March 16, 2023
This Policy describes the types of data we may collect from you or that you may provide when you visit www.telosbio.com (our “Website”), as well as our practices for processing, collecting, using, maintaining, protecting, and disclosing that data. This Policy further describes your rights surrounding our processing, collection, use, maintenance, protection, and disclosure of this data.
This Policy applies to information we collect:
• on this Website;
• in email, text, and other electronic messages between you and this Website; or
• information you provide when you communicate with us, including by providing feedback.
It does not apply to information collected:
• offline or through any other means, including on any other website operated by any third party (including our affiliates and subsidiaries); or
• by any third party (including our affiliates and subsidiaries), including through any application or content that may link to or be accessible from the Website.
Please read this Policy carefully to understand our procedures and practices regarding your data and how it is processed.If you do not agree with our policies and practices, you should not use ourWebsite. To the extent permitted by law, by accessing or using this Website, you agree to this Policy and consent to the processing of your personal data in the manner described in the Policy.
For more information contact us at email@example.com
Our Website is not intended for children under 18 years of age. No one under age 18 may provide any information to the Website. We do not knowingly collect personal data from children under18. If you are under 18, do not use this website or provide any information about yourself. If we learn we have collected or received personal data from a child under 18 without verification of parental consent, we will delete that data.If you believe we might have any information from or about a child under 18, please contact us at firstname.lastname@example.org.
California residents under 16 years of age may have additional rights regarding the collection and sale of their personal data. Please see Your State Privacy Rights below for more information.
We collect several types of data from and about users of our Website, including information:
• By which you may be personally identified, such as name, email address, or any other identifier by which you may be contacted online or offline (“personal data”);
• That is about you but individually does not identify you, such as geolocation data, IP addresses, demographic data, such as race, gender identity, age, and the like;
• Internet activity data and other data about your internet connection, the equipment you use to access our Website, usage details, and information collected through Cookies (defined below).
We collect information in the following ways:
• Directly from you, such as when you provide it to us by filling in forms on our Website, you provide us information after you make an inquiry or when you report a problem with our Website, or you otherwise provide information to us voluntarily;
• Automatically through data collection technologies like Cookies when you navigate through the Website;
• If you contact us, we may retain records and copies of your correspondence (including email address); and
• From third parties, for example, our business partners with whom you engage.
Information We Collect Automatically Through Data Collection Technologies
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
• Details of your visits to our Website, including search queries, traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
• Information about your computer and internet connection, including your IP address, operating system, and browser type.
We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). We do not place advertisements, including targeted advertisements, on our Website. Please be aware that in general, you can opt-out of targeted advertising through Cookie and browser settings, and you can opt out of receiving targeted ads from members of the Network AdvertisingInitiative (“NAI”) on the NAI’s website.
The technologies we use for this automatic data collection (collectively, “Cookies”) may include:
• Browser cookies. A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse browser cookies, our system will issue browser cookies when you direct your browser to our Website.
• Web Beacons. Pages of our Website may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
• Flash cookies. Certain features of our Website may use local stored objects(or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices About How We Use and Disclose Your Information.
We do not collect personal data automatically, but we may tie this information to personal data about you that we collect from other sources or that you provide to us.
We use the following categories of Cookies on our website:
• Strictly necessary Cookies. These are Cookies that are required for the operation of our Website. They allow for a user to navigate back and forth between pages without losing their previous actions from the same session.
• Performance Cookies. Performance cookies monitor website performance and collect anonymous data on how visitors use a website. These cookies provide information to help improve how a website works.
• Functionality Cookies. These are used to recognize you when you return to our website and to embed functionality from certain third-party services. This enables us to personalize content for you, remember your preferences (for example, your choice of language) and to integrate useful services provided by third party providers into our website. Examples of such Cookies can be the ability to use web chats or keep your preferences on a particular website. Certainly third-party tools may also remember your preferences to improve functionality and personalization of your experience.
• Analytics Cookies. We use the Google Analytics platform to collect certain analytical information to help us better understand activity on our website and improve our services and the quality of our website. This information includes the IP address, page requests, referring websites, ads, or social media platforms, operating system and browser, and time spent on our website. We receive this data in an aggregated form. We use this information to help us understand how visitors engage with our website, measure the effectiveness of our advertising on third-party websites, and to improve our visitors’ experience.
For more information about Google Analytics, please visit: https://www.google.com/policies/privacy/partners/
More information about our Cookie Manager can be found here: https://cookie-script.com/
Third Party Content or Applications
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.
The information that We collect automatically may include personal identifiable information, or we may maintain it or associate it with personal data we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:
• estimate our audience size and usage patterns;
• store information about your preferences, allowing us to customize our Website according to your individual interests; and
• speed up your searches through search engine optimization.
We use information that we collect about you or that you provide to us, including any personal data:
• To present our Website and its contents to you.
• To provide you with information, products, or services that you request from us.
• To fulfill any other purpose for which you provide it.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
• To notify you about changes to our Website or any products or services we offer or provide though it.
• To allow you to participate in interactive features on our Website that may be offered from time to time.
• In any other way we may describe when you provide the information.
• For any other purpose with your consent.
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
• to our subsidiaries and affiliates;
• to contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal data confidential;
• to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Company’s assets, whether as a going concern or other proceeding, in which personal data held by Company about our Website users is among the assets transferred;
• to fulfill the purpose for which you provide it;
• for any other lawful purpose disclosed by us when you provide the information; or
• with your consent.
We may also disclose your personal data:
• to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
• if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Company, our customers, or others.
We process your data in connection with our legitimate business interests: including, without limitation, fraud prevention, maintaining the security of our network and services, personalizing your experience with us, expanding the reach of our scientific information and opportunities, and improving our Website, products, and services. This also includes use of your data to render, administer, and improve the Website, our services, and our business. It helps us to improve our Website and to deliver abetter and more personalized service.
Whenever we rely on this lawful basis to process your data, we assess our business interests to make sure they are legitimate, that our use is reasonably necessary for the applicable purpose and does not materially impact your privacy rights. Additionally, in some cases and under certain laws, you have the right to object to this processing.
You may have certain rights as a data subject under applicable law such as:
• The right to access personal data.
• The right to rectify incorrect personal data.
• The right to object to the processing of personal data.
• The right to withdraw consent to the processing of personal data.
• The right to lodge a complaint with a supervisory authority (which varies depending on where the data collection occurs).
• The right to appeal a business’s decision with regard to a data subject’s request.
Additional, or different rights, maybe available depending on your location.
We also use your personal data for specific purposes when you give us consent to do so. When you give your consent for the processing of your personal data, you will be given details on the scope of use and how to change your mind at any time. Consent may be withdrawn or modified at any time by contacting email@example.com.
We strive to provide you with choices regarding the personal data you provide to us. We do not host advertisements on our Website. However, you should be aware that there are mechanisms you can use to improve control over your data:
• We do not control third parties' collection or use of your data to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your data collected or used in this way. You can opt-out of targeted advertising through Cookie and browser settings, and you can opt out of receiving targeted ads from members of the NetworkAdvertising Initiative (“NAI”) on the NAI’s website.
Residents of certain states, such as California,Nevada, Colorado, Connecticut, Virginia, and Utah may have additional personal data rights and choices. Please see Your State Privacy Rights below for more information.
State consumer privacy laws may provide their residents with additional rights regarding our use of their personal data.
Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:
• Confirm whether we process their personal data.
• Access and delete certain personal data.
• Data portability.
• Opt-out of personal data processing for targeted advertising and sales.
Colorado, Connecticut, and Virginia also provide their state residents with rights to:
• Correct inaccuracies in their personal data, considering the data's nature processing purpose.
• Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.
To exercise any of these rights please email firstname.lastname@example.org.
Nevada provides its residents with a limited right to opt-out of certain personal data sales. Residents who wish to exercise this sale opt-out rights may submit a request to email@example.com. However, please know we do not currently sell data triggering that statute's opt-out requirements.
The California Consumer Privacy Act of2018 (CCPA) gives California residents the right to know what personally identifiable information we collect about them, including whether it is being sold or disclosed to third-parties, and the right to prevent us from selling that data. The CCPA also prevents companies from retaliating against consumers for exercising these rights – companies must continue to give consumers who exercise the right to refuse sale of their personally identifiable information access to equal products for equal prices.
The CCPA defines a “sale” as the disclosure of personal data for monetary or other valuable consideration. Company does not sell and has not, within at least the last 12 months, sold personal data, including sensitive personal data that is subject to the CCPA’s sale limitation. We do not share personal data for cross-context behavioral advertising within the scope of CCPA. We have no actual knowledge that we sell or share personal data of California residents 16 years of age and younger.
If you are a California resident, you have the right to request that we:
• Disclose to you the following information covering the12-month period prior to your request (“Request to Know”):
• The categories of personal data we collected about you and the categories of sources from which we collected the personal data;
• The business or commercial purpose for collecting personal data about you;
• The categories of third parties to whom we disclosed personal data about you, and the categories of personal data disclosed; and
• The specific pieces of personal data we collected about you;
• Delete Personal Data we collected from you (“Request toDelete”).
• Correct inaccurate personal data that we maintain about you(“Request to Correct”).
• In addition, you have the right to be free from discrimination by a business for exercising your CCPA privacy rights, including the right as an employee, applicant, or independent contractor not to be retaliated against for exercising your CCPA privacy rights.
You may send us an email at firstname.lastname@example.org or write to us at the address below to request access to, correct or delete any personal data that you have provided to us:
228 Park Ave. S. Suite #66643
New York, NY 10003 USA
We may not accommodate a request to change or delete data if we believe the change would violate any law or legal requirement or cause the data to be incorrect. Additionally, certain personal data may be exempt from, or outside the scope of, a request to know, delete, or correct.For example, data subject to certain federal privacy laws, such as the Gramm-Leach-Bliley Act or the Health Insurance Portability and Accountability, or dispute proceedings, may be exempt from such requests. As a result, we may decline all, or part of your request related to exempt personal data.
We will attempt to provide any requested data and to make requested changes to the extent required by and permissible under applicable privacy laws and other laws and regulations, considering the type and sensitivity of the data subject to the request. In any event, we will endeavor to respond to you as soon as possible to advise you of the outcome of your request.
Please note that our website is primarily intended for users located within the United States. However, we understand that international visitors may from time to time visit our Website.
When we share personal data with a third party, such data transfers may include the transfer of personal data to other countries. Those countries may not have the same data protection laws as the country in which the personal data initially originated.
EEA and UK Persons Only
With respect to information subject to this Policy, Company will act as a data controller and will process your personal data by determining the purposes and means of its processing, as per the General Data Protection Regulation (GDPR). Please be aware that your personal data will reside on servers inside and outside of the United States. Before transferring your personal data outside the United States, we will take steps to ensure that such data will be afforded the same level of protection as under applicable data protection laws within the EEA and UK, including by entering into data protection addenda where required. For data transfers outside the EEA or UK, we use, where required, applicable safeguards, including standard contractual clauses. A copy of these measures can be obtained by contacting us at the email address listed below. Our Supplemental European Privacy Notice is available below.
We have implemented measures designed to secure your personal data from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls.
The safety and security of your data also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. The data you share in public areas may be viewed by any user of the Website.
Unfortunately, the transmission of data via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Website. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
We will keep personal data no longer than necessary to fulfill the purposes described in this Policy. Under our record retention policy, we are required to destroy personal data after we no longer need it according to specific retention periods. However, we may need to hold personal data beyond these retention periods due to regulatory requirements or in response to a regulatory audit, investigation, or other legal matter. These requirements also apply to our third-party service providers.
228 Park Ave. S. Suite #66643
New York, NY 10003 USA
This policy was last updated as of the date first referenced above.
March 16, 2023
European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”) and the Data Protection Act2018 in the United Kingdom of Great Britain (UK) requires us as the data controller to provide additional and different information about our data processing practices to data subjects located in the European Economic Area(“EEA”) and the UK. If you are a data subject located within the EEA or the UK, this Supplemental European PrivacyNotice applies to you in addition to any other information we provide regarding data privacy.
We (Telos Biotech) will only use your personal data when applicable law allows us to do so. Most commonly, we will use your personal data in the following circumstances:
• Where we need to perform the contract that we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.
• Necessary for scientific research purposes.We may also use your personal data in the following situations, which are likely to be rare:
• Where we need to protect your interests (or someone else's interests).
• Where it is needed in the public interest or for official purposes.
Generally, we do not rely on consent asa legal basis for processing your personal data other than in relation conduction clinical studies in certain countries in mainland Europe.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need additional details about the specific legal ground that we are relying on to process your personal data where more than one ground has been set out in the table below.
We undertake clinical studies within the EEA and the UK and we will use information from subjects’ medical records and other health data in order to improve healthcare. As a pharmaceutical organisation, we have a legitimate interest in using information relating to your health for research studies, when you agree to take part in a research study. Our exception to the general provision at Article 9(1) GDPR not to process special categories of data is that processing is necessary for scientific research purposes in accordance with Article 89(1) GDPR. This means that we will use your data when we act as the data controller for such studies, collected in the course of are search study, in the ways needed to conduct and analyse the research study. The Informed Consent Form will provide further detail of the processing of your personal data should you be a subject of a study. Your rights to access, change or move your information are limited, as we need to manage your information in specific ways in order for the research to be reliable and accurate. If you withdraw from the study, we will keep the information about you that we have already obtained. To safeguard your rights, we will use the minimum personally-identifiable information possible.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Our primary location is based outside the European Economic Area, so the processing of your personal data may involvea transfer of data outside the EEA or UK. Information on how to contact the DPO can be found in Section A of thisNotice (“How to Contact Us”).
Whenever we transfer your personal data out of the EEA or UK, we ensure a similar degree of protection is afforded toit by ensuring at least one of the following safeguards is implemented:
• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or UK Government.
• Regarding transfers to the US, we are required to incorporate Standard Contractual Clauses in agreements for transfer from theEEA provided by the European Commission or from the UK by the InternationalData Transfer Agreement provided by the Information Commissioner’s Office in the UK in order to provide similar protection to personal data shared withinEurope or the UK.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information in definitely without further notice to you.
Under certain circumstances, if you are a person located within the EEA or UK you have the following data protection rights:
• access to your personal data.
• correction of your personal data.
• erasure of your personal data.
• object to processing of your personal data.
• restrict of processing your personal data.
• transfer of your personal data.
• withdraw consent to any consent that you have previously given.
If you wish to exercise any of the rights set out above, please contact our Data Protection Officer, Dr Phil Griffiths at email@example.com. You can also contact the Supervisory Authority in the country of your residence within the EU or UK for advice or to make a complaint. Please be aware that your rights in relation to clinical research data may be limited.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.