Effective on: October 30, 2024
If you are a participant, physician, or staff member involved in a TORL Bio clinical trial, please read the TORL Bio Privacy Notice for Clinical Trials.
| Privacy Summary | |
|---|---|
| OUR CONTACT INFORMATION
TORL BioTherapeutics, LLC Address: 6100 Bristol Parkway, Culver City, CA, 9023 Email address: [email protected] Contact details of our Data Protection Officer: click here. Identity and contact details of our Representative in the EU: click here. Identity and contact details of our Representative in the UK: here. |
|
| GENERAL INFORMATION | |
| Do we collect Personal Data? | Yes. Some categories include identifiers and internet or similar network activity. Click here to know which categories of Personal Data we collect and how we obtain them. |
| Do we sell Personal Data? | No. |
| TRACKING | |
| Do we use cookies or similar tracking technologies on our website? | Yes. |
| PRIVACY RIGHTS | |
| Can you request to receive a copy of the Personal Data we have collected about you? | Yes. Click here to learn how. |
| Can you withdraw your consent to our processing of your Personal Data? | Yes. Click here to learn how. |
| Can you request to have your data deleted? | Yes. Click here to learn how. |
| Do we discriminate you for exercising your privacy rights? | No. Click here to learn more about your right not to be discriminated. |
| SECURITY | |
| Do we protect your Personal Data? | Yes. Click here to learn more about how we protect your Personal Data. |
TORL BioTherapeutics, LLC (“TORL Bio”, “we”, “us”, “our”) takes the protection of personal data (“Personal Data”) very seriously. Please read this privacy notice (the “Notice”) to learn what we are doing with your Personal Data, how we protect it, and what privacy rights you may have under applicable data protection and privacy laws, such as:
This Notice addresses data subjects (which includes both individuals and households) whose Personal Data we receive directly through our website.
This Notice does not apply to Personal Data we receive or process in connection with conducting clinical trials. If you would like information regarding such Personal Data, please read the TORL Bio Clinical Trial Privacy Notice.
This Notice does not apply to the Personal Data of employees, job applicants, contractors, business owners, directors, officers, and medical staff of TORL Bio.
If we do not maintain information in a manner that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular individual or household, such information is not considered Personal Data and this Notice will not apply to our processing of that information.
This Notice tells you, among other things:
Within the scope of this Notice, TORL Bio acts as a data controller or “business” for the Personal Data we process. This means that we decide how and why Personal Data is collected and processed.
We must have a valid reason to use your Personal Data. This is called the “lawful basis for processing”.
We may process your Personal Data on the basis of:
When we rely on legitimate interests as a lawful basis of processing, you have the right to ask us more about how we decided to choose this legal basis. To do so, please use the contact details provided here.
Where we process your Personal Data based on your consent, you may withdraw it at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect the validity of our processing of Personal Data performed on other lawful grounds.
The table below describes the categories of Personal Data we have collected about you in the last twelve months.
| Personal Data We Collect, Process, or Store | How We Obtain It |
|---|---|
| Identifiers
Online identifier, Internet Protocol address |
Directly from you when you visit our website. |
| Internet or other similar network activity
Browsing history, search history, information on individual’s interaction with a website. |
We will not collect additional categories of Personal Data without informing you.
A “cookie” is a small file stored on your device that contains information about your device. We may use cookies to provide basic relevant ads, website functionality, authentication (session management), usage analytics (web analytics), and to generally improve our website.
We use session and persistent cookies. Session cookies are deleted when you close your browser. Persistent cookies may remain even after you close your browser, but always have an expiration date. Most of the cookies placed on your device through our website are first-party cookies which are placed directly by us. Other parties, such as Google, may also set their own (third-party) cookies through our website. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.
We use Google Analytics cookies to understand how you interact with our website. To opt out of Google Analytics tracking technologies, visit the Google Analytics site and opt out from Google Analytics here.
If you would prefer not to accept cookies, you can change the setup of your browser to reject all or some cookies. Note, if you reject certain cookies, you may not be able to use all features of our website. For more information, please visit https://www.aboutcookies.org/.
You may also set your browser to send a Do Not Track (DNT) signal. For more information, please visit https://allaboutdnt.com/. Please note that our website does not have the capability to respond to “Do Not Track” signals received from web browsers.
We may process your Personal Data for the following purposes:
We will retain your Personal Data for as long as is necessary to fulfil the purpose for which we collected your Personal Data and any other permitted linked purpose and in compliance with our data retention policies.
The following table describes, in the last twelve months, the categories of information we have disclosed to third parties for business purposes, and the categories of those third parties.
| Personal Data Disclosed for Business Purposes? | ||
|---|---|---|
| Category | Yes or No | Categories of Third Parties Receiving Personal Data |
| Identifiers | Yes |
|
| Internet or similar network activity | Yes |
|
Some of these third parties may be located outside of the European Union or the European Economic Area (“EEA”). In some cases, the European Commission may have determined that in some countries, their data protection laws provide a level of protection equivalent to European Union law. You can see here the list of countries that the European Commission has recognized as providing an adequate level of protection to personal data. We will only transfer your Personal Data to third parties in countries not recognized as providing an adequate level of protection to personal data when there are appropriate safeguards in place. These safeguards may include the Standard Contractual Clauses as approved by the European Commission under Article 46.2 of the GDPR.
We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.
We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates, but only if necessary for business purposes, as described in the section above.
You have specific rights regarding your Personal Data that we collect and process. In this section, we first describe those rights and then we explain how you can exercise those rights.
This is called the right to be informed. It means that you have the right to obtain from us all information regarding our data processing activities that concern you, such as how we collect and use your Personal Data, how long we will keep it, and who it will be shared with, among other things.
We are informing you of how we process your Personal Data with this Notice.
We will always try to inform you about how we process your Personal Data. However, if we do not collect the Personal Data directly from you, the GDPR exempts us from the obligation to inform you (i) when providing the information is either impossible or unreasonably expensive; (ii) the gathering and/or transmission is required by law, or if (iii) the Personal Data must remain confidential due to professional secrecy or other statutory secrecy obligations.
This is called the right of access. This right allows you to ask for full details of the Personal Data we hold about you.
You have the right to obtain confirmation from us regarding whether or not we process Personal Data concerning you, and, where that is the case, a copy of or access to the Personal Data and certain related information.
Once we receive and confirm that the request came from you or your authorized agent, we will disclose to you:
Under some circumstances, we may deny your access request. In that event, we will respond to you with the reason for the denial.
This is called the right to rectification. It gives you the right to ask us to correct without undue delay anything that you think is wrong with the Personal Data we have on file about you, and to complete any incomplete Personal Data.
This is called the right to erasure, right to deletion, or the right to be forgotten. This right means you can ask for your Personal Data to be deleted. Sometimes we can delete your information, but other times it is not possible for either technical or legal reasons. If that is the case, we will consider if we can limit how we use it. We will also inform you of our reason for denying your deletion request.
This is called the right to restrict processing. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain instances, such as where you believe the data is inaccurate or the processing activity is unlawful.
This is called the right to object. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party). We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.
This is called the right to data portability. It is the right to ask for and receive a portable copy of your Personal Data that you have given us or that you have generated by using our services, so that you can:
We will provide your Personal Data in a structured, commonly used, and machine-readable format. When you request this information electronically, we will provide you a copy in electronic format.
Where we rely on your consent as the legal basis for processing your Personal Data, you may withdraw your consent at any time. If you withdraw your consent, our use of your Personal Data before you withdraw is still lawful.
If you have given consent for your details to be shared with a third party and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.
We will not discriminate against you for exercising any of your privacy rights.
If you are a clinical trial participant, please do not contact us directly regarding your privacy rights. You can exercise your privacy rights by contacting your study doctor or study site. Please read the TORL Bio Privacy Notice for Clinical Trials for more information about how we handle Personal Data as part of our clinical trials and how you can exercise your rights.
To exercise any of the rights described above, please submit a request by using any of the contact details under the “Contact Us” section below:
Verification of Your Identity
In order to correctly respond to your privacy rights request we need to confirm that YOU made the request. Consequently, we may require additional information to confirm that you are who you say you are. We will only use the Personal Data you provide us in a request to verify your identity or authority to make the request.
If you are submitting a request on behalf of somebody else, we will need to verify your authority to act on behalf of that individual.
We will confirm the receipt of your request within ten (10) business days and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, unless we have already granted or denied the request.
Please allow us up to a month to reply to your requests from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason why and the extension period in writing. If we cannot satisfy a request, we will explain why in our response.
We will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.
Our website and services are not directed at, or intended for use by, children under the age of 18.
We are strongly committed to keeping your Personal Data safe. We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect your Personal Data from unauthorized processing. Unauthorized processing includes unauthorized access, exfiltration, theft, disclosure, alteration, or destruction.
If the GDPR applies to our processing of your Personal Data, you have the right to lodge a complaint with a supervisory authority if you are not satisfied with how we process your Personal Data.
Specifically, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work, or the alleged violation of the GDPR.
If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Effective” date. By continuing to use our website after we post any of these changes, you accept the modified Notice.
If you have any questions about this Notice or our processing of your Personal Data, or want to submit a verifiable consumer request, please contact us:
Please allow up to four weeks for us to reply.
We have appointed VeraSafe as our DPO. Personnel, please contact VeraSafe on matters related to our use of your Personal Data. VeraSafe’s contact details are:
VeraSafe
100 M Street S.E., Suite 600
Washington, D.C. 20003
Email: [email protected]
Web: https://www.verasafe.com/about-verasafe/contact-us/
Tell: +1 617 398 7067
We have appointed VeraSafe as our representative in the EU for data protection matters. To contact VeraSafe, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ or use the contact details provided below:
VeraSafe
Plaza de la Solidaridad 12, Floor 5
29006, Malaga
Malaga
Spain
VeraSafe has also been appointed as our representative in the United Kingdom for data protection matters. To make an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at +44 (20) 4532 2003 or use the contact details provided below:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom