Privacy Notice

This privacy notice (“Notice”) is provided by Modavar Pharmaceuticals, LLC. Modavar is referred to in this Notice as “we”, “us” and “our”.

Scope of this Notice

This Notice explains what types of personal data Modavar may collect from you and how we use it. It also explains the policies and practices that we have developed to safeguard personal data and to comply with applicable data protection laws. Please read this Notice carefully to understand what personal data we collect, how we collect it, how we use it, who we may disclose it to, and how you can manage your personal data.

This privacy notice explains our general practices. However, where local laws or regulations require that we process information differently, or refrain from such processing, we will always comply with the applicable local law.

Data we collect about you

We may collect, use, store and transfer different categories of personal data about you which we have grouped together as follows:

  • Identity Data   includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender;
  • Contact Data   includes billing address, delivery address, email address and telephone numbers;
  • Financial Data   includes bank account, payment card details, and payroll data;
  • Transaction Data   includes details about payments to and from you and other details of products and services you have purchased from us;
  • Technical Data   includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website or intranet;
  • Profile Data   includes your username and password on our website, our intranet, purchases or orders made by you, your preferences, and feedback and survey responses;
  • Usage Data  includes information about how you use our website, intranet, products and services;
  • Marketing and Communications Data   includes your preferences in receiving marketing from us and our third parties and your communication preferences; and
  • Special Categories of Personal Data   includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.

How we collect information about you

Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, and e-mail or otherwise. This includes personal data you provide when you:

  • Apply for employment with us or when you become an employee/contractor;
  • Agree to take part in a clinical research program;
  • Apply for our products or services;
  • Subscribe to our services or publications;
  • Request marketing to be sent to you;
  • Enter a promotion or survey;
  • Give us some feedback; or
  • Provide unsolicited information to us.

Automated interactions. As you interact with our website or intranet, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies.

Third parties (or publicly available sources). We may receive categories of personal data about you from various third parties and public sources as set out below:

  • Technical Data from analytics providers such as Google, advertising networks and search information providers.
  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
  • Identity and Contact Data from data brokers, aggregators or recruitment agencies.
  • Identity and Contact Data from publicly availably sources.
  • Special Categories of Data including Health Data from Clinical Research Organizations conducting clinical research on our behalf.

How we use your information

We process the personal information we collect for the following purposes/legal bases:

a. Contract
We process your personal data when it is necessary for the performance of a contract with you, or where you have requested us to take steps prior to us entering into a contract together, in particular:

  • To fulfill any of our obligations owed to you under such contract such as to manage your orders, arrange the provision or receipt of goods and services, and to make payments to you for services provided, the reimbursement of expenses or rebates;
  • Where applicable, to manage information related to your attendance at an event, for example, your dietary requirements; and
  • Managing orders, questions, and complaints regarding products where you have placed orders, posed questions in relation to orders, or submitted complaints.

b. Legal obligation
We process your personal data to meet legal (including tax and accounting), regulatory, pharmacovigilance, quality, medical inquiry, and compliance requirements, including:

  • To respond to requests for information from government authorities;
  • To comply with all legal and self-regulatory obligations including transparency and disclosure obligations or anti-gift obligations (this may either be in our legitimate interests or a legal obligation);
  • To manage and respond to requests concerning quality or medical information (this may either be in our legitimate interests or a legal obligation);
  • Prior to entering into a personal services contract with you, to check that your professional expertise and experience match our identified need for that service.

We may also process your personal data in connection with dispute resolution, legal claims, compliance, regulatory and such investigative purposes as we deem to be necessary (including disclosure of such information in connection with legal process or litigation). We maintain records of any consents, preferences or other settings to enable us to comply with data protection laws.

c. Legitimate interests
We also process your personal data when it is necessary for the purposes of our legitimate interests as a controller (or those of a third party):

  • To promote goods and services including in relation to promotional and educational events for healthcare professionals;
  • To educate and train staff and promote their professional and personal development;
  • To respond to your queries or other correspondence you have submitted through our Sites;
  • To analyze engagement with our Sites, communications, events and services in order to improve content, optimize performance and enhance their relevance to various audiences;
  • To optimize and tailor the use of our Sites and our communication to you;
  • To detect, investigate, prevent or report activities that may violate our policies or be illegal;
  • To carry out conflict of interest checks and assessments where you have been identified by a Modavar employee as having a potential conflict of interest with us and keep records of the same to enable us to take appropriate action to remediate such conflicts;
  • To develop and maintain our relationship with you and to better understand the healthcare sector;
  • To contact you or otherwise provide you with information regarding Our products or events (when your consent to receive direct marketing communications is not required);
  • To tailor our communications to you based on your expertise and professional interests;
  • To assess and analyze your interests and experience based on information our representatives collect during calls or visits;
  • To carry out and follow-up training, including by providing you with further information, inviting you to symposia, congresses, seminars, debates and other events;
  • To carry out or engage in market research, scientific cooperation or other research activities to better understand our markets and/or increase our expertise;
  • To check that your professional expertise and experience matches our identified need for a particular service prior to entering into any personal services contract with you (to the extent that this is not a legal obligation as set out below);
  • To manage our business relationship with you;
  • To plan for, conduct and monitor our business in relation to our supplier/vendor or customer contracts;
  • To handle any questions or complaints you may have about us or our staff
  • To investigate allegations of misconduct; and
  • For due diligence prior to setting up a trading account or in the circumstances of mergers and acquisitions, dispute resolution or audit.

How we share your personal data

Modavar does not and will not sell your personal data. We may, however, share your personal data with the parties set out below for the purposes set out in the section “How We Use Your Information.”

Internal Third Parties: other companies or departments in Modavar that provide IT and system administration services and undertake leadership reporting may receive any category of data as necessary to perform job functions.

External Third Parties: service providers who provide IT and system administration services and data analytics, vendors who provide clinical trial services, and third parties that provide promotional and marketing support may receive any category of data as necessary to perform their services.

Other Third Parties: third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets may receive any category of data as necessary to perform the transaction. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.

Professional advisers: advisors (e.g., lawyers, bankers, auditors and insurers) who provide consultancy, banking, legal, insurance and accounting and payroll services may receive any category of data as necessary to perform their services.

Supervisory Authorities: Revenue and Customs, IRS and FDA, regulators and other authorities who require reporting of processing activities in certain circumstances may receive any category of data as necessary to comply with legal and regulatory requirements.

Modavar may also disclose aggregate or anonymized data that is not personally identifiable to third parties for any purpose.

We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:

Promotional material from us. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

Opting in. You will receive marketing communications from us if you have requested information from us or purchased products or services from us and, in each case, you have opted-in to receiving that marketing.

Third-party marketing. We will get your express opt-in consent before we share your personal data with any company outside Modavar for marketing purposes.

Opting out. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you. Where you opt-out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty, product/service experience or other transactions.

Cookies. Most web browsers allow some control of most cookies through the browser settings. For additional information about how Modavar uses cookies and similar technologies, see the link “Cookies” on our home page.

Google Analytics. To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout

How we store / protect your information

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach when we are legally required to do so.

California Privacy Rights

The California Consumer Privacy Act of 2018 (“CCPA”) provides consumers (i.e., California residents) with specific rights, subject to some limitations and verification, regarding their personal data:

1. Consumers have the right to know about the personal data Modavar collected, disclosed, or sold about them in the 12 months preceding the date Modavar received the request.

2. Consumers have the right to request deletion of their personal data collected or maintained by Modavar.

3. Consumers have the right to opt-out of the sale of their personal data.

4. Consumers have the right to non-discrimination for the exercise of their privacy rights.

If you would like to exercise any of these rights, please go to the “Contact Us” section of our website. We will provide you with a form to complete that will ask you for your contact information, the right(s) you wish to exercise, and two pieces of identification that between them show your name, date of birth and address. The information collected will only be used to respond to your request and for record-keeping purposes to demonstrate compliance with the CCPA.

If the consumer prefers, he or she may designate an authorized agent to make a request under the CCPA on the consumer’s behalf.

California Civil Code Section 1798.83 permits California residents who are individual customers of Modavar products to request certain information regarding its disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please contact us using our contact information listed in Section A (“How to Contact Us”).

Be sure to include your name and address. You can include your email address if you want to receive a response by email. Otherwise, we will respond by postal mail within the time required by law.

Children

While in some instances we may collect personal data about children with the consent of a parent or guardian, such as clinical activities or for patient support programs, we do not otherwise knowingly solicit data from, or market to, children. If a parent or guardian becomes aware that his or her child has provided us with personal data, he or she should contact us through the “Contact Us” section of our website. We will take reasonable steps to delete such data from our database within a reasonable time.

Links to other non-modavar sites

As a convenience to our website visitors and users, Modavar may offer links to non-Modavar sites that we believe may offer useful information. The inclusion of a link on the Modavar website does not imply our endorsement of the linked site or service. When you click on one of these links, you will be transferred from the website and be connected to the site of the organization or company that you selected. This Notice is no longer applicable when you leave a Modavar site by way of link. Each of these linked sites maintains its own independent privacy policies and procedures, which you should consult before providing any of your personal information. After choosing to move to a third-party’s website, you will receive a notification that you are leaving our website.

Privacy notice updates

Modavar may update this Notice from time to time. Please check this Notice periodically for changes. If we make any changes, the updated Notice will be posted with a revised effective date. We encourage you to periodically review this page for the latest information on our privacy practices.

Your Rights - For Europe

By law you may be entitled under circumstances to the following:

  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal databthat we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to another party.

If you want to review, verify, correct, or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us using the contact details in this Privacy Notice.

How long we retain your personal data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Contact Information

Please contact us at: info@modavar.com

Effective Date: April 2022