privacy policy

Effective as of January 1, 2023.

ECI Therapeutics (collectively, “ECI“, “we” or “us“) respect your privacy, and recognize the need for appropriate protection and management of personal information you may share with us.

This Privacy Policy describes how we will treat any personal information that we process in connection with the use of this website, https://www.ecitherapeutics.com, any other website that we own or control which posts or links to this Privacy Policy, and our products and services.

This Privacy Policy also explains the rights and choices available to individuals with respect to their personal information. We may provide additional privacy notices to individuals at the time we collect their data. For example, we provide a specific privacy notice to clinical trial participants that describe our privacy practices in connection with conducting clinical trials. This type of an “in-time” notice will govern how we may process the information you provide at that time.

California Residents: See our Notice to California Residents for information about your personal information and privacy rights.

Individuals in the EEA/UK: See our Notice to European Users for information about your personal information and data protection rights. Collection of Personal Data

We collect personal information in the following ways:

  • Directly from individuals
  • Through our websites and mobile apps
  • From healthcare professionals
  • From contract research organizations and clinical trial investigators
  • From government agencies or public records
  • From third party service providers or business partners
  • From industry and patient groups and associations
  • From social media or other public forums

We collect the following types of personal information, depending on the nature of our relationship with you and the requirements of applicable laws:

  • Contact information and preferences, such as your name, address, e-mail address, telephone number and/or fax number
  • Biographical and demographic information, such as date of birth, age, and gender
  • Health and medical information we collect in connection with managing clinical trials, conducting research, and tracking adverse event reports
  • Application data, such as your name, e-mail address, mailing address, phone number, employment history and any other personal information contained in your resume and correspondence with ECI
  • Professional credentials, such as educational and professional history job title, organization name and institutional affiliations
  • Payment-related information we need to pay for professional services, such as consulting, that individuals may provide to us (such as tax identification number and financial account information)
  • Engagement data, such as information about the programs, conferences and activities in which you have participated, and the agreements you have executed with us
  • Feedback, including from social media posts, in emails, on phone calls, in market research surveys, or in other correspondence with us or our service providers or business partners (such as comments describing support for and experience with ECI products)

Automatically collected data. We, our service providers, and/or our business partners may automatically log information about you, your computer or your activity on our websites over time and across third-party websites, as described in our Cookies Policy, such as:

  • Device identifiers, including information about the device you are using to connect to our websites, such as your device operating system type and version number, manufacturer and model, device identifier, browser type, screen resolution, IP address, and other device identifiers
  • Online activity data, including browsing history, search history, clickstream data, and other information about your interactions with our websites, applications, social media pages, and email communications

Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to do not track signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Use of Personal Data

We use this information for one or more of the following purposes:

For our operations

We may use information about you in connection with our ongoing business operations, including to manage our relationship with you, to enable delivery of products and services to you, to respond to your service-related requests and inquiries to our customer service and business teams, to provide you with product and service updates, to enable you to participate in surveys or questionnaires, and to provide you with opportunities to learn about other products, programs, or services that we believe may be of interest to you. We also use your information to improve our website, products and services, marketing, and customer relationships and experiences.

To provide you with information

We use your information to respond to your requests and provide information that you have requested from us. We also may send you additional information about other ECI products and services. For example, when you subscribe to a mailing list, such as for purposes of marketing, investor or educational mailing lists, we use the information you provide to deliver the e-mails you have elected to receive. You will have the ability to opt out of any such communications.

To manage our recruitment process

When you apply for a position at ECI Therapeutics, you may provide us with personal information such as your name, e-mail address, mailing address, phone number, employment history and any other personal information contained in your resume and correspondence with ECI. We may use your personal information for employee recruitment purposes and to respond to your requests for information.

To perform and administer clinical trials, research and product-improvement activities

We may use your personal information when necessary to facilitate our clinical trials, research, studies, and related activities that support product improvement, including staffing and managing clinical trials (such as recruiting investigators and participants), tracking and responding to safety and product quality concerns (including product recalls), supporting scientific, educational and volunteer events (such as conferences), and identifying and engaging thought leaders and external experts.

To provide our products and services

We use your personal information as necessary to provide ECI products and services, including to manage access to our products (such as where access is limited by law), and pay for services individuals may provide to us.

To comply with law

We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.

To comply with regulatory monitoring and reporting obligations

We use your personal information as we believe necessary or appropriate to comply with regulatory monitoring and reporting obligations, such as those related to adverse events, product complaints, patient safety, and financial disclosures.

With your consent

We will request your consent to use your personal data where required by law, such as where we use certain cookies or similar technologies or would like to send you certain marketing messages. If we request your consent to use your personal data, you have the right to withdraw your consent any time in the manner indicated when we requested the consent or by contacting us as provided below.

To create anonymous, aggregated or de-identified data

We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by excluding information that makes the data personally identifiable to you, and use that anonymous data for our lawful business purposes.

For compliance, fraud prevention and safety

We use your personal information as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our websites, mobile apps, products and services; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

We will only use your personal data when the law allows us to and for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Sharing and Disclosure

Affiliates. We may disclose your personal information to our subsidiaries and corporate affiliates for purposes consistent with this Privacy Policy.

  • Service providers. We may provide your personal information to third party vendors and service providers that we engage to assist us with our business activities. For example, we may provide your personal information to an organization in order to complete a service (e.g., shipping an order, sending mailings you have requested), to assist us in reviewing the data or to provide marketing or advertising on our behalf. These companies are authorized to use personal information about you only as necessary to provide these services to us.
  • Business and advertising partners. We may disclose your personal information to partners with whom we develop or provide products or services, in connection with the development, marketing and promotion of such products or services. We may also share your personal information with health care professionals, researchers, academics, public health organizations, and publishers for purposes consistent with this Privacy Policy.
  • Professional advisors. We may also disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary, in the course of the professional services that they render to us.
  • Authorities and others. In certain situations, we may disclose your personal information if we believe we are required to do so by law, regulation or other government authority, and as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our websites and services; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
  • Business transferees. We will not sell your personal information to any other company or organization, except we may transfer your personal information to a successor entity upon a merger, consolidation or other corporate reorganization in which ECI participates or to a purchaser of all or substantially all of ECI’s assets. You will be notified via e-mail and/or a notice on our website of any change in ownership, and choices you may have regarding your personal information.

Additional Program Terms

In some situations, we may have a separate agreement or relationship with you with respect to a specific type of processing of your data, such as if you participate in a special program, activity, event, or clinical trial. These situations will be governed by specific terms, privacy notices, or consent forms that provide additional information about how we will use your information. We will honor these additional terms with respect to your information and thus, strongly recommend you review the additional terms prior to participating in any programs.

International Transfers 

ECI is headquartered in the United States and has affiliates and service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction. Individuals in the European Union should read the important information provided about transfer of personal information outside of the European Economic Area.

Children 

Our websites are not directed to children under the age of 13, and we will not knowingly collect personal information through our websites from a minor under the age of 13. If we learn that we have collected personal information directly from a child under the age of 13 through our websites, we will delete that information.

Links to Other Sites

Our websites may include links to other websites that we believe may be of interest to our visitors. We aim to ensure that such websites are of the highest standard. However, ECI cannot guarantee the standards of every website link it provides or be responsible for the contents of non-ECI sites. We encourage you to consult the privacy notices of these sites, as we have no control over information that is collected by these third parties, and our Privacy Policy does not cover activities at other websites.

Privacy Policy Updates 

We may update this Privacy Policy from time to time. If so, we will post the updated Privacy Policy to this page so users are always aware of what personal information we may collect and how we handle this information. ECI encourages you to review this Privacy Policy regularly for any changes. Your continued use of our websites will be subject to the then-current Privacy Policy.

Security 

We consider the protection of all personal information we receive from our website visitors and others as critical to our corporate mission, and we have reasonable and appropriate security measures to protect against the loss, misuse, alteration or disclosure of your personal information. However, you should be aware that no security safeguards are 100% secure and we cannot guarantee the security of your information.

Your Choices 

You may have the following choices regarding your information:

Access, Review, Update Your Information

If you become aware that the information we maintain about you is inaccurate, incomplete, misleading, irrelevant or out of date, or if you would like to request to access or review your information, you may contact us at info@ecitherapeutics.com

Marketing Communications 

To “opt-out” of receiving marketing or promotional emails or communications, you may use the “unsubscribe” feature included in the specific communication, or send an e-mail to info@ecitherapeutics.com with the subject line “Unsubscribe”. You may also email the Investor Relations department at ir@ecitherapeutics.com with the subject line “Unsubscribe” to request to be removed from the investor relations mailing list. Where you opt-out of receiving marketing or promotional communications, this will not apply to service-related and non-marketing emails.

Cookies 

You can generally set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our websites may become inaccessible or not function properly. You can also accept or reject cookies directly from the cookie banner in our website. Please refer to our Cookie Notice for more information

Choosing not to Share your Personal Information

Where we are required by law to collect your personal information, or where we need your personal information in order to provide you with our products or services, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our products or services and may need to terminate our relationship with you. We will tell you what information you must provide to us by designating it as required when we request the information or through other appropriate means.

Contact Us

If you have any questions or concerns about our Privacy Policy, or to contact our data protection manager, please contact us at:

info@ecitherapeutics.com

Notice to European Union Users 

Personal information References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Controller and Data Protection Officer 

ECI Therapeutics is generally the controller of your personal information for purposes of European data protection legislation (i.e., the EU GDPR and the so-called ‘UK GDPR’ (as and where applicable, the “GDPR”). 

Legal bases for processing

We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described in the table below. If you have questions about the legal basis of how we process your personal information, contact us at info@ecitherapeutics.com or at the address provided above.

Processing PurposeLegal Basis
To provide our products and servicesWhere we have a contract governing this processing purpose, the processing is necessary to perform that contract, or necessary to take steps that you have requested prior to entering into the contract.
In other cases, these processing activities are necessary to protect your, or another person’s, vital interests.
To perform and administer clinical trials, research and product-improvement activities
For health care professionals and business contacts: The processing is necessary to perform the contract we entered into, or necessary to take steps that you have requested prior to entering into the contract.

For patients: Where we process sensitive personal data in connection with this processing purpose, the processing is necessary for scientific or historical research purposes or statistical purposes, or based on your explicit consent. Please refer to the specific privacy policy for more information in this respect.

In all other cases, these processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
For our operations
To communicate with youTo create anonymous, aggregated or de-identified data for analytics
For compliance, fraud prevention and safety
These processing activities constitute our legitimate interests. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
To display advertisements
We have a legitimate interest in promoting our operations and goals as an organization, including displaying advertisements related to our products and services.

In circumstances or in jurisdictions where consent is required under applicable data protection laws to display advertisements, we will rely on your consent.
To comply with regulatory monitoring and reporting obligations
To comply with law
Processing is necessary to comply with our legal obligations
With your consentProcessing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated when we requested the consent or by contacting us.

Use for new purposes
We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Retention
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may either delete or anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.

Your rights
European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
    Rectify. If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified.
  • Erase. You can ask us to delete or remove your personal information where there is no lawful reason for us continuing to store or process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law.
  • Port. You have the right, in certain circumstances, to ask us to provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Restrict. You can ask us to suspend the processing of your personal information if: (i) you want us to establish the data’s accuracy; (ii) where our use of the data is unlawful but you do not want us to erase it; (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Object. Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Right to withdraw consent at any time. Where we are relying on consent to process your personal information you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Exercising Your Rights
You can submit these requests by email to info@ecitherapeutics.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.

Your Right to Lodge a Complaint with Your Supervisory Authority
If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction:

  • For users in the European Economic Area – the contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-edpb/board/members_en
  • For users in the UK – the contact information for the UK data protection regulator is below:
    The Information Commissioner’s Office
    Water Lane, Wycliffe House
    Wilmslow – Cheshire SK9 5AF
    Tel. +44 303 123 1113
    Website: https://ico.org.uk/make-a-complaint/

Cross-Border Data Transfer

We are headquartered in the United States and may use service providers that operate in other countries. Therefore, we may transfer your personal information to recipients outside of the EEA and/or the UK. Some of these recipients are located in countries in respect of which either the European Commission and/or UK Government (as and where applicable) has issued adequacy decisions, in which case, the recipient’s country is recognized as providing an adequate level of data protection and the transfer is therefore permitted under Article 45 of the GDPR.

Some recipients of your personal information may be located in countries outside the EEA and/or the UK for which the European Commission or UK Government (as and where applicable) has not issued adequacy decisions in respect of the level of data protection in such countries (“Restricted Country”). For example, the United States is a Restricted Country. When we transfer your personal information to a recipient in a Restricted Country, we will either:

  • enter into appropriate data transfer mechanism as approved from time-to-time by the European Commission under Article 46 of the GDPR, the UK Information Commissioner’s Office or UK Government (as and where applicable), such as the Standard Contractual Clauses or the International Data Transfer Addendum (as applicable); or
  • rely on other appropriate means permitted by the GDPR, which establish that such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal information against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.
    You may ask for a copy of such appropriate specific data transfer mechanism by contacting us at info@ecitherapeutics.com.

Notice to California Residents

This section describes how we collect, use, and share Personal Information of California residents in our capacity as a “business” under the California Consumer Privacy Act (“CCPA”) and their rights with respect to that Personal Information. For purposes of this section, the term “Personal Information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA. In some cases, we may provide a different privacy notice to certain categories of California residents, such as employees and job applicants, in which case that notice will apply instead of this section.

Under the CCPA, this Notice to California Residents and the privacy practices and rights it describes do not apply to the information we collect, use or disclose about clinical trial volunteers, candidates, participants and investigators, health care providers, and other individuals who represent businesses that provide services to us or to which we provide our products or services. This is because information about these individuals is governed by clinical trial regulations, California’s Confidentiality of Medical Information Act or the Health Insurance Portability and Accountability Act of 1996, or is subject to the CCPA’s exemption on business contact information.

Your California Privacy Rights

California residents have the rights listed below under the CCPA. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law. We do not “sell” or “share” personal information as those terms are defined in the CCPA (and have not done so during the prior 12 months), and have no actual knowledge that we have sold or shared the personal information of California residents under 16 years of age.

  • Information. You can request the following information about how we have collected, used and shared your personal information during the past 12 months. We have made this this information available to California residents without having to request it by including it in this notice, in the chart below.
    • The categories of Personal Information that we have collected.
    • The categories of sources from which we collected Personal Information.
    • The business or commercial purpose for collecting and/or selling Personal Information.
    • The categories of third parties with which we share Personal Information.
    • The categories of Personal Information that we sold or disclosed for a business purpose.
    • The categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.
  • Access. You can request a copy of the personal information that we maintain about you.
  • Correction. You can ask us to correct inaccurate Personal Information that we have collected about you.
  • Deletion. You can ask us to delete the personal information that we collected or maintain about you.
  • Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA.Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.
    Exercising your Right to Information, Access, Correction and Deletion
    You may submit requests to exercise your right to information, access or deletion by emailing us at info@ecitherapeutics.com.

Verification
We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. We will need to verify your identity to process your information, access and deletion requests and reserve the right to confirm your California residency. To verify your identity, we may require government identification, a declaration under penalty of perjury or other information.

Authorized Agents
Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity, and provide us with confirmation that you have given the authorized agent permission to submit the request.

Personal Information We Collect, Use and Disclose
The chart below summarizes the Personal Information we collect by reference to the categories of Personal Information specified in the CCPA (Cal. Civ. Code §1798.140), and describes our practices currently and during the 12 months preceding the effective date of this Privacy Policy. The terms in the chart refer to the categories of information, sources, purposes and third parties described above in this Privacy Policy in more detail. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described below.

Personal Information we collectCCPA-defined categories
(click for details)
Sources from which we may collect the personal informationPurposes for which we may collect and use the personal informationCategories of third parties to which we disclose the personal information
Contact informationIdentifiersYouFor our operationsAffiliates
Service Providers
Biographical and demographic informationIdentifiers

Inferences
YouTo display advertisementsBusiness and advertising partners
Health and medical informationIdentifiers

Medical information

Inferences
You

Contract research organizations and clinical trial investigations

Industry and patient groups and associations
To perform and administer clinical trials, research and product-improvement activities Service providers

Affiliates
Application data
Identifiers

Professional or Employment Information

Education information
You

Your references
To manage our recruitment process

To communicate with you
Service providers

Affiliates
Professional credentials
Identifiers

Professional or Employment Information
You

Social media and other public forums
To manage our recruitment process

To communicate with you
Service providers

Affiliates
Payment-related information
Identifiers

Financial data
Third party service providers or business partnersFor our operationsService providers

Affiliates
Engagement data Professional or Employment InformationThird party service providers or business partnersTo communicate with youBusiness and advertising partners
Feedback Identifiers

Online Identifiers

Professional or Employment information
You

Social media and other public forums
For our operations

To communicate with you

To perform and administer clinical trials, research and product-improvement activities
Service providers

Affiliates
Device identifiers

Online activity data
Online Identifiers

Inferences

Internet or Network Information

Geolocation data
You

Automatic collection
For our operations

To display advertisements
Affiliates

Business and advertising partners

Please note that we may also disclose all personal information with affiliates, service providers, professional advisors, authorities, and business transferees as described in the “How We Share Personal Information” section of this Privacy Policy.