Eureka by applicable law. This may mean that your Personal Data is stored by Eureka for a number of years, depending on the purpose and need for that data to be processed.
YOUR RIGHTS
You may have certain rights and choices regarding our processing of our Personal Data. Depending on your jurisdiction, applicable law may entitle you to additional consumer rights, including the right to:
Know the categories and/or specific pieces of Personal Data collected about you, including whether your Personal Data is sold or disclosed, and with whom your Personal Data was shared
- Access a copy of the Personal Data we retain about you
- Request deletion of your Personal Data
- Correct or amend your Personal Data
- Object to certain uses of your Personal Data
We will verify your identity in connection with any requests regarding Personal Data to help ensure that we provide the information we maintain to the individuals to whom it pertains, and allow only those individuals or their authorized representatives to exercise rights with respect to that information. If you are an authorized agent making a request on behalf of a consumer, we may require and request additional information to verify that you are authorized to make that request.
Eureka may not be able to comply with a request where Personal Data has been destroyed, erased, or made anonymous in accordance with Eureka’s record retention obligations and practices. In the event that Eureka cannot provide an individual with access to his/her Personal Data, Eureka will provide the individual with an explanation, subject to any legal or regulatory restrictions.
To submit a request, please contact us using one the following options:
Through our web portal for residents of the US and other countries
By email to privacy@eurekainc.com
By mail to the following address:
Eureka Therapeutics, Inc.
Attn: Privacy
5858 Horton Street, Suite 170
Emeryville, CA 94608
To help us respond to your request, all communications to Eureka should include the sender’s name and contact information (such as email address or phone number), and a detailed explanation of the request. In addition, communications related to Eureka websites should include, as applicable, the email address used for registration and the Eureka website address on which Personal Data was provided. Email requests to delete, amend, or correct Personal Data should include “Deletion Request” or “Amendment/Correction Request,” as applicable, in the subject line of the email. Eureka will endeavor to respond to all reasonable requests in a timely manner, and in any case, within any time limits prescribed by applicable local law. If you have questions or complaints regarding our Privacy Policy or practices, please contact us at privacy@eurekainc.com or at the mailing address provided above.
We will not restrict or deny you access to our Services because of choices and requests you make in connection with your Personal Data. Please note, certain choices may affect our ability to deliver the Services.
LINKS TO THIRD-PARTY WEBSITES
You may find advertising or other content on the Site that links to the sites and services of our partners, suppliers, advertisers, sponsors, licensors, and other third parties (“Third-Party Websites”). This Privacy Policy does not apply to the Third-Party Websites. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from the Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies. Browsing and interaction on any other website, including websites which have a link to the Site, is subject to that website’s own terms and policies.
CHANGES TO EUREKA’S PRIVACY POLICY
Eureka has the discretion to update this Privacy Policy at any time. If Eureka changes its privacy practices, an updated version of this Privacy Policy will reflect those changes. Eureka will provide notice of such changes by updating the effective date listed on this Privacy Policy. We encourage you to frequently check this page for any changes to stay informed about how we are protecting the Personal Data we collect. It is your responsibility to review this Privacy Policy periodically and become aware of modifications. If you have an account through the Site or any Service we provide, we may provide notice of changes by emailing you at the email address provided to us in your account. Your continued interaction with Eureka, in the activities covered above, will be subject to the then-current Privacy Policy.
SECURITY
Eureka has implemented reasonable physical, technical, and managerial controls and safeguards to keep your Personal Data protected from unauthorized access, disclosure, alteration, and destruction. Such measures may include, but are not limited to: the encryption of communications, encryption of information while it is in storage, firewalls, access controls, separation of duties, and similar security protocols.
Access to Personal Data is limited to a restricted number of Eureka employees whose duties reasonably require such information, third parties with whom Eureka contracts to carry out business activities for Eureka, and certain companies with which Eureka may conduct joint programs. Eureka trains its employees on the importance of privacy and how to handle and manage Personal Data appropriately and securely.
Please note, the confidentiality of Personal Data transmitted over the internet cannot be guaranteed. Eureka urges you to exercise caution when transmitting Personal Data over the internet. Eureka cannot absolutely guarantee that unauthorized third parties will not gain access to your Personal Data; therefore, when submitting Personal Data to Eureka online, you must weigh both the benefits and the risks.
CONTACTING EUREKA
If you have any questions about this Privacy Policy, please contact us at privacy@eurekainc.com. Alternatively, letters may be sent to the following address:
Eureka Therapeutics, Inc.
Attn: Privacy
5858 Horton Street, Suite 170
Emeryville, CA 94608
All communications to Eureka should include the individual’s name and contact information (such as email address or phone number), and a detailed explanation of the request. Email requests to delete, amend, or correct Personal Data should include “Deletion Request” or “Amendment/Correction Request,” as applicable, in the subject line of the email. Eureka will endeavor to respond to all reasonable requests in a timely manner, and in any case, within any time limits prescribed by applicable local law.
Updated: June 2021