Last updated: 2/10/2021
We process the information we collect from and about you in accordance with applicable data protection principles, including U.S. and applicable EU member state law. We understand the importance of your privacy and are committed to providing appropriate privacy protections to everyone we collect data from. This includes:
- research participants and their caregivers
- healthcare professionals and researchers
- users of our products and services, including website users
- contractors, vendors, and business partners, and the representatives thereof
- representatives of the scientific community
INFORMATION WE COLLECT AND HOW WE USE IT:
- RESEARCH PARTICIPANTS
Information We Collect. When you participate in Research, we collect information that, alone or in combination with other information, could be used to identify you , as described below.
Information You Provide Us. When you choose to enroll in Research, entities that conduct Research-related activities on our behalf, including providers of clinical trial operations services such as trial site personnel, investigators who provide you with investigational drugs, clinical research organizations such as laboratories that test your blood (“CROs“), and others (collectively referred to as “Research Partners“) collect information, including your name, email address, address, and other contact information. Our Research Partners also collect demographic information, such as racial or ethnic origin, gender, age, religious or philosophical beliefs, or information specifying the participant’s sex life, and may also collect information concerning your medical or health conditions. Before this information is provided to us, it is de-identified to mask the identity of any individual Research participant.
How We Use Information Collected From Research Participants.
To conduct the Research, including performing drug development research and Research-related activities such as reporting to industry regulators. For Research purposes, we either rely on reasons of public interest in the area of public health to process your information, or on the basis of consent.
- If we have sought your consent to engage in a certain Research activity, you may withdraw your consent at any time and instruct us to discontinue collecting your information
- However, please note that in order to safeguard the validity of the Research and comply with regulatory obligations related to clinical trials, your research data cannot be deleted even if you decided to stop participating in the Research
As necessary for certain legitimate business interests, which include the following:
- To send administrative information to you, for example, information regarding the Research trial, changes to, or termination of the Research
To carry out our business operations, including marketing and sales; responding to your requests; and tracking our interactions and meetings, such as when you contact us for information and support; providing you access to online services, applications, and platforms, and allowing you to manage your online accounts, where applicable; allow assessment of website traffic such as page views; and establish and ensure ongoing qualification of select clinical trial vendor personnel providing services to us.
- SITE USERS
Information We Collect. When you access and use our Sites, we collect the following types of information from and about you.
Information You Provide Us. We collect information that visitors to the Sites send to us electronically, for example when completing any “free text” boxes in our forms (such as on our “Information Request” or “Contact Us” page), or requesting information or subscribing to emailing lists. While the type of information we collect through these methods depends on the nature of your inquiry, it typically includes name and email address. If you have the opportunity to register on our Sites, we will also collect information such as a username and password.
Automatically Collected Data. When you use or interact with the Sites, the following information is automatically collected through cookies and similar tools and logged in our systems:
- Log Data: This is information that your browser automatically sends whenever you visit the Sites. Log data includes your IP address (which, among other things, allows us to understand which country you are connecting from when you visit the Sites), browser type and settings, the date and time of your request, and how you interacted with and used the Sites.
- Device Information: Includes type of device you are using, operating system, settings, unique device identifiers, network information and other device-specific information. Information collected may depend on the type of device you use and its settings.
- Usage Information: Information about how you use our Sites, such as the types of content that you view or engage with, the features you use, the actions you take, the other users you interact with, and the time, frequency, and duration of your activities.
How We Use Information Collected From Visitors to Our Sites.
As necessary for certain legitimate business interests, which include the following:
- To authenticate users and provide access to the Sites;
- To respond to your inquiries and fulfill your requests for products, services, and information;
- To send you administrative messages and marketing communications (in accordance with applicable local legal requirements) about products, services, and initiatives that we think may be of interest to you;
- To prevent fraud or criminal activity, misuse of our products or services, and ensure the security of our IT systems, architecture and networks; and
SHARING AND DISCLOSURE OF INFORMATION
We may share or disclose your information at your direction, such as when you authorize a third-party service to access your account. There are certain circumstances in which we may share your information with certain third parties without further notice to or authorization from you, unless required by the law, as set forth below:
- Vendors, Service Providers, and Research Partners: To assist us in conducting Research and to perform certain Research services and functions, we disclose your information to Research Partners; we also disclose your information to other entities providing services on our behalf, including providers of administrative services such as email communication (including appointment reminders, investment information you request through the Sites), support services, and other business operations such as analytics providers (please see the “Cookies, Online Analytics, and Advertising” section below for more information on our analytics providers). Pursuant to our instructions, these parties will access, process or store information in the course of performing their duties to us.
- Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your information may be transferred to a successor or affiliate as part of that transaction along with other assets.
- Legal Requirements: If required to do so by law, including U.S. and applicable EU member state law, or in the good faith belief that such action is necessary to (a) comply with a legal obligation, (b) protect and defend our rights or property, (c) act in urgent circumstances to protect the personal safety of users of the Sites, or the public, or (d) protect against legal liability.
To determine the appropriate retention period for your information, we will consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your information, the purposes for which we use your information, and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your local laws may permit you to request that we:
- provide access to and/or a copy of certain information we hold about you
- prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling)
- update or rectify information which is out of date or incorrect
- delete certain information which we are holding about you
- oppose, cancel, or restrict the way that we process and disclose certain information
- transfer your information to a third-party provider of services
- revoke your consent for the processing of your information
We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests, to comply with a legal obligation, or where the information provided in connection with Research is necessary in the public interest. We may request you provide us with information necessary to confirm your identity before responding to your request as required or permitted by applicable law. If you would like further information in relation to your legal rights under applicable law, or would like to exercise those rights, please contact our Data Protection Officer using the information in the “Contact Information” section below at any time.
EUROPEAN UNION (EU) USERS
Data Controller. BridgeBio and the BridgeBio subsidiary or affiliate that offers the website you are using or that administers the Research in which you are participating are the data controllers for processing your information. To find out our contact details, please see the “Contact Us” section below.
If you are an individual in the EU and would like to contact our Data Protection Officer on matters related to the processing of information, or otherwise exercise your rights in respect of your personal data (described below), please contact firstname.lastname@example.org. If you participate in Research conducted by Eidos Therapeutics or use the website at eidostx.com, you can also contact Eidos at email@example.com.
Legal basis for processing. We will generally process your information based on the following legal bases:
- Your express consent: where you have clearly consented to our processing of your information. In practice, this will generally mean that we will ask you to sign a document, or to fill in an online “opt-in” form or take other steps where you either clearly accept or refuse the data processing we describe
- To perform a contract between you and us or our representative, for example to provide our Sites to you and allow you to participate in Research
- To comply with legal obligations applicable to our activities; for instance, we are required to implement procedures to monitor adverse effects of marketed products or products being tested in clinical trials, which generally involves the collection and retention of information from and about you
- In our “legitimate interests.” When we have legitimate interests to process your information, we consider your fundamental data protection rights and interests in determining whether the processing is legitimate and lawful. We will not use your information for activities where the impact on you overrides our interests, unless we have your consent or those activities are otherwise required or permitted to by law
- Reasons of public interest in the area of public health, such as ensuring high standards in conducting Research, the quality and safety of healthcare and medical products or devices
CALIFORNIA PRIVACY DISCLOSURE
COLLECTION OF INFORMATION FROM CHILDREN
The Sites are intended for general audiences and not for children under the age of 13. If we become aware that we have collected “personal information” (as defined by the United States Children’s Online Privacy Protection Act) from children under the age of 13 without legally-valid parental consent, we will take reasonable steps to delete it as soon as possible. We do not knowingly process data of EU residents under the age of 16 without parental consent. If we become aware that we have collected data from an EU resident under the age of 16 without parental consent, we will take reasonable steps to delete it as soon as possible. We also comply with other age restrictions and requirements in accordance with applicable local laws.
LINKS TO OTHER WEBSITES
COOKIES, ONLINE ANALYTICS, AND ADVERTISING
Some cookies expire after a certain amount of time, or upon logging out (session cookies); others remain on your computer or terminal device for a longer period (persistent cookies). Our Sites use first party cookies (cookies set directly by us) as well as third party cookies (provided by our analytics and advertising providers).
On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:
Please note that if you limit the ability of websites to set cookies, you may be unable to access certain parts of the Sites and you may not be able to benefit from the full functionality of the Sites.
If you access the Sites on your mobile device, you may not be able to control tracking technologies through the settings.
Online Analytics. We may use third-party web and mobile application analytics services (such as those of Google Analytics) on our Sites to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on.
INTERNATIONAL USERS AND DATA TRANSFERS
We have implemented a variety of technological and organizational procedures and measures to protect your information from unauthorized access, use and disclosure. However, please note that no method of Internet transmission can be completely secure.
You may contact us as follows: You may send an email to firstname.lastname@example.org or send mail to:
Attn: Privacy Officer
c/o BridgeBio Pharma, Inc.
42 Kipling Street
Palo Alto, CA 94301