This Privacy Notice was last updated on September 10, 2024
1.0 PURPOSE
1.1 The purpose of this Policy is to communicate how HighTide Therapeutics, Inc. (HIGHTIDE) collects, uses, and discloses – and its obligation to maintain the privacy and confidentiality of – Personal Data/Personal Information (as defined below) that is obtained when one is accessing the HIGHTIDE website and/or other applications, including mobile applications (collectively “Site”), that directly link to this statement. HIGHTIDE is also committed to complying with applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), the Data Protection Act of 2018 (UK GDPR), the Health Insurance Portability and Accountability Act (HIPAA), The China Personal Information Protection Law (PIPL), and other relevant privacy laws.
2.0 SCOPE
2.1 This Policy applies to all Personal Data/Personal Information collected, processed, or stored by HIGHTIDE, including data related to patients, healthcare providers, employees, consultants, contractors, partners, and other individuals with whom HIGHTIDE interacts. This Privacy Policy also applies to the operation of this Site. BY ACCESSING OR USING THE SITE, VISITORS TO THIS SITE CONSENT TO HIGHTIDE’S COLLECTION, USE, AND SHARING OF VISITORS’ INFORMATION AS SET FORTH IN THIS PRIVACY POLICY. Please read this Policy carefully before using the Site or submitting Personal Data/Personal Information to HIGHTIDE. This Policy is incorporated into and subject to the Terms of Use.
3.0 RESPONSIBILITIES
3.1 The responsibility to take steps designed to ensure compliance with this Policy and applicable data privacy laws rests with all HIGHTIDE Representatives.
3.1.1 Only access Personal Data/Personal Information which they have been authorized to access and for which they have a legitimate need to perform their job duties.
3.1.2 Treat all Personal Data/Personal Information as confidential.
3.1.3 Follow computer system access controls as defined in HIGHTIDE’s Data Integrity Policy designed to safeguard personal and company data.
4.0 DEFINITIONS AND ABBREVIATIONS
4.1 Definitions
Applicable Laws: In relation to any Personal Data/Personal Information collected by HIGHTIDE, all applicable legislation regarding the protection of personally identifiable information for individuals or households, including, as applicable, the General Data Privacy Regulation (EU Regulation 2016/679; “GDPR”), The China Personal Information Protection Law (“PIPL”), and/or other applicable data protection or national, federal, state, or provincial privacy legislation in force, including, where applicable, binding statutes, decisions, guidelines, guidance notes and codes of practice as may be issued from time to time by courts, data protection authorities, and other applicable government authorities.
HIGHTIDE Representatives: HIGHTIDE officers, directors, employees, contractors, consultants, and vendors.
Confidential Information: Confidential information is any information that is disclosed by one party to another party, that is not public, and that could be harmful if revealed to unauthorized parties. Confidential information can be written, oral, or tangible, and can be designated as confidential or implied by the nature and circumstances of the disclosure. Confidential information is usually protected by laws and contracts.
Computerized System: Any HIGHTIDE electronic device and associated software in which Personal Data/Personal Information, or other Confidential Information is entered, stored, manipulated, accessed, and transmitted.
Personal Data/Personal Information: Any information that HIGHTIDE Representatives, HIGHTIDE or its affiliates (e.g., contracted CROs, Apheresis Centers, clinical trial sites) collect that can be used to identify, locate, or contact the person including, without limitation:
- Contact Information: first and last name, mailing address, telephone number, email address, and other contact information that people choose to provide to HIGHTIDE;
- Demographic Information: age, gender, date of birth, location;
- Professional Data: Professional affiliations, specialty, NPI;
- Employment history: job applicant data;
- Information collected through tracking technologies: IP address, geo-location data, cookies, statistical data to monitor utilization of the Site, or other online identifiers
4.2 Abbreviations
CROs: Contract Research Organizations
GDPR: General Data Protection Regulation
UK GDPR: the Data Protection Act of 2018
PIPL: the China Personal Information Protection Law
HIPAA: Health Insurance Portability and Accountability Act
5.0 POLICY STATEMENT
5.1 HIGHTIDE respects the privacy of visitors to the Site, and of those who interact with HIGHTIDE in other ways. At HIGHTIDE, all personnel and representatives recognize the need for appropriate protection and management of the Personal Data/Personal Information that is shared with HIGHTIDE. It is HIGHTIDE’s policy that the Personal Data/Personal Information collected will be used by HIGHTIDE for limited purposes. HIGHTIDE respects the personal and private nature of this information and is committed to appropriately protecting the Personal Data/Personal Information collected and to using it in compliance with applicable privacy laws, rules and regulations, and the following data protection principles:
- Privacy by design and by default: Personal Data/Personal Information shall be subject to reasonable access controls designed to ensure that Personal Data/Personal Information is stored securely and accessed properly by HIGHTIDE Representatives with a need to access such information to do their jobs.
- Lawfulness and transparency: HIGHTIDE is committed to (i) only collect Personal Data/Personal Information for specific, legitimate purposes and collected in accordance with Applicable Laws, and (ii) being transparent with patients and other individuals about how HIGHTIDE uses their Personal Data/Personal Information.
- Minimal Data Processing: HIGHTIDE data processing operations are designed to process only the minimum amount of Personal Data/Personal Information that is necessary for the performance of specific operations that require access to such information.
- Accuracy/quality of personal information: HIGHTIDE is committed to compliance with data protection laws that require that Personal Data/Personal Information be accurate based on what is submitted to HIGHTIDE and, where necessary, kept up to date.
- Giving effect to Patient rights: HIGHTIDE respects the rights of patients participating in HIGHTIDE-sponsored clinical trials with respect to the processing of their Personal Data/Personal Information. HIGHTIDE will respond to requests from patients to exercise their privacy rights regarding their Personal Data/Personal Information in accordance with Applicable Law.
- Storage limitations: HIGHTIDE will not keep Personal Data/Personal Information for any longer than is reasonably necessary to achieve the purposes for which the Personal Data//Personal Information was collected.
- Data integrity and confidentiality: HIGHTIDE has systems in place designed to protect the Personal Data/Personal Information in HIGHTIDE’s possession or under HIGHTIDE control from misuse, interference, loss, unauthorized access and disclosure, modification, accidental or unlawful destruction and other forms of unlawful processing.
- Compliance with rules relating to data transfers (including international transfers and transfers to third parties): In the event that HIGHTIDE needs to transfer Personal Data/Personal Information between different countries, HIGHTIDE will do so in a manner designed to ensure that such data are sufficiently protected when transferred.
5.2 Collecting personal information: HIGHTIDE collects Personal Data/Personal Information actively and passively. Examples of how Personal Data/Personal Information is collected includes but are not limited to:
- Directly from individuals who provide Personal Data/Personal Information to HIGHTIDE
- Registering for a HIGHTIDE event, program, newsletter, or other activity or communication
- Signing up for informational or marketing materials
- Visiting HIGHTIDE’s websites through cookies and other technological tools to collect data about the visitor’s computer and use of the HIGHTIDE website and applications
- Visiting HIGHTIDE’s offices
- From a visitor’s browser or device, information generated from online browsing and usage activity, or from public third-party sources such as LinkedIn
- Interacting with HIGHTIDE via social media and email
- Responding to inquiries that individuals submit to HIGHTIDE
- From healthcare professionals, hospitals, medical clinics, and contract research organizations (CRO) participating in HIGHTIDE-sponsored clinical trials
- From third party service providers, data brokers, or business partners
- From industry and patient groups and associations
5.3 Using and Disclosing Personal Data/Personal Information: HIGHTIDE does not sell, share, or otherwise distribute Personal Data/Personal Information to third parties for its or their marketing purposes. Subject to the provisions of Applicable Laws, HIGHTIDE may use and/or disclose Personal Data/Personal Information for its business purposes and also to meet its regulatory and ethical obligations. Such uses and/or disclosures may include but are not limited to:
- Complying with lawful requests, legal processes, or governmental regulations
- Responding to requests, questions, and feedback
- Improving HIGHTIDE’s level of service
- Providing and/or promoting products and services
- Providing and requesting information
- Completing transactions
- Sharing with service providers who act on HIGHTIDE’s behalf and are bound by law or contract to protect Personal Data/Personal Information and only use such information in accordance with HIGHTIDE’s instructions
- Developing business relationships
- Considering job applications
- Reporting adverse events
- Monitoring and analyzing business operations and website and other applications usage
- Anonymizing data so that it is no longer Personal Data/Personal Information
- Providing access to HIGHTIDE sites and facilities
- Administrative and quality assurance purposes
- Protecting against fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of HIGHTIDE’s websites and mobile applications) and claims and other liabilities
- Other lawful purposes described on https://hightidetx.com
5.4 Your Rights, Data Limitations, and Opt-Out: People have the right to know the Personal Data/Personal Information collected by HIGHTIDE and how HIGHTIDE uses and/or discloses such information. People can limit the Personal Data/Personal Information provided to HIGHTIDE but this may result in inability to access to services and content on the Site.
5.5 Cookies: When visitors come to the HIGHTIDE Site, HIGHTIDE may collect certain data by automated means, using technologies such as cookies that may be placed on the visitor’s computer. HIGHTIDE may collect data about the device used to access the Site, the pages visited, the length of time spent on Site pages, the operating system and platform type, browser type and version, domain, and other system settings, the language the system uses, the country and time zone where the device is located, the date and time the Site is visited, and the IP address of the device used. People can manage cookie preferences and opt-out of having cookies and other data collection technologies used by adjusting the settings on their browser.
5.6 Consent to Processing in the United States, China and Elsewhere: By using this Site, visitors consent to the collection, storage, and processing of their data in the United States, China and in any country to which HIGHTIDE may transfer such data in the course of HIGHTIDE’s business operations.
5.7 Policies of Third Parties: This Policy only addresses the use and disclosure of Personal Data/Personal Information by HIGHTIDE. HIGHTIDE may provide links to outside websites or advertisements for third parties that have their own policies regarding data collection, use and disclosure. The terms of usage and other conditions of use posted on those websites, and not the policies and procedures described here, apply to those websites.
5.8 Children’s Privacy: HIGHTIDE is committed to protecting the privacy of children. This Site is not intended for, or designed to attract, children under the age of 13. HIGHTIDE does not knowingly collect any Personal Data/Personal Information of anyone under the age of 13, and no Personal Data/Personal Information should be submitted to HIGHTIDE through the website by visitors who are less than 13 years old. If it comes to HIGHTIDE’s attention that someone under the age of 13 has volunteered Personal Data/Personal Information, or that a healthcare professional has volunteered Personal Data/Personal Information about a patient who is younger than 13, without the given or authorized consent of the holder of parental responsibility over such child, HIGHTIDE will promptly, upon relevant notification or request, delete such Personal Data/Personal Information from its systems.
5.9 How to Contact HIGHTIDE: Please contact HIGHTIDE with any questions or comments about its privacy practices or this Policy by e-mail at info@hightidetx.com, or by regular mail: HighTide Therapeutics, Inc., ATTN: General Counsel.
In the US: 11140 Rockville Pike, Suite 100-551, Rockville, MD 20852-3149 USA
In the PRC: 9th to 10th Floor, Building D, Shenfang Park, Shenzhen-Hong Kong Science and Technology Innovation Cooperation Zone, Fubao Street, Futian District, Shenzhen, China
In Hong Kong, China: Unit 519, 5/F, 5W Science Park West Avenue, Science Park, NT
In Australia: Level 13, 2-26 Park Street, Sydney, NSW 2000, Australia
5.10 General Data Protection Regulation (GDPR) and the Data Protection Act of 2018 (UK GDPR): Citizens of the EU and UK are provided additional rights regarding the management of their Personal Data/Personal Information. These include without limitation:
- Right to request access to the Personal Data/Personal Information provided to HIGHTIDE
- Right to request deletion of Personal Data/Personal Information provided to HIGHTIDE
- Right to rectify inaccuracies
- Right to be informed of the Personal Data/Personal Information being collected, the reasons why it is being collected, who is collecting it, how long it will be retained, how it is shared and how to file a complaint
- Right to object to the processing of Personal Data/Personal Information
- Right to receive one’s Personal Data/Personal Information in a structured manner, in a standard format and
- Right to withdraw consent for processing of Personal Data/Personal Information
- These rights are to be exercised by EU and UK citizens free of charge unless the request is unfounded, excessive, or otherwise unreasonable, for instance, because it is needlessly duplicative. In some situations, HIGHTIDE may refuse to act or may impose limitations on these rights, as permitted by Applicable Law. Individuals making requests regarding the collection and/or use of their Personal Information will be required to provide Personal Information sufficient to verify their identity so that HIGHTIDE can appropriately respond to such inquiries.