RhiaPharmaceutical Website Privacy Policy

Last Updated:  January 31, 2023

This Privacy Notice applies specifically to Rhia Pharm , Inc. (collectively, “RhiaPharmaceutical,” “we,” “us”) in respect of its processing of personal data (“Personal Data”).  For purposes of this Privacy Notice, “Personal Data” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household.  Personal Data does not include, and this Privacy Notice does not apply to, aggregate information or information that has been de-identified or anonymized in accordance with applicable law.

In this Privacy Notice, RhiaPharmaceutical describes our general practices regarding how we collect, use, and disclose Personal Data of patients, caregivers, and healthcare professionals—as well as other individuals with whom we interact, for example, research study participants, researchers, visitors to our online services, job applicants, service providers, business partners, and investors.   Your use of our website(s) and any online service that links to this Privacy Notice constitutes your acknowledgement of our privacy practices as described below.  RhiaPharmaceutical acts either as independent data controller or joint controller for processing of Personal Data. The role of RhiaPharmaceutical will be clearly identified as controller or joint-controller in any specific privacy notice complementing this Privacy Notice (e.g. selection and recruitment; talent acquisition; safety and adverse events; healthcare professionals’ engagement, etc.), which are not in scope of this Privacy Notice. Any specific privacy notice will be delivered to the data subjects for that specific purpose(s). 

I.         HOW WE COLLECT PERSONAL DATA

We collect Personal Data:

From individuals

  • Through our websites (“Site(s)”)
  • Through healthcare professionals
  • Through contract research organizations and clinical trial investigators
  • Through government agencies or public records
  • Through third party service providers, data brokers or business partners
  • Through industry and patient groups and associations
  • Through social media or other public forums (including adverse event information or product quality complaints)

II.        THE TYPES OF PERSONAL DATA WE PROCESS

The types of information we collect, access, disclose, store, use, or otherwise process (“process”) that may (if linked to a specific individual) be Personal Data include:

  • Identifiers and contact information, such as name, address, email address, phone number, date of birth, and other similar identifiers and contact information.
  • Health and medical information, such as diseases, symptoms, complications, therapies, medications, outcomes, barriers to access, insurance information, dates of service, and an RhiaPharmaceutical-generated patient identification number.
  • Mental and physical characteristics, such as level of fatigue, weight, and slurred speech.
  • Professional information, such as employer, title, specialty, employment history, awards and honors, membership in professional organizations, speaking engagements, and affiliations with patient advocacy organizations.
  • Job candidates, selection and recruitment related information, such as name; addresses; email addresses; telephone numbers; Social Security number; government issued identification number; date of birth; date(s) of hire; title; position(s); work location(s); interview information and notes; employment history; employee termination information; race or ethnic origin; gender; medical certificate issued by accredited and specialized medical professionals, credit history; criminal history; immigration status and other appropriate information, i.e. work permit status.
  • Audio or visual information, such as audio or video recordings of you describing your experience as a patient, caregiver, or HCP.
  • Education information about job applicants, such as level of education attained, institutions attended, majors and areas of study, and grades.
  • System Account information, such as username and password.
  • Demographic information, such as age, date of birth, and gender.
  • Inferences, such as notes about preferences and aptitudes.
  • Internet or other electronic network activity information, such as IP address, country or geographic region location, browser type, device type, operating system, dates, and times you access our services, browsing history, and other information about your interactions with our online services. We collect such information through cookies and other tracking technologies, as described in our Cookie Notice.

In addition to the above, we will collect any other information that you provide to us, such as stories about a doctor’s visit, questions related to our diseases and therapies, research interests, and cover letters.

III.       WHY WE PROCESS YOUR PERSONAL DATA

We process Personal Data for the business and commercial purposes described in the bullet points below. The laws of certain jurisdictions require that we have a legal basis for our processing of Personal Data; where those laws apply, we have identified our legal bases in the first-line bullet points, and those legal bases apply only for those jurisdictions.

As necessary for our legitimate interests in:

  • Operating and overseeing our business, for example, to perform and administer clinical trials, research and product-improvement activities supporting quality and safety, enabling ethical and compliant business operations, conducting audits and investigations, managing your accounts, providing our investigational products and services, improving and developing new products and services, researching market trends, monitoring service providers, analyzing potential talent, and otherwise administering our business (e.g., providing key functions like human resources, finance, accounting, IT, security, legal, and compliance). For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, education information, and video and audio information (as part of monitoring our compliance with applicable laws and internet or other electronic network activity information to monitor online safety).
  • Communicating with you, for example, responding to your inquiries (including unsolicited requests for information about our indications or scientific information), providing you with information we think may interest you, contacting you for your input, and maintaining records of our interactions with you. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information.
  • Personalizing our interactions with you, for example, understanding your professional and personal interests and adapting our services to your needs and preferences. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, professional or employment-related information, inferences, demographic information, and internet or other electronic network activity information.
  • Protecting rights and interests, for example, protecting the health, safety, and security of RhiaPharmaceutical, its employees, patients, caregivers, HCPs, and the general public; enforcing our legal rights; and pursuing remedies or otherwise taking steps to limit damages and liabilities. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information to investigate violations of our contracts or health and medical information in the event of an emergency.
  • Identifying potential talent, for example, reviewing information to identify candidates for our talent pipeline via online or public sources. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, professional or employment-related information, education information, and demographic information.

As necessary for the performance of a contract or pre-entering a contract, for example, negotiating contracts in advance of entering into one and honoring our contractual commitments, such as:

  • Engaging you to provide services on our behalf or as a business partner, for example, engaging with services providers that provide market research services or working with research collaborators. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information and financial information.
  • Providing patient support services, for example, connecting you with other resources or organizations. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information.
  • Providing grants, sponsorships, and other opportunities, for example, sponsoring and participating in research, events, and conferences. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, health and medical information, mental and physical characteristics, professional or employment-related information, education information, and demographic information.

With your consent, or if you are a Minor (defined in the “Privacy Notice for Minors” section below), with your or your parent’s or legal guardian’s consent, in order to:

  • To communicate with you, for example, If you request information from us, or participate in our surveys, promotions or events, we may send you RhiaPharmaceutical-related marketing communications as permitted by law. We may also use your Personal Data to engage in direct marketing activities as permitted by law. You will have the ability to opt out of such communications.
  • Evaluate job candidates, for example, reviewing your job applications, talking to references, and reviewing information to identify candidates for our talent pipeline. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, professional or employment-related information, education information, and demographic information.
  • Share your story with others, for example, when we share patient stories to help our employees and others better understand our patients and their journeys. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information and audio and visual information.
  • Collect information from or about you, for example, when we are legally required to obtain your consent before collecting certain Personal Data (e.g., sensitive information, such as health and medical information and mental and physical characteristics) about you.

When we rely on consent as a legal basis for processing your Personal Data, you have the right to withdraw your consent at any time by contacting us via email at dpo@RhiaPharmaceutical.com.

As required by law, for example, by:

  • Monitoring pharmacovigilance and investigational product safety, quality, and complaints for ensuring high standards of quality and safety of health care and of investigational products, for example, providing infrastructure to intake adverse event reports and complaints, maintaining records of such events and complaints, appropriately responding to reports and complaints, and providing appropriate information to regulators. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, health and medical information, and mental and physical characteristics.
  • Complying with transparency requirements, for example, monitoring payments and other transfers of value. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, professional or employment-related information, and financial information.
  • Monitoring fraud and abuse, for example, investigating potential claims of fraud and abuse. For these purposes, we may use any of the types of Personal Data described above, for example, financial information.
  • Responding to legal process, for example, complying with legal requests from administrative or judicial authorities and complying with subpoenas. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, professional or employment-related information, and financial information.

Due to the nature of our business, RhiaPharmaceutical is subject to a number of legal requirements. As a result, RhiaPharmaceutical may be required to process Personal Data, for example, sensitive Personal Data (including health and medical information and mental and physical characteristics), in order to meet these obligations. We will process your Personal Data in accordance with our legal obligations and in a way that protects your privacy to the extent possible, for example, pseudonymizing information, while still complying with our legal obligations.

Use for new purposes

We may use your Persona Data  for reasons not described in this Privacy Notice where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your Personal Data for an unrelated purpose, we will notify you and explain the applicable legal basis.

IV.       HOW WE SHARE YOUR PERSONAL DATA

RhiaPharmaceutical may share your Personal Data in the following ways:

With Affiliates

We may disclose your Personal Data to our subsidiaries and corporate affiliates, including Bayer AG, for purposes consistent with this Privacy Notice and applicable law.

With Our Service Providers

We may employ third party companies and individuals to perform services on our behalf, including:

  • Contract research organizations that conduct clinical trials
  • Data storage and analytics
  • Technology services and support (including email and web hosting providers, marketing and advertising technology providers, email and text communications providers, mobile app developers)
  • Event planning and travel organizations that help facilitate RhiaPharmaceutical programs
  • Payment, shipping and fulfillment service providers

These third parties may use your Personal Data only as directed by RhiaPharmaceutical and in a manner consistent with this Privacy Notice, and are prohibited from using or disclosing your Personal Data for any other purpose.

With Business Partners and Other Professionals and Organizations

We may disclose your Personal Data to partners with whom we jointly develop products or services, in connection with the future development and future promotion of such products or services. We will ask for your consent before disclosing your Personal Data with our business partners where required by applicable law. We may also share your Personal Data with healthcare professionals, researchers, academics, public health organizations, and publishers for purposes consistent with this Privacy Notice.

With Our Professional Advisors

We may disclose your Personal Data to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

V.        YOUR RIGHTS AND CHOICES

The following rights are in general available to you according to applicable data privacy laws: 

  • Right of access and information about your Personal Data stored by us; 
  • Right to request the correction, deletion or restricted processing of your Personal Data; 
  • Right to object to a processing for reasons of our own legitimate interest, public interest, or profiling, unless we are able to proof that compelling, warranted reasons superseding your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims; 
  • Right to data portability; 
  • Right to file a complaint with a data protection authority; 
  • You may at any time with future effect withdraw your consent to the processing of your personal data by contacting dpo@RhiaPharmaceutical.com.

VI.       INTERNATIONAL TRANSFERS

RhiaPharmaceutical is headquartered in the United States and has subsidiaries and service providers in other countries, and your Personal Data may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction. We comply with legal requirements for cross-border data protection, for example, through the use of standard contractual clauses and, in some cases, other transfer mechanism permitted under applicable laws.

VII.     DATA SECURITY

RhiaPharmaceutical has implemented privacy and security controls designed to help protect your Personal Data. Please note, however, that no security measures are 100% effective, and we cannot guarantee absolute security of your Personal Data. We encourage you to take steps to protect yourself, for example, by not sharing login credentials to your accounts, not sending us sensitive information using unsecure methods (e.g., via unencrypted email), and protecting your devices (e.g., with passwords).

VIII.    DATA RETENTION

RhiaPharmaceutical retains your Personal Data for as long as necessary for the purpose for which it was collected, unless a longer period is required to comply with applicable laws. Our retention periods vary depending on the purpose(s) for which your data was collected. Some of the criteria we use to assess appropriate retention periods include: (i) the nature of the Personal Data and the activities involved, (ii) when and for how long you interact with RhiaPharmaceutical, and (iii) our legal obligations. To provide security and business continuity we make backups of certain data, which we may retain for longer than the original data where permissible by applicable laws.

IX.       PERSONAL DATA OF MINORS

We may process Personal Data about persons under the age of 18 (“Minors”) with the consent of their parent or guardian for the provision of certain services, such as patient support programs or research activities. We do not, however, knowingly solicit Personal Data from, or market or advertise to, Minors. If we become aware that we have collected Personal Data about a Minor without the consent of his/her parent or guardian, we will take reasonable steps to delete it in accordance with applicable legal requirements. Please contact us as at compliance@RhiaPharmaceutical.com to make us aware of Personal Data that we process about a Minor without consent.

X.        THIRD-PARTY RESOURCES

We may provide you with links to or information about third-party resources. For example, we provide patients with information about patient advocacy groups, and we provide researchers with links to clinical trial registries. Please note that RhiaPharmaceutical does not control the privacy policies or practices of such third parties, and we encourage you to review the privacy notices of the third parties with which you interact.

XI.       UPDATES TO THIS PRIVACY NOTICE

We may update our Privacy Notice from time to time. Updates of our Privacy Notice will be published on our Site. Any amendments become effective upon publication on our Site. We therefore recommend that you regularly visit the site to keep yourself informed on possible updates.

XII.     HOW TO CONTACT US

Changes to your Personal Data

It is important that the Personal Data we hold about you is accurate and up to date. Please let us know if your Personal Data changes during your relationship with us by emailing us at compliance@RhiaPharmaceutical.com.

Questions or Comments?

For general questions or comments for which the individual would prefer to contact the Data Protection Officer (“DPO”) or about RhiaPharmaceutical’s privacy practices from anyone anywhere in the world:

Tracy Dowling, General Counsel
tdowling@RhiaPharmaceutical.com

For general questions or comments for which the individual would prefer to contact a DPO:
By email: dpo@RhiaPharmaceutical.com