Effective Date: September 9, 2019
Effective Date: September 9, 2019
1. General Purpose
2.2 Along those lines, Tricida is the “Controller” of the personal data it collects, which means we are the entity that decides how to collect, process, and use personal data.
3. What Data Are We Collecting About You?
3.1 Not all data is “personal data” under the law, but much of it is. Because we take privacy and the security of data seriously, we’ve taken the approach that the broadest definition of personal data is best, because it allows us to explain what we collect more simply. And so, for Tricida’s purposes, personal data is:
Any information that can, either alone or with other information, be used to identify an actual human person or their household.
3.2 These are the categories of personal data that we collect:
- “Basic Data” means your name, your email address, your physical address, your phone number, your area of specialty as a physician, your National Provider Identifier (“NPI”), your practice name, practice address, practice email address, and practice phone number.
- “Technical Data” means any information we collect as we operate our websites and apps, like your IP address, your mobile device identifier, what browser you used to access our site and what operating system you’re using, the movement of your mouse on the screen (mouse hovers and clicks, for example) the length of time you spend on our website or app, any extensions or apps you pair with ours.
- “Profile Data” means the more detailed Website or Neph+ app profile information that you’ve set up and shared with us. Your profile data includes your account ID, your password, your activity while logged in (including submissions, comments, and feedback), social media posts.
- “Feedback and Marketing Data” means information that we collect to understand. This includes any surveys or questionnaires we conduct (whether they’re in an email, on our website, in the app, or at a physical location). Feedback and marketing data also means all other forms of Personal Data, your preferences when it comes to how, when, and why we communicate with you about our products and services, and any interactions you have with our marketing materials (for instance, whether you opened a survey or responded to an in-store questionnaire).
3.3 As explained below, we may combine different kinds of personal data or combine the personal data you’ve given us with non-personal data. If the combined data can identify you, we’ll treat it like personal information, even though some parts of the combined data can’t identify you.
3.4 We do not collect any “Special Categories” of Personal Data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data, or information about criminal convictions or offenses.
3.5 We also don’t collect any health information about a particular patient. That means we do not collect, and any user of this Website or the Neph+ app should not provide any patient-level data, including data that would be considered Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) or the Health Information Technology for Economic and Clinical Health Act (“HITECH”).
4. How We Collect Personal Data
We collect personal data in a variety of ways, depending on how you interact with us, including:
4.1 Direct interactions.
You may give us your Basic, Device, Usage, Technical, Profile, or Feedback and Marketing Data, by interacting with us, as when you:
- create an account or profile;
- download or update our app;
- sign up to receive information, including marketing information, from us;
- communicate with us about your app;
- contact customer support or request technical assistance;
- access Tricida, NephPlus.com or Neph+ via social media accounts;
- respond to a survey or questionnaire; or
- give us feedback or reviews.
4.3 From third parties or publicly available sources. We may receive personal data about you from various third parties and public sources. That includes our third-party vendors for monitoring activity on our website, including user interaction and fraud prevention (Google and Conductor).
What are Cookies?
Cookies and other online tracking technologies are small bits of data or code that are used to identify your devices when you use and interact with our websites and other services. They are often used for remembering your preferences, to identify you when you log into a site, or to give us the ability to recognize you when you interact with us or our website.
We can only place cookies for lawful reasons, and we do. For now, the only reasons we place them are
- To help our site work properly
- To identify you when you visit our site
- To make your interaction with the site easier, or
- To track activity on our sites.
Using information collected from cookies: where we want to use the information that cookies and similar technologies collect, we either need your consent or a legitimate interest.
What Cookies Do We Use and Why?
Essential Cookies and Similar Technologies
Analytics Cookies and Similar Technologies
These collect information about your use of our websites and apps and enable us to improve the way they work. For example, analytics cookies show us which are the most frequently visited pages on our websites allowing. They help us record how you interact with our websites, such as how you navigate around pages and from page to page, identifying improvements we can make. They also help identify any difficulties you have accessing our services, so we can fix any problems. Additionally, these cookies allow us to see overall patterns of usage at an aggregated level.
Functional/Preference Cookies and Similar Technologies
These cookies collect information about your choices and preferences, and allow us to remember things like language, your username (so you can log in faster), text size, and location, so we can show you relevant content to where you are. They allow us to customize the services you have accessed. We also may use these cookies to provide you with services such as video clips.
Tracking, Advertising Cookies and Similar Technologies
These cookies record your visit to our websites, the pages you have visited, and the links you have clicked. They gather information about your browsing habits and remember that you have visited a website. We (and third-party advertising platforms or networks) may use this information to make our websites, content, and advertisements displayed on them more relevant to your interests (this is sometimes called “behavioral” or “targeted” advertising). These types of cookies are also used to limit the number of times you see an advertisement as well as to help measure the effectiveness of advertising campaigns.
Web Beacons and Tracking Pixels
These are bits of data that count the number of users who access a website or webpage and can also allow us to see if a cookie has been activated. Web beacons used on web pages or in emails allow us to see how successful an article has been, or whether an email message was successfully delivered and read in a marketing campaign. Web beacons are also used to verify any clicks through to links or advertisements contained in emails. We may use this information to help us identify which emails are more interesting to you.
We may, in certain situations, use Adobe Flash Player to deliver special content, such as video clips or animation. To improve your user experience, Local Shared Objects (commonly known as Flash cookies) are used to provide functions such as remembering your settings and preferences. Flash cookies are stored on your device, but they are managed through an interface different from the one provided by your web browser.
Tracking URLs are a special web link that allows us to measure when a link is clicked on. They are used to help us measure the effectiveness of campaigns and advertising and the popularity of articles that are read.
We may collect and analyze a device’s browser information to help identify that device, present content correctly, conduct analytics and help prevent and detect fraud.
If you Access our Services from a Mobile Device
We may collect a unique device identifier assigned to that device, some limited geo-location data, and other transactional information for that device.
Protect our Networks
Cookies and similar technologies help us identify and prevent threats to our sites. They are necessary to protect your information and our business from outside threats.
Allow you to Access our Services
Cookies and similar technologies permit your connection to our websites: our servers receive and record information about your computer, device, and browser, including potentially your IP address, browser type, other software or hardware information, and your geographic location.
Access Usage of Services
We use information about your usage of our services, websites and apps, such as pages you have visited, content you have viewed, search queries you have run, and advertisements you have seen or interacted with to assess how our services are used.
Provide Relevant Content
We adjust the content on our websites and in our communications with you depending on what we know about the content, products and services that you like. This means we can highlight content that we believe will be of interest to you. We provide personalization by using cookies, IP addresses, web beacons, URL tracking and mobile app settings.
When you download our Neph+ app, we need require access to the following services on your device: unique identifier (UDID), MAC address or other applicable device identifier and location. Other services may also be required in order for the apps to function. Our apps may also provide push notifications to your device. You may control these through using the tools on your device, such as turning off push notification and location services.
When you visit our websites, our partners and we will set cookies and similar technologies on your browser in order to help us make the sites work, analyze site usage, deliver ads, and personalize your experience.
Most modern browsers are set to accept cookies by default, but you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser.
Controlling OBA Cookies
In addition to being able to control cookies by changing the settings in your browser on your computer, or in your mobile device’s settings, you can also control which companies can set cookies and similar technologies on your devices, by visiting the following links (you’ll need to turn any cookie or ad blockers off for the control pages to show which companies you can opt-out of):
- Internet Advertising Bureau (IAB) Your Online Choices website provides more information about controlling cookies. It also provides an easy way to opt-out of behavioral advertising from each (or all) of the networks represented by the European Interactive Digital Advertising Alliance http://www.youronlinechoices.com/uk/your-ad-choices
- The Network Advertising Initiative (NAI) control page allows you to control behavioral advertising from each of the ad networks represented by the NAI.
- The Digital Advertising Alliance’s self-regulatory program for online behavioral advertising control page allows you to control behavioral advertising from the ad networks it represents.
- The News IQ website provides more information, and an easy way to opt-out.
- Importantly, these ad networks set cookies to remember that you have chosen to opt-out. If you clear your cache the opt-outs will not be applied and you would need to opt-out again.
Controlling Flash Cookies
You can manage the use of Flash technologies with the Flash management tools available at Adobe’s website, at http://www.adobe.com/devnet/flashplayer/articles/privacy.html.
6. Why (and How) We Use Personal Data
6.1 We only use personal data when we have a lawful basis for doing so. Sometimes, we rely on your consent to use personal data. When we do, we will always give you the option to withdraw your consent at any time.
6.2 The following list sets out how we use personal data, and the lawful basis for doing so:
- Completing a transaction. We need Basic Data in order for you to register for an account with us so that we can send you information you’ve requested, download the Neph+ app, and provide any other service that you have asked us to do. We need this information in order to be able to fulfil our part of our contract with you, and so collecting this data is necessary to the performance of our contract with you (GDPR art. 6(1)(b)).
- Providing customer service. Depending upon what you contact us for and request, we will use any and all categories of Personal Data we have in order to provide you with customer service. For instance, if you call us to discuss a problem with your app, we’ll use Basic Data and Technical Data to be able to respond to your query. We need this information in order to be able to fulfill our part of our contract with you (GDPR art. 6(1)(b)), and because we have a legitimate interest in being able to respond to your questions (GDPR art. 6(1)(f)).
- Managing our website and apps. We’ll use Basic Data, Technical Data, and Profile Data to keep our website and app operating properly (fraud detection and prevention, site maintenance and updates, app maintenance and updates, IP logs). We use this data because we have a legitimate interest in administering/improving our site and apps, running IT services, ensuring network security, preventing fraud (GDPR art. 6(1)(f), and because we need to demonstrate our compliance with data security obligations both as a legal matter and if we are involved in a business reorganization (a merger or acquisition) (GDPR art. 6(1)(c), GDPR art. 6(1)(f)).
- Creating and managing your profile. When you create a profile on our website or in our app, you agree to share Basic Data, Technical Data, and Profile Data with us so that we can provide you with a useful experience and keep you updated on developments about CKD and treatments. We need this information in order to be able to fulfil our part of our contract with you, and so collecting this data is necessary to the performance of our contract with you (GDPR art. 6(1)(b)).
6.3 We will only keep your Personal Data for as long as necessary under the circumstances in which we collected it, including our obligation to hold onto it for legal, regulatory, or accounting purposes. If we are able to make data completely anonymous (that is, it can’t be used to identify you), we may keep that data indefinitely for statistical or analytic purposes.
7. Additional Disclosures about Data
7.1 Change of purpose
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
7.2 Automated decisions
We don’t use an automated decision making system (an algorithm or machine learning tool) to make decisions about you.
8. Disclosures of your personal data
8.1 Sometimes, we will share your Personal Data with:
- Outside third parties. As explained above, we use outside vendors and service providers to enable our company to function. The kinds of third parties we share your data with are:
- Service providers acting as processors based outside of the EEA who provide IT and system administration services including cookies/user experience/analytics.
- Professional advisers acting as processors including lawyers, bankers, auditors and insurers based outside the EEA who provide consultancy, banking, legal, insurance and accounting services.
We’ll also share Personal Data if we buy, sell, transfer, or merge parts of our business with another company.
- Regulators. If we are subject to an audit, review, or other inquiry by a properly constituted regulatory agency (like the Food and Drug Administration, for instance), they may require us to share the data we have, including Personal Data.
- Subpoenas and legal demands. We have to comply with lawful subpoenas or investigative demands from courts and law enforcement agencies.
- 8.2 We share your Personal Data outside third parties only to enable us to fulfill our part of our contract with you (GDPR art. 6(1)(b)), because you have consented to it (GDPR art. 6(1)(a)), or because it’s necessary for a legal or regulatory requirement (GDPR art. 6(1)(c)). None of these third parties are allowed to use your Personal Data in any way that is different from the reasons we outline here.
9. International transfers
9.2 To be clear, the Website and Neph+ are not for marketing and sale in the European Union – they are exclusively for access and use in the United States.
9.3 Nevertheless, in the case of an inadvertent submission of personal data of an individual within the European Union (which would violate the Website’s Terms and Conditions), Tricida is certified to the US/EU and US/Swiss Privacy Shield program, which you can read about here.
9.4 If you have questions about transferring data out of the EEA, please contact us and we’ll provide you with more information.
10. Data security
10.1 We work hard to keep your data (and ours) safe. We use a variety of tools – technological, administrative, and physical – to keep data secure. These safeguards are designed to ensure that whatever Personal Data we keep is protected against unlawful access or use.
10.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. No data security regime is perfect, however, and it is possible that some personal data could be compromised (lost or stolen) in the event of a breach or hack. If that happens, we’ll follow all the necessary steps outlined in the law, including notifications, if required.
11. Your legal rights
11.1 When you provide us with personal data, you have rights about how we use it, and why. In general, you have the right to:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact us.
11.2 No fee usually required
In some rare circumstances, you may have to pay a fee regarding a request, but in general you don’t have to pay anything to exercise these data rights.
11.3 What we may need from you
In order to make sure that you’re the person entitled to exercise the rights listed above, we’ll sometimes request information to verify your identity. We will not ask for more data than is necessary to confirm your identity.
11.4 Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
11.5 California privacy rights
California Law permits users of our Site that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. As we explained above, Tricida does not share your personal information with any third parties for their own marketing purposes. If you want to learn more, please contact us at DPO@Tricida.com with “California Shine the Light Privacy Request” in the subject line. Please also provide your full name, email address, physical address, and specific services you have used in the body of your email.
11.6 Children under 13
Our Site and Service is not directed to children under the age of 13, and our Terms restrict use to individuals over the age of 18. We do not knowingly collect any information from children under 13.
12. Third Party Services
13. Contact Us
If you have questions about NephPlus, Tricida, or our therapies, please contact us at:
7000 Shoreline Court
South San Francisco, CA 94080
or, (415) 429-7800