PALETTE LIFE SCIENCES, INC. PRIVACY NOTICE
LAST UPDATED: November 1, 2019
This Privacy Notice is intended to describe how Palette Life Sciences, Inc., (“Palette”) collects, uses, and shares Personal Data that you submit to us and that we collect through our website www.mysolesta.com (the “Site”). The Site provides a venue to obtain information about Palette’s Solesta Product and our company, allow patients to search for local physicians, and allow healthcare physicians to receive training on Solesta and contact Palette (collectively, the “Services”).
INFORMATION WE COLLECT
For purposes of this Privacy Notice, “Personal Data” means any information relating to an identified or identifiable natural person. As described in detail below, we may collect certain Personal Data from or about you in connection with your use of, or your submissions to, the Site.
We may collect Personal Data as follows:
When you communicate with us, sign up for materials, and interact with the Site. We may collect Personal Data, such as your name, address, phone number, email address, fax number, medical information and business contact information, when you communicate with us or submit information to us, including through the Request a Visit Form, Solesta Reimbursement Form or contact us feature. We may also collect Personal Data when you interact with our Site our utilize Site features, and when you sign up to receive newsletters, updates, or other information.
When we collect data from third parties or publicly-available sources. We may obtain certain data about you from third-party sources to help us provide and improve the services. We may combine your Personal Data with data we obtain from our services, other users, or third parties to enhance your experience and improve the services.
You are not required to provide all Personal Data identified in this Privacy Notice in order to use the Site; however, if you do not provide the Personal Data requested, we may be unable to provide some or all of the Services to you.
A “cookie” is a small text file that a web server stores in browser software. A browser sends cookies to a server when the browser makes a connection to the server (for example, when requesting a web page from the same domain that created the cookie). The purpose of cookies is to remember the browser over time and distinguish one browser instance (or user) from all others. Some cookies and other technologies may serve to track Personal Data previously entered by a web user on our site. Most browsers allow you to control cookies, including whether or not to accept them, and how to remove them. Cookies can remember login information, preferences, and similar information.
Cookies, as well as other tracking technologies, such as HTML5 local storage, and Local Shared Objects (such as “Flash” cookies), and similar mechanisms, may record information such as a unique identifier, information you enter in a form, IP address, and other categories of data.
We may also use web beacons or “pixels,” and in certain circumstances may collect IP address, screen resolution and browser software and operating system types, clickstream patterns, dates and times that our site is accessed, and other categories of data.
If you want to block the use and saving of cookies from the Site on to the computers’ hard drive, you should take the necessary steps within your web browser’s settings to block all cookies from the Site and its external serving vendors, or use the cookie control system, if available upon first visit. Please note that if you choose to erase or block your cookies, certain parts of our Site may not function correctly. For information on how to disable cookies, refer to your browser’s documentation.
Our Site may use the following technologies to implement cookies and pixels:
Google AdWords. As an AdWords customer, the Solesta website moreover uses Google conversion tracking by Google on some pages. This means that Google AdWords places a cookie on your computer (“conversion cookie”) if you have accessed our webpage via a Google ad. These cookies become invalid after 30 days. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognize that someone has clicked on an ad and been directed to our page as a result thereof. Each AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information collected with the help of the conversion cookie allows us to prepare conversion statistics to optimize our services. AdWords customers know, for instance, the total number of customers who have clicked on their ad and been redirected to a page with a conversion tracking tag. But they do not receive any information by which users can be personally identified. If you do not want to participate in the tracking, you can prevent the placement of the necessary cookie – for instance through a browser setting that deactivates the automatic placement of cookies in general. “You can also deactivate conversion tracking cookies by setting your browser to block cookies from the domain googleadservices.com”.
Facebook Pixel. The Solesta website uses the “Facebook pixel” provided by the social network Facebook (“Facebook”). As a result, so-called tracking pixels are integrated into our web pages . When you visit our web pages, the tracking pixel will create a direct link between your browser and the Facebook server. Thus, Facebook will receive the information from your browser that our web page was accessed from your device. If you are a Facebook user, Facebook can therefore associate your visit to our pages with your user account. Please note that we as the provider of these web pages are not notified of the content of the data transmitted or of the use thereof by Facebook. We can merely specify the segments of Facebook users (based on criteria such as age, interests) on whose pages we would like our ads to be displayed. Moreover, when this pixel is called up later on from your browser, Facebook can then determine whether an ad on Facebook was successful, for instance whether it has led to an online purchase. We receive from Facebook merely statistical data on this, without any references to a specific individual. This allows us to collect information about the effectiveness of the Facebook ads for statistical and market research purposes.
HOW WE USE THE INFORMATION WE COLLECT
We may use Personal Data for a variety of different purposes as set out in further detail below. Subject to applicable law, the purposes for which we use and process Personal Data, and the legal basis for such processing, are set forth below.
For our legitimate Interests. To operate our business and provide the Services, other than in performing our contractual obligations to you, for our “legitimate interests” for the purposes of applicable law, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Legitimate interests may include:
To maintain the Site and provide the Services, including for technical support;
To address and respond to your requests, inquiries, and complaints;
To develop, provide, and improve the Site and Services, including to better tailor the features, performance, security and support of our Services and the Site, and for statistical and analytics purposes;
For our direct marketing purposes;
For fraud, loss, and other crime prevention purposes;
To assist in the investigation of suspected illegal or wrongful activity, and to protect and defend our rights and property, or the rights or safety of third parties;
To comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process; or
Subject to applicable contractual or legal restrictions, in connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction.
For the performance of a contract. To perform our contractual obligations to you, including to fulfil your request for Services, to contact you in relation to any issues with our Services, where we need to provide your Personal Data to our service providers, or to take steps in response to information or inquiries you may submit prior to entering into a contract or partnership with us.
To comply with legal obligations. To comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process.
To protect data subjects’ vital interests. To protect the vital interests of you or of another person.
In some cases where we are not already authorized to process the Personal Data under applicable law, we may ask for your consent to process your Personal Data:
Special Categories of Personal Data. We generally do not collect or require special categories of Personal Data (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health information, biometric data, or sexual orientation) in order to access our Site or utilize the Services. In the event we may need to collect such information to provide a specific service to you, we will obtain your consent as required by law. In certain circumstances, subject to applicable law, we may process or otherwise disclose special categories of Personal Data without consent, such as to protect the vital interests of you or of another person.
HOW WE MAY DISCLOSE INFORMATION
We may disclose Personal Data as described in this Privacy Notice, including:
Affiliates. We may disclose some or all of your Personal Data to our subsidiaries, joint ventures, and other companies under our common control (collectively, "Affiliates"), for the purposes described in this Privacy Notice. Where we share Personal Data with our Affiliates, we will require our Affiliates to honor this Privacy Notice.
Service Providers. We may disclose Personal Data to business partners, distributors, service providers, marketing partners, and vendors in order to maintain the Site and provide, improve, and personalize the Services. We may also share Personal Data for other technical and processing functions, such as sending e-mails on our behalf, technical support, or otherwise operating the Site, for analytics, and for marketing purposes. Such third parties may have access to Personal Data only as needed to perform their functions for us, and they may not use Personal Data for other purposes.
Corporate Transactions. Subject to applicable law, Palette reserves the right to sell or transfer Personal Data in the event that Palette is acquired by or merged with another company or in connection with the potential sale or transfer of some or all of the business assets of the Site or Palette, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction. If the sale occurs, the purchaser will be entitled to use and disclose the Personal Data collected by us, and the purchaser will assume the rights and obligations regarding Personal Data as described and limited in this Privacy Notice.
DE-IDENTIFIED OR ANONYMOUS DATA
We may create de-identified or anonymous data from Personal Data by removing data components (such as your name, email address, or linkable tracking ID) that makes the data personally identifiable to you or through obfuscation or through other means. Our use of anonymized data is not subject to this Privacy Notice.
Do-Not-Track is a public-private initiative that has developed a “flag” or signal that an Internet user may activate in the user’s browser software to notify websites that the user does not wish to be “tracked” by third-parties as defined by the initiative. The online community has not agreed on what actions, if any, should be taken by the websites that receive the “do not track” signal, and therefore Do-Not-Track is not yet standardized. Please note that the Site does not alter its behavior or use practices when we receive a Do Not Track signal from your browser.
INFORMATION FROM CHILDREN UNDER 13 YEARS OF AGE
We do not knowingly collect information from minors under the age of 13 years. If you become aware that an individual under 13 years of age has provided us with Personal Data without parental consent, please contact us at email@example.com. If we become aware that an individual under 13 years has provided us with Personal Data, we will take steps to remove the data as permitted by law.
LINKS TO OTHER SITES
Our Site may contain links or otherwise provide access to another website, mobile application, or Internet location (collectively “Third-Party Sites”). We provide these links merely for your convenience. Palette has no control over, does not review, and is not responsible for Third-Party Sites, their content, or any goods or services available through the Third-Party Sites. Our Privacy Notice does not apply to Third-Party Sites. We encourage you to read the privacy policies of any Third-Party Site with which you choose to interact.
EUROPEAN UNION DATA SUBJECT RIGHTS
Scope. This section applies if you are an EU User (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway).
Data Controller. Palette is the data controller for Personal Data provided to us through your interactions with the Site. To find out our contact details, please see the “Contact Us” section below, which also provides the contact details of our EU Representative pursuant to Article 27 of the General Data Protection Regulation
Your Rights. Subject to applicable EU law, you may have the following rights in relation to your Personal Data that we hold about you that is collected through your use of our Site depending upon the EU member state in which you reside:
Right of Access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of all Personal Data you are lawfully entitled to receive along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
Right to Rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
Right to Erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent, where applicable. If we shared your data with others, we will tell them about the erasure where possible. We have no current plans to share your Personal Data. But, should we ever share your Personal Data, if you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
Right to Restrict Processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
Right to Data Portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by us by automated means. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
Right to Object: You may ask us at any time to stop processing your Personal Data, and we will do so:
If we are relying on a legitimate interest to process your Personal Data -- unless we demonstrate compelling legitimate grounds for the processing; or
If we are processing your Personal Data for direct marketing.
Right to Withdraw Consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
Rights in Relation to Automated Decision-making: You have the right to be free from decisions based solely on automated processing of your Personal Data, (including profiling) unless this is necessary in relation to a contract between you and us or you provide your explicit consent to this use.
Right to Lodge a Complaint with the Data Protection Authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.
Please see the “Contact Us” section below for information on how to contact us to exercise your rights.
WITHDRAWING YOUR CONSENT
In most cases, we need to process certain of your Personal Data in order to fulfil our contractual obligations to you and for our legitimate interests. Where the basis of processing is legitimate interests, you have a right to object to the processing of your Personal Data. Please note that, subject to applicable law, we may continue to process your Personal Data even where you object if there are compelling legitimate grounds for processing that override your interests and rights, or where processing is necessary to establish, exercise, or defend legal claims.
Where consent is the basis of processing, you may at any time withdraw the consent you provided for the processing of your Personal Data for the purposes set forth in this Privacy Notice by contacting us at firstname.lastname@example.org, provided that we are not required by applicable law or professional standards to retain such information.
If you would like to stop receiving newsletters or other marketing or promotional messages, notifications, or updates, you may do so by following the unsubscribe instructions that appear in these e-mail communications. Alternatively, you may contact us at email@example.com to opt-out of direct marketing. Please be advised that you may not be able to opt-out of receiving certain service or transactional messages from us, including legal notices and certain communications related to the provision of the Services.
Please note that if you do not provide consent, if you withdraw your consent or object to processing, or if you choose not to provide certain Personal Data, we may be unable to provide you some or all of the Services.
TRANSFER OF DATA
Please note that if you are visiting the Site from outside of the United States, your information may be transferred to, stored, and/or processed in this country. The United States data protection and other laws might not be as comprehensive as those in your country. If you are located outside of the United States, the transfer of Personal Data is necessary to provide you with the requested information and Services and/or to perform any requested transaction. By using any portion of the Site, you acknowledge and consent to the transfer of your information to our facilities in the United States.
We will retain your Personal Data for as long as is necessary to provide the Services, or for such longer period as may be required or permitted by applicable law. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Palette uses technical and organizational security measures designed to secure and protect Personal Data. Please note, however, we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.
CALIFORNIA PRIVACY RIGHTS
Under Section 1798.83 of the California Civil Code, residents of California have the right to request free of change, from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information (as defined by California law) the business shares with third parties for those third parties' direct marketing purposes, and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To exercise your rights, you may make one request each year by emailing us at firstname.lastname@example.org with "Request for California Privacy Information" in the subject line and in the body of your message. Be sure to provide in the request sufficient information to properly identify you and/or the members of your family.
UPDATES TO THIS PRIVACY NOTICE
We may update this Privacy Notice from time to time. The most recent version of the Privacy Notice is reflected by the version date located at the top of this Privacy Notice. We encourage you to review this Privacy Notice often to stay informed of how we may process your information.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at email@example.com or by mail at the following address:
Palette Life Sciences, Inc.
27 E Cota Street
Santa Barbara, Santa Barbara County 93101
You have the right to complain to data protection authorities located in your jurisdiction. The contact details for certain data protections agencies in the US and EU are provided here for reference only:
EU- France: 0 800 000 013
EU- Germany: 0 800 1813 334
EU- Italy: 800 785 440
EU- Spain: 900 993 304
EU- UK: 080 823 4628