Privacy Policy

Last Updated: February 2019

1. INTRODUCTION

1.1
Delcath Systems, Inc. and its subsidiaries and affiliates globally (‘Delcath’ ‘we’, ‘us’, ‘our’,) are strongly committed to protecting the privacy of your personal data. This Privacy Notice applies to your use of the websites www.againsttheodds.com and www.lebengewinnen.de (the “Sites”) and also applies to patient personal data that we process personal data on (‘you’, ‘your’). This Notice sets out how we use, collect and protect your personal data.
1.2
This Privacy Notice (“Notice”) has been developed to let you know: (1) who we are; (2) the kinds of personal data we may gather during your visit to the Sites and through our interactions with you; (3) our basis for gathering your personal data; (4) how and why we process your personal data; (5) when we might disclose your personal data and to whom; (6) how your personal data is kept secure; (7) how long we will retain your personal data; and (8) certain rights you may have relating to your personal data.
1.3
Delcath strives to collect, use and disclose personal data in a manner consistent with the laws of the Countries in which it does business. We also wish to inform any citizens of the European Economic Area (“EEA”) of their rights when we use their personal data.

2. WHO PROCESSES YOUR PERSONAL DATA?

2.1
For the purposes of applicable data protection legislation, Delcath is the data controller of your personal data. You will find our contact details in the “Contact us” section at the end of this Notice.

3. IDENTITY AND CONTACT DETAILS OF THE DATA PROTECTION TEAM

3.1
Delcath’s GDPR team will deal with all of Delcath’s Data Protection matters and you can contact them at privacy@delcath.com.

4. WHO DOES THIS NOTICE APPLY TO?

4.1
This Notice applies to:
  • website users of the Sites; and
  • patients (existing and potential, including patient’s family).
4.2
Delcath also has other privacy notices which apply to other categories of data subjects. These privacy notices can be accessed at the following websites:
  • http://chemosat.com/
  • www.delcath.com
4.3
Should you have any queries as to what Privacy Notice applies to you, please do not hesitate to contact us at privacy@delcath.com.

5. WHAT KINDS OF PERSONAL DATA DO WE COLLECT?

5.1
We receive and store any personal data you provide to us through our interactions with you as well as personal data that we receive from other sources, including but not limited to the following: Information you provide to us through your interactions with us and from our websites:
  1. Name;
  2. address;
  3. email;
  4. disease type;
  5. Our Sites provides access to a BMI tool which may allow you to voluntarily supply us with information, including your height and weight. You may decline to provide your information but, as a result, you may not have access to, or the benefit of, this feature. Delcath does not track or store the information which you supply via the BMI tool and same is immediately deleted once your session expires.
Information you do not provide to us and we collect from you:
  1. Cookies and standard service logs: Even if you do not explicitly provide us with information, we may collect certain personal data when you interact with the Site. For example, our servers may keep an activity log that tracks all visitors to the Site. The information in the activity log will be anonymous and therefore may not identify you individually; however such information, in conjunction with other information that we hold, may also be capable of identifying you and may constitute personal data under certain jurisdictions laws. The information our server collects may include, among other data, information about:
    • how you use the Sites;
    • your device and behaviour;
    • websites you visited before and after visiting the Site; and
    • tracking you across devices and marketing channels.
  2. We collect this information using technologies such as standard server logs and cookies (see section 7.2 to 7.7 below). We use passively-collected information to administer, operate, and improve the Site.
  3. IP Address or Device Identifier: When you visit our website, we may collect your Internet Protocol (“IP”) address, which identifies the computer or service provider that you use to access our website or, if you connect through a mobile device, your mobile device identifier. We may use these identifiers to collect information about the length of time spent on our website or the specific areas visited.
  4. Web beacons and other technologies: Our website may use other tracking tools, including web beacons, which are small electronic images embedded in web content and email messages that are not ordinarily visible to users. Web beacons allow us to track pages and content accessed and viewed by users, as well as to monitor email readership. We may use pixels to track visitors and to serve ads for us. You can opt out of pixels by adjusting your browsers cookie settings or adjusting cookie consent options on our website to not accept marketing cookies.
  5. If any of the information gathered through these means, either alone or when combined with other information, constitutes personal data under the laws of your country, or if through linking or associating any information gathered through passive means with any other personal data, we treat the combined information as personal data, the terms of this Notice will apply. Otherwise, we use and disclose information collected by passive means in aggregate form or otherwise in a non-personally identifiable form.

6. LEGAL BASIS FOR PROCESSING UNDER EUROPEAN PRIVACY LAWS

Should you have any queries as to what Privacy Notice applies to you, please do not hesitate to contact us at privacy@delcath.com.
Legal Basis
Processing Activity
Consent If you contact us with inquiries or seek further detail regarding the Sites and our product, we will ask you for your consent to process your personal data for this purpose. We will also ask you for your consent to pass your contact details to appropriate healthcare professionals. We may also ask you to share your experiences of having our procedure and we will rely on your consent to process your personal data in this regard. In the event you wish to withdraw your consent to the processing (that is based on consent), please send a request to this email address: privacy@delcath.com
Compliance with legal obligations We may need to disclose your identity and other personal data to comply with a request from law enforcement, other government agencies. We may need to process your personal data to investigate any medical queries, complaints, adverse events and recalls relating to our products so as to comply with our legal and regulatory obligations.
Legitimate interests We may disclose your identity and other relevant personal data in connection with any complaint regarding your use of the Website. This is necessary in order to protect us from any liability in We have undertaken a legitimate interest assessment (“LIA”). You can obtain further information regarding the LIA by contacting us at privacy@delcath.com
Establishment, exercise or defence of legal claims Delcath may need to process your personal data in order to defend potential legal claims.
Protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent We may need to process your personal data in order to investigate any medical queries, complaints or adverse events regarding our products.

7. HOW WE GATHER DATA AND PERSONAL DATA

7.1
We may gather personal data from your use of the Site and through your interaction with us (for example, when you contact us via email, telephone). Cookies and other similar technologies
7.2
We gather data from your use of the Site through the use of cookies and other similar technologies. We are generally not able to identify you from this data. A “cookie” is a small text file that a website can send to your browser, which may be stored on your computer, device, or system. Cookies allow us to better serve visitors to our Sites by offering a tailored experience.
7.3
Our cookies do not store any personal data such as your name, email address, street address or phone number, however they do collect information regarding how you use the Sites, your device and behaviour, broad geographical location, standard server log information and IP addresses, which may constitute personal data. This information (which does not identify any individual) is aggregated to gather data such as the total number of visits to our Sites, the number of visitors to each page of our Sites, and the domain names of our visitors’ Internet service providers. We use this information, which remains in aggregate form, to understand how our visitors use our Sites so that we may improve it and the services we offer.
7.4
We have introduced Google Analytics to our Site in order to allow us to measure and learn in aggregate how our website is being used, and to see for example, which are the most popular pages.
7.5
More information about cookies can be found at: www.allaboutcookies.org. We do not honor “Do Not Track” signals.
7.6
IP Address or Device Identifier: When you visit our website, we may collect your Internet Protocol (“IP”) address, which identifies the computer or service provider that you use to access our website or, if you connect through a mobile device, your mobile device identifier. We may use these identifiers to collect information about the length of time spent on our website or the specific areas visited.
7.7
Web beacons and other technologies: Our website may use other tracking tools, including web beacons, which are small electronic images embedded in web content and email messages that are not ordinarily visible to users. Web beacons allow us to track pages and content accessed and viewed by users, as well as to monitor email readership. We may use pixels to track visitors and to serve ads for us. You can opt out of pixels by adjusting your browsers cookie settings or adjusting cookie consent options on our website to not accept marketing cookies.

8. HOW WE MAY USE YOUR PERSONAL DATA

8.1
Except as disclosed in this Notice, we will not disclose personal data that we collect to any parties other than those with whom we partner or are affiliated with. Except as disclosed below, we will not sell, share, trade, rent, or give away your personal data. Information you provide
8.2
Delcath may use the information you provide to us to:
  1. contact you and respond to your inquiries, and communicate with you when necessary, regarding chemosaturation therapy;
  2. help us improve, operate and enhance your experience on the Sites;
  3. Share your experiences of having our procedure through online videos or case studiescomply with our legal and regulatory requirements;
  4. to provide you with contact details of Healthcare providers and Hospitals that undertake chemosaturation therapy;
  5. to prevent or detect abuses of our terms of use, and to enable third-parties to carry out technical or other functions on our behalf as well as any other purpose that we may disclose to you at the point at which we request your personal data; and
  6. improve our product; and
  7. to perform functions as otherwise described to you at the time of collection or that you otherwise consent to.
Information you do not directly provide
8.3
Delcath may use the information (not directly supplied by you) to
  1. aggregate and use personal data and other non- personal information gathered in the manners described above, including device type, unique device information, browser-type, broad geographic location (e.g. country or city-level location) and other technical information, including how your device has interacted with our website, to help us determine how people use the Sites and to improve the Site’s performance and usefulness.
  2. obtain personal data about you from other sources such as public registers, business partners, service providers etc. such as LinkedIn and we may contact you regarding our product.
  3. if, by virtue of applicable laws in your country, any of the information gathered through linking or associating any information gathered from other sources or reputable third-parties, we treat the combined information as personal data, and the terms of this Notice will apply. Otherwise, we use and disclose information collected by passive means in aggregate form or otherwise in a non-personally identifiable form.

9. OTHER WEBSITES:

9.1
These Sites may also contain links to other websites. Some of those websites may be operated by Delcath affiliates, and some may be operated by third parties. This Notice applies to the use of the Sites as well as applying to patients that we hold personal data on. Delcath has other privacy notices in place regarding other categories of data subjects and same can be located on the respective Delcath websites (refer to section 4 of this Notice).
9.2
Whenever you leave this website we recommend that you review the privacy practices that apply to information you provide on other websites. We provide the links for your convenience, but we do not review, control, or monitor the privacy practices of websites operated by others. Before you choose to access other websites, please be certain that you review the Privacy Notice and terms of use of that social media platform or website.
9.3
These Sites may allow you to post content to various social media platforms, including Facebook, Twitter and others. If you are a member of a social media platform or website and log in to such social media or platform, the interfaces may allow the social media platform or website to connect your visit to the Sites to your personal data. Please be aware that when you communicate on such a platform you are no longer on Delcath’s Sites, and we have no control over the information that other websites or social media websites collect, store, or use. Before you choose to access other websites from the Sites or “like” or share information from the Site through any social media platform or website, please be certain that you review the Privacy Notice and terms of use of that social media platform or website.

10. DO WE DISCLOSE PERSONAL DATA TO ANYONE ELSE?

10.1
We shall only disclose your personal data to third parties when we have your consent to do so, when it is necessary as part of business practices or when there is a legal or statutory obligation to do so.
10.2
Whenever we disclose your information to third parties, we will only disclose that amount of personal data necessary to meet such business needs or legal requirements. Third parties that receive data subjects’ information from us must satisfy us as to the measures taken to protect the personal data such parties receive, in accordance with any applicable laws and as stated in this Notice. Appropriate measures will be taken to ensure that all such disclosures or transfers of information to third parties will be completed in a secure manner and pursuant to contractual safeguards.
10.3
From time to time, we may also share personal data or non-personally identifiable information with third-parties that we have engaged to perform certain services in connection with the operation of certain aspects of the Sites, including to customize, deliver, measure, analyse, improve and support our services, content, advertising and layout, your interaction with those aspects, and to deliver more relevant messages and advertisements to you. These third-party service providers are authorised to use personal data or non-personally identifiable information only as needed to perform their functions on our behalf and are required to maintain the security of your personal data.
10.4
We may also change our ownership or corporate organisation while providing the Site or otherwise undergo a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or a similar proceeding (‘Transaction’). In such event, we may transfer your information to another company that is acquiring or affiliated with us, with which we have merged, or which has acquired all or some of our assets. In such circumstances, we will only transfer the minimal level of such personal data necessary to close a Transaction. We will also endeavour to anonymise shared personnel person data.
10.5
From time to time we may enter into licensing agreements with International Companies to sell and market our product in various jurisdictions. We may share your name, gender, business title, business email address, business phone number, fax number, details of research interests, details concerning usage of our product as well as details concerning interactions with Delcath representatives with the licensee.
10.6
We may provide information, when obliged to do so under data protection law and in response to properly made requests, for example, for the purpose of the prevention and detection of crime, and the apprehension or prosecution of offenders. We may also provide information for the purpose of safeguarding national security. In the case of any such disclosure, we will do so only in accordance with applicable laws.
10.7
We may also provide data subjects’ personal data when required to do so by law in order to comply with our legal and regulatory requirements, and may transfer data to legal counsel where same is necessary for the defence of legal claims.
10.8
We may also disclose your identity or any personal data in connection with any complaint regarding your use of the Sites

11. EUROPEAN DATA AND TRANSFERS OUTSIDE OF THE EEA

11.1
Your personal data may be processed by Delcath, its subsidiaries and Delcath’s trusted third party suppliers outside of your home country. If you are a located in the EEA, you should be aware that your data may be transferred to Delcath’s affiliates outside of the EEA and in particular the United States of America. Data privacy laws in the countries to which your personal data is transferred may not be equivalent to, or as protective as, the laws in your home country.
11.2
We will implement appropriate measures to ensure that your personal data remains protected and secure when it is transferred outside of the EEA, in accordance with applicable data protection and privacy laws. Because the United States and other countries that have not received an “adequacy finding” regarding their privacy laws from the European Commission, and except as set forth above, Delcath may rely on derogations in Article 49 of the General Data Protection Regulation (EU) 2016/679 to transfer your information to those countries.

12. HOW LONG DO WE KEEP PERSONAL DATA?

12.1
The period for which we retain information varies according to the use of that information. In some cases, there are legal requirements to keep data for a minimum period of time. Unless specific legal requirements dictate otherwise, we will retain personal data in accordance with our Data Retention Policy and for:
  1. no longer than is necessary for the purposes for which the data were collected and processed;
  2. where you have contacted us with a question or request, for as long as necessary to allow us to respond to your question or request.

13. YOUR RIGHTS:

13.1
Your rights as regards the personal data we hold on you depends on the applicable laws in your country.
13.2
EEA citizen privacy rights: If you are an EEA Citizen, you have the right to request that we:
  • provide you with information as to whether we process your data and details relating to our processing, and with a copy of your data;
  • rectify any inaccurate data we might have about your without undue delay;
  • complete any incomplete information about you;
  • under certain circumstances, erase your personal data without undue delay;
  • under certain circumstances, be restricted from processing your data; and
  • under certain circumstances, furnish you with the personal data which you provided
Where we process your personal data solely on the basis of your consent, EEA citizens have the right to withdraw consent in respect of processing personal data at any time. This will not affect the lawfulness of our processing before the withdrawal. You also have the right to lodge a complaint with your data protection supervisory authority. The exercise of the above rights might be subject to certain conditions and we might require further information from you before we can respond to your request. If you would like to exercise your rights, please let us know by getting in touch with us at privacy@delcath.com. We will confirm your request within twenty-one (21) days of receipt, and process your request within thirty (30) days of receipt.
13.3
California Privacy Rights California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits California residents to request and obtain once a year, free of charge, information about the personal data (if any) that Delcath disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal data that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If the nature of the third party’s business cannot be determined from its name, examples of the products or services marketed may be provided. If you are a California resident and would like to make such a request, please email your request to: webmaster@delcath.com. Please note, third parties are not allowed to use the Sites to track individual California residents over time and across websites.

14. CHILDREN’S PRIVACY

14.1
The Sites are general purpose websites and are not directed at Children under the age of 13. Accordingly, Delcath does not knowingly collect any personal data (such as name, address, and telephone number) from children under 13 years of age (or any other digital age of consent in your jurisdiction, for example 16 years of age in certain EEA countries) (together, the “Age of Consent”) through its Sites. Delcath will specifically instruct children under the Age of Consent not to submit such information to these Sites.
14.2
We do not currently allow children under the Age of Consent to register for, or participate in, contests or promotions on these Sites. However, if the parent or guardian of a child under the Age of Consent believes that their child has provided us with personally identifiable information, that parent or guardian should contact us if they want this information deleted from our systems. If Delcath obtains knowledge that it has personally identifiable information about a child under the Age of Consent in retrievable form in its files, we will delete that information from our existing files. In addition, anyone under 18 years of age should seek their parent’s or guardian’s permission prior to using or disclosing any personal data on these Sites.

15. HOW DOES DELCATH PROTECT PERSONAL DATA ABOUT YOU?

15.1
We employ reasonable appropriate administrative, technical, personnel procedural and physical measures to safeguard personal data against loss, theft and unauthorised uses access, uses or modifications. For example, when we share your personal data with third parties, we will put in place a written agreement which commits the third parties to keep your information confidential, and to put in place appropriate security measures to keep your information secure.
15.2
Security and testing are performed on systems containing personal data to verify control effectiveness. Security of these systems are monitored continuously.
15.3
While we have procedures and security features in place to keep the data secure once we receive it, the transmission to us of information via the internet or mobile phone network connection may not be completely secure and any transmission is at your own risk.

16. REVIEW

16.1
This Notice will be reviewed and updated from time to time to consider changes in the law and the experience of the notice in practice. Any and all changes will be advised to website users and, if necessary, we will obtain your consent prior to applying any changes to any personal data collected from you prior to the date the change becomes effective. Your continued use of our Sites after such changes will be subject to the then-current notice. We encourage you to periodically review this Notice to stay informed about how we collect, use, and disclose personal data.

17. CONTACT INFORMATION

If you have questions about this Notice or our treatment of the information provided to us, please contact us at: For EEA citizens: Delcath Systems Limited Unit 19 Mervue Business Park. Galway, Ireland Phone: +353 91 7462000 E-mail: privacy@delcath.com For non EEA citizens: Delcath Systems, Inc. 1633 Broadway Suite 22C New York, NY 10019 U.S.A. Phone: 212 489-2100 E-mail: privacy@delcath.com