GriPharma Privacy Policy

Effective Date May 20, 2024 (last updated June 7, 2024)
Version Number: 1.2.

About this policy

GriPharma values ​​your privacy and the protection of your personal data. This policy (“Policy”) explains how GriPharma Ltd., Ikskiles iela 4, Ogre, Ogres nov., Latvia, LV-5001, its affiliates, subsidiaries or affiliated companies, a full list of which can be found here (together “GriPharma” , “our”, “we” or “us”) collect, use, share, transfer and process data collected from or about you. "Personal Data" means any information that can be used to directly or indirectly identify an individual or that can reasonably be believed to be linked to an individual. This may include elements such as name, address, telephone number, credit card information, email address, ID number, Internet Protocol ("IP") address or other identification code of the electronic device used by the individual (even in the absence of other identifiers). information). Statistical and non-identifiable metric data are not considered personal data. The GriPharma subsidiary, affiliate or related company with which you interact is, where applicable, the data controller (or equivalent under applicable law) responsible for the processing of your personal data.

Scope

This policy describes the types of personal data we may collect, process or disclose about you and how you can regulate this processing using your applicable legal rights. This policy applies to both online and offline information collection, including the use of websites or subdomains we operate, any mobile applications, when we offer you products and/or services or notify you of potential items of interest, and in other situations when you interact with us in person, by telephone or by mail where this policy is posted or referenced. There may be instances where you have been provided with a specific privacy notice separate from this policy, such as privacy notices for specific activities such as recruitment. To the extent you have been given another notice, these notices apply to and govern our interactions with you. If you provide Personal Data about parties other than yourself, you are responsible for making them aware of how we will process their Personal Data and, where applicable, for any necessary prior consent.

We are committed to processing personal data in accordance with applicable law. Please note that if you do not wish to provide us with your personal data, some products and/or services may become unavailable to you. By using any or all of these platforms, you are aware of our collection, use, transfer and disclosure of information as described in this policy to the extent permitted by applicable law.

Your information

We contact individuals for a variety of reasons. As a result of these interactions, we may directly or indirectly gain access to personal data about you. The following summarizes point by point how we may collect, process and use personal data, our legal basis for processing your information and the potential recipients of your information. Please note that not all cases may be applicable in all circumstances.

General categories of personal data collected

Below are the categories and sources of personal data that may be processed in accordance with this policy, in addition to the purposes and legal bases for such processing. Please note that items may be shared, received or processed by GriPharma, our partners who help us provide products or services or help us improve marketing or administration, healthcare professionals (“HCPs”), patients, individuals. with legal rights to access Personal Data and parties involved in potential business transactions.

1. Identity and Contact Information

Examples of personal data processed

First and last name, email address, mailing address, phone number, job title, professional license numbers, account username and password, IP address, and state service provider identifier or state license number

2. Sources of personal data

Directly from you; from your devices; from our business partners; from publicly available sources; from your HCP; from their patients; from other subsidiaries, affiliates or affiliates of GriPharma.

3. Purpose of personal data processing

To provide you with our products and services; communicate with you; to identify and authenticate you; to tailor content to you; detect security incidents; protect against malicious or illegal activity; offer or provide our products and services; to ensure appropriate use of our products and services; to improve our products and services; for temporary, short-term use; for administrative purposes; for marketing, internal research and development; and/or quality assurance.

4. Legal basis for personal data processing

For the purposes of our legitimate interests; in the public interest; fulfill a legal obligation; execute the contract; protect vital interests; for the purposes of medical treatment and/or diagnostic assistance; promotion of quality and safety of medical products/services/devices; in circumstances where we have asked for and received consent; and for other purposes that may be required or permitted by law depending on the type of personal data.

5. Demographic information

Examples of processed personal data - Age, gender, marital status, disability and date of birth.

6. Sources of personal data

Directly from you; from your devices; from our business partners; from publicly available sources; from your healthcare professional; from their patients; from other subsidiaries, affiliates or affiliates of GriPharma.

7. Purpose of personal data processing

To provide you with our products and services; communicate with you; to identify and authenticate you; to tailor content to you; detect security incidents; protect against malicious or illegal activity; to ensure appropriate use of our products and services; to improve our products and services; for temporary, short-term use; for administrative purposes; for marketing, internal research and development; and/or quality assurance.

8. Legal basis for personal data processing

For the purposes of our legitimate interests; in the public interest; fulfill a legal obligation; execute the contract; protect vital interests; for the purposes of medical treatment and/or diagnostic assistance; ensuring the quality and safety of medical goods/services/devices; in circumstances where we have asked for and received consent; and for other purposes that may be required or permitted by law depending on the type of Personal Data.

9. Commercial and Financial

Examples of Personal Data Processed

Transaction records, products and services (purchased, obtained, or considered), requested documentation, customer service records, financial transaction history, transfers of value, and financial account number.

10. Sources of personal data

Directly from you; from your devices; from our business partners; from publicly available sources; from your healthcare professional; from their patients; from other subsidiaries, affiliates or affiliates of GriPharma.

11. Purpose of Processing the Personal Data

To provide you with our products and services; to communicate with you; to identify and authenticate you; to customize content for you; to detect security incidents; to protect against malicious or illegal activity; to ensure the appropriate use of our products and services; to improve our products and services; for short-term, transient use; for administrative purposes; for marketing, internal research, and development; and/or for quality assurance.

12. Legal Basis for Processing the Personal Data

For the purposes of our legitimate interests; in the public interest; to comply with a legal obligation; to perform a contract; in circumstances where we have requested and received consent; and for other purposes that may be required or allowed by law dependent upon the type of Personal Data.

13. Professional and educational information

Examples of personal data processed

Job title or position, employer, national service provider identifier number, work skills, work history, university degree, certification, specialized training, responses to surveys and questionnaires, as well as registration history for our education and training events, LinkedIn profile.

14. Sources of personal data

Directly from you; from your devices; from our business partners; from publicly available sources; from your healthcare professional; from their patients; from other subsidiaries, affiliates or affiliates of GriPharma.

15. Purpose of personal data processing

To provide you with our products and services; communicate with you; to identify and authenticate you; to tailor content to you; detect security incidents; protect against malicious or illegal activity; to ensure appropriate use of our products and services; to improve our products and services; for temporary, short-term use; for administrative purposes; for marketing, internal research and development; and/or quality assurance.

16. Legal basis for personal data processing

For the purposes of our legitimate interests; in the public interest; fulfill a legal obligation; execute the contract; ensuring the quality and safety of medical goods/services/devices; in circumstances where we have asked for and received consent; and for other purposes that may be required or permitted by law depending on the type of personal data.

17. Technical information

Examples of personal data processed

IP addresses, browser type, browser language, device type, advertising IDs associated with your device (such as Apple Advertising Identifier (IDFA) or Android Advertising ID (AAID)), date and time you use our products and services, single resource Locators or URLs (i.e., website addresses) visited before arriving at and after leaving our products and services, activities with our products and services and referrals to websites or applications, data collected from cookies or other similar technologies, and geographic locations information.

18. Sources of personal data

Directly from you; from your devices; from our business partners; from publicly available sources; from your healthcare professional; from their patients; from other subsidiaries, affiliates or affiliates of GriPharma.

19. Purpose of personal data processing

To provide you with our products and services; communicate with you; to identify and authenticate you; to tailor content to you; detect security incidents; protect against malicious or illegal activity; to ensure appropriate use of our products and services; to improve our products and services; for temporary, short-term use; for administrative purposes; for marketing, internal research and development; and/or quality assurance.

20. Legal basis for personal data processing

For the purposes of our legitimate interests; in the public interest; fulfill a legal obligation; execute the contract; protect vital interests; to assist in medical treatment and/or diagnosis; ensuring the quality and safety of medical goods/services/devices; in circumstances where we have asked for and received consent; and for other purposes that may be required or permitted by law depending on the type of personal data.

21. Health Information

Examples of personal data processed

Information about your treatment, including your date of birth, sex/gender, treatment dates, medical history and treatment information, patient-reported outcome measures (such as responses to questionnaires and surveys), x-rays, magnetic resonance imaging, medical scans, user activities, images and videos of treatment activities, treatment completion and use information and communications with your healthcare provider and/or patient, including audio and/or video from telehealth sessions, allergy information; Medical insurance information and related information.

22. Sources of personal data

Directly from you; from your devices; from our business partners; from publicly available sources; from your healthcare professional; from their patients; from other subsidiaries, affiliates or affiliates of GriPharma.

23. Purpose of personal data processing

To provide you with our products and services; communicate with you; to identify and authenticate you; to tailor content to you; detect security incidents; protect against malicious or illegal activity; to ensure appropriate use of our products and services; to improve our products and services; for temporary, short-term use; for administrative purposes; for marketing, internal research and development; and/or quality assurance.

24. Legal basis for personal data processing

For the purposes of our legitimate interests; in the public interest; fulfill a legal obligation; execute the contract; protect vital interests; for medical treatment and/or diagnostic purposes; ensuring the quality and safety of medical goods/services/devices; in circumstances where we have asked for and received consent; and for other purposes that may be required or permitted by law depending on the type of personal data.

Aggregated anonymized and de-identified data

We may also collect and use certain types of aggregate data, such as demographic data, for any purpose (“Aggregate Data”). Aggregated data may be derived from your personal data, but it does not directly or indirectly reveal your identity. For example, we may aggregate certain of your information technology-related data with that of others to calculate the percentage of users who access a particular feature on our site. We may use the Collected Data for any purpose without limitation. However, if we re-aggregate or re-associate the Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we will treat the Aggregated Data as Personal Data that will be used in accordance with this Policy.

Combining information

We combine information we collect on the website with information we receive from you in person, by email, or by other forms of communication. We also combine information you provide with information we obtain from third parties, service providers, publicly available sources and our subsidiaries, affiliates or related companies.

Storage of information

We may transfer, process and store your information to the United States, Canada, India, member states of the European Union, the United Kingdom or other countries. Our affiliates or other third-party service providers may also transfer, process or store your information in Europe or other countries. Our websites and companies may be subject to European laws, which may not provide the same level of protection as in your country.

Cross-border data transfer

We may transfer your Personal Data to recipients in countries other than the country where your Personal Data was originally collected. When we transfer your personal data in this way, we take steps to ensure that your data is protected in accordance with the laws and requirements of your country, including those relating to cross-border data transfers. We implement appropriate technical and organizational measures to ensure a level of security commensurate with the risk of protecting your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. As with all websites, applications, products and services, we unfortunately cannot guarantee the security of the data we collect at all times.

Sale or transfer of data

If we are involved in a sale or transfer of all or some of our company's assets or operations through a stock or asset transaction, your personal data may be transferred to the acquiring entity, which will be held to at least the same or higher standards. Care for the processing of your Personal Data. If such a sale or transfer occurs, if required by law, you will be notified and will be able to withdraw your consent or, if necessary, exercise any other legally available rights as set forth in the “Rights and Choices” section of this policy. regarding the processing and use of your Personal Data by the recipient.

Cookies, web beacons and other tracking tools

As noted above, your interactions with our websites are an additional source of information collection about you. We may use "cookies", web beacons and other technologies to help us evaluate and improve the content or features of the products or services we offer. We collect your information using several methods: Marketing cookies, Analytical cookies, Social media cookies, Web beacons, Pixels, Tags, and Tracking cookies.

Our cookie policy provides more detailed information on this topic and how we use cookies to improve your experience and better serve you.

Third party links and tools

We may link to other sites or apps on our platforms that we do not control. If you click on a third-party link, you will be taken to a platform we do not control. This policy does not apply to the privacy practices of that website or platform. Read other companies’ privacy policies carefully. We are not responsible for these third parties. Our site may also serve third party content that contains their own cookies or tracking technologies. We do not control the use of those technologies.

Data retention

We will retain Personal Data for as long as is necessary to fulfill the purposes for which the Personal Data was collected or for the period required by applicable law, whichever is longer. When considering how long to keep your Personal Data, we take into account: The potential risk of harm if the data was subjected to unauthorized use or disclosure; Volume and sensitivity of personal data; Applicable legal requirements; and If the circumstances have changed so that the purposes of collecting personal data can be achieved by other means.

When it is no longer necessary to store your personal data, we will delete or anonymize the data in accordance with the information provided above.

Your rights and choices

Some jurisdictions, for example, have provided individuals with rights in relation to the processing of their personal data. These rights are not available to everyone and are not necessarily applicable in all contexts. Depending on applicable law or legal basis, you may be entitled to:

• Object to the processing of your Personal Data;
• Request access to your Personal Data;
• Request correction of your Personal Data if your Personal Data is inaccurate, incomplete or out of date;
• Request deletion/erasure of your Personal Data;
• withdraw your consent to further processing if we processed Personal Data based on your consent;
• Request restrictions on the processing of your Personal Data, including restricting the sale or sharing of your Personal Data;
• Request the transfer of your Personal Data to yourself or a third party;
• Opting Out of Certain Transfers to Third Parties.

To exercise rights that you believe you may be entitled to under applicable law, you may contact us directly by making a request using this web form. We may need to confirm your identity before fulfilling your request, or we may not be able to act on your submission in accordance with applicable law. We will notify you of such decisions or claims in a timely manner, as appropriate.

Filing a complaint. If you cannot resolve the issue directly with us and would like to make a formal complaint, you can contact your local data protection authority or other enforcement authority.

Contact us

If you have any questions about this policy or our data processing practices, you can write to us at:

GriPharma Ltd.

Attention: Privacy (legal function)

Ikskiles street 4, Ogre, Ogres prov., Latvia, LV-5001

You can also email us directly at privacy@gripharma.com

Policy Updates

We may change our privacy policies from time to time. The latest copy will be found on our website. Please check our website periodically for updates.