1.1Delcath Systems, Inc. and its subsidiaries and affiliates globally (‘Delcath’ ‘we’, ‘us’, ‘our’,) are strongly committed to protecting the privacy of your personal data. This Privacy Notice applies to your use of the websites www.againsttheodds.com and www.lebengewinnen.de (the “Sites”) and also applies to patient personal data that we process personal data on (‘you’, ‘your’). This Notice sets out how we use, collect and protect your personal data.
1.2This Privacy Notice (“Notice”) has been developed to let you know: (1) who we are; (2) the kinds of personal data we may gather during your visit to the Sites and through our interactions with you; (3) our basis for gathering your personal data; (4) how and why we process your personal data; (5) when we might disclose your personal data and to whom; (6) how your personal data is kept secure; (7) how long we will retain your personal data; and (8) certain rights you may have relating to your personal data.
1.3Delcath strives to collect, use and disclose personal data in a manner consistent with the laws of the Countries in which it does business. We also wish to inform any citizens of the European Economic Area (“EEA”) of their rights when we use their personal data.
2. WHO PROCESSES YOUR PERSONAL DATA?
2.1For the purposes of applicable data protection legislation, Delcath is the data controller of your personal data. You will find our contact details in the “Contact us” section at the end of this Notice.
3. IDENTITY AND CONTACT DETAILS OF THE DATA PROTECTION TEAM
3.1Delcath’s GDPR team will deal with all of Delcath’s Data Protection matters and you can contact them at firstname.lastname@example.org.
4. WHO DOES THIS NOTICE APPLY TO?
4.1This Notice applies to:
- website users of the Sites; and
- patients (existing and potential, including patient’s family).
4.2Delcath also has other privacy notices which apply to other categories of data subjects. These privacy notices can be accessed at the following websites:
4.3Should you have any queries as to what Privacy Notice applies to you, please do not hesitate to contact us at email@example.com.
5. WHAT KINDS OF PERSONAL DATA DO WE COLLECT?
5.1We receive and store any personal data you provide to us through our interactions with you as well as personal data that we receive from other sources, including but not limited to the following: Information you provide to us through your interactions with us and from our websites:
- disease type;
- Our Sites provides access to a BMI tool which may allow you to voluntarily supply us with information, including your height and weight. You may decline to provide your information but, as a result, you may not have access to, or the benefit of, this feature. Delcath does not track or store the information which you supply via the BMI tool and same is immediately deleted once your session expires.
- Cookies and standard service logs: Even if you do not explicitly provide us with information, we may collect certain personal data when you interact with the Site. For example, our servers may keep an activity log that tracks all visitors to the Site. The information in the activity log will be anonymous and therefore may not identify you individually; however such information, in conjunction with other information that we hold, may also be capable of identifying you and may constitute personal data under certain jurisdictions laws. The information our server collects may include, among other data, information about:
- how you use the Sites;
- your device and behaviour;
- websites you visited before and after visiting the Site; and
- tracking you across devices and marketing channels.
- We collect this information using technologies such as standard server logs and cookies (see section 7.2 to 7.7 below). We use passively-collected information to administer, operate, and improve the Site.
- IP Address or Device Identifier: When you visit our website, we may collect your Internet Protocol (“IP”) address, which identifies the computer or service provider that you use to access our website or, if you connect through a mobile device, your mobile device identifier. We may use these identifiers to collect information about the length of time spent on our website or the specific areas visited.
- Web beacons and other technologies: Our website may use other tracking tools, including web beacons, which are small electronic images embedded in web content and email messages that are not ordinarily visible to users. Web beacons allow us to track pages and content accessed and viewed by users, as well as to monitor email readership. We may use pixels to track visitors and to serve ads for us. You can opt out of pixels by adjusting your browsers cookie settings or adjusting cookie consent options on our website to not accept marketing cookies.
- If any of the information gathered through these means, either alone or when combined with other information, constitutes personal data under the laws of your country, or if through linking or associating any information gathered through passive means with any other personal data, we treat the combined information as personal data, the terms of this Notice will apply. Otherwise, we use and disclose information collected by passive means in aggregate form or otherwise in a non-personally identifiable form.
6. LEGAL BASIS FOR PROCESSING UNDER EUROPEAN PRIVACY LAWSShould you have any queries as to what Privacy Notice applies to you, please do not hesitate to contact us at firstname.lastname@example.org.
|Consent||If you contact us with inquiries or seek further detail regarding the Sites and our product, we will ask you for your consent to process your personal data for this purpose. We will also ask you for your consent to pass your contact details to appropriate healthcare professionals. We may also ask you to share your experiences of having our procedure and we will rely on your consent to process your personal data in this regard. In the event you wish to withdraw your consent to the processing (that is based on consent), please send a request to this email address: email@example.com|
|Compliance with legal obligations||We may need to disclose your identity and other personal data to comply with a request from law enforcement, other government agencies. We may need to process your personal data to investigate any medical queries, complaints, adverse events and recalls relating to our products so as to comply with our legal and regulatory obligations.|
|Legitimate interests||We may disclose your identity and other relevant personal data in connection with any complaint regarding your use of the Website. This is necessary in order to protect us from any liability in We have undertaken a legitimate interest assessment (“LIA”). You can obtain further information regarding the LIA by contacting us at firstname.lastname@example.org|
|Establishment, exercise or defence of legal claims||Delcath may need to process your personal data in order to defend potential legal claims.|
|Protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent||We may need to process your personal data in order to investigate any medical queries, complaints or adverse events regarding our products.|
7. HOW WE GATHER DATA AND PERSONAL DATA
7.1We may gather personal data from your use of the Site and through your interaction with us (for example, when you contact us via email, telephone). Cookies and other similar technologies
7.3Our cookies do not store any personal data such as your name, email address, street address or phone number, however they do collect information regarding how you use the Sites, your device and behaviour, broad geographical location, standard server log information and IP addresses, which may constitute personal data. This information (which does not identify any individual) is aggregated to gather data such as the total number of visits to our Sites, the number of visitors to each page of our Sites, and the domain names of our visitors’ Internet service providers. We use this information, which remains in aggregate form, to understand how our visitors use our Sites so that we may improve it and the services we offer.
7.4We have introduced Google Analytics to our Site in order to allow us to measure and learn in aggregate how our website is being used, and to see for example, which are the most popular pages.
7.5More information about cookies can be found at: www.allaboutcookies.org. We do not honor “Do Not Track” signals.
7.6IP Address or Device Identifier: When you visit our website, we may collect your Internet Protocol (“IP”) address, which identifies the computer or service provider that you use to access our website or, if you connect through a mobile device, your mobile device identifier. We may use these identifiers to collect information about the length of time spent on our website or the specific areas visited.
7.7Web beacons and other technologies: Our website may use other tracking tools, including web beacons, which are small electronic images embedded in web content and email messages that are not ordinarily visible to users. Web beacons allow us to track pages and content accessed and viewed by users, as well as to monitor email readership. We may use pixels to track visitors and to serve ads for us. You can opt out of pixels by adjusting your browsers cookie settings or adjusting cookie consent options on our website to not accept marketing cookies.
8. HOW WE MAY USE YOUR PERSONAL DATA
8.1Except as disclosed in this Notice, we will not disclose personal data that we collect to any parties other than those with whom we partner or are affiliated with. Except as disclosed below, we will not sell, share, trade, rent, or give away your personal data. Information you provide
8.2Delcath may use the information you provide to us to:
- contact you and respond to your inquiries, and communicate with you when necessary, regarding chemosaturation therapy;
- help us improve, operate and enhance your experience on the Sites;
- Share your experiences of having our procedure through online videos or case studiescomply with our legal and regulatory requirements;
- to provide you with contact details of Healthcare providers and Hospitals that undertake chemosaturation therapy;
- improve our product; and
- to perform functions as otherwise described to you at the time of collection or that you otherwise consent to.
8.3Delcath may use the information (not directly supplied by you) to
- aggregate and use personal data and other non- personal information gathered in the manners described above, including device type, unique device information, browser-type, broad geographic location (e.g. country or city-level location) and other technical information, including how your device has interacted with our website, to help us determine how people use the Sites and to improve the Site’s performance and usefulness.
- obtain personal data about you from other sources such as public registers, business partners, service providers etc. such as LinkedIn and we may contact you regarding our product.
- if, by virtue of applicable laws in your country, any of the information gathered through linking or associating any information gathered from other sources or reputable third-parties, we treat the combined information as personal data, and the terms of this Notice will apply. Otherwise, we use and disclose information collected by passive means in aggregate form or otherwise in a non-personally identifiable form.
9. OTHER WEBSITES:
9.1These Sites may also contain links to other websites. Some of those websites may be operated by Delcath affiliates, and some may be operated by third parties. This Notice applies to the use of the Sites as well as applying to patients that we hold personal data on. Delcath has other privacy notices in place regarding other categories of data subjects and same can be located on the respective Delcath websites (refer to section 4 of this Notice).
10. DO WE DISCLOSE PERSONAL DATA TO ANYONE ELSE?
10.1We shall only disclose your personal data to third parties when we have your consent to do so, when it is necessary as part of business practices or when there is a legal or statutory obligation to do so.
10.2Whenever we disclose your information to third parties, we will only disclose that amount of personal data necessary to meet such business needs or legal requirements. Third parties that receive data subjects’ information from us must satisfy us as to the measures taken to protect the personal data such parties receive, in accordance with any applicable laws and as stated in this Notice. Appropriate measures will be taken to ensure that all such disclosures or transfers of information to third parties will be completed in a secure manner and pursuant to contractual safeguards.
10.3From time to time, we may also share personal data or non-personally identifiable information with third-parties that we have engaged to perform certain services in connection with the operation of certain aspects of the Sites, including to customize, deliver, measure, analyse, improve and support our services, content, advertising and layout, your interaction with those aspects, and to deliver more relevant messages and advertisements to you. These third-party service providers are authorised to use personal data or non-personally identifiable information only as needed to perform their functions on our behalf and are required to maintain the security of your personal data.
10.4We may also change our ownership or corporate organisation while providing the Site or otherwise undergo a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or a similar proceeding (‘Transaction’). In such event, we may transfer your information to another company that is acquiring or affiliated with us, with which we have merged, or which has acquired all or some of our assets. In such circumstances, we will only transfer the minimal level of such personal data necessary to close a Transaction. We will also endeavour to anonymise shared personnel person data.
10.5From time to time we may enter into licensing agreements with International Companies to sell and market our product in various jurisdictions. We may share your name, gender, business title, business email address, business phone number, fax number, details of research interests, details concerning usage of our product as well as details concerning interactions with Delcath representatives with the licensee.
10.6We may provide information, when obliged to do so under data protection law and in response to properly made requests, for example, for the purpose of the prevention and detection of crime, and the apprehension or prosecution of offenders. We may also provide information for the purpose of safeguarding national security. In the case of any such disclosure, we will do so only in accordance with applicable laws.
10.7We may also provide data subjects’ personal data when required to do so by law in order to comply with our legal and regulatory requirements, and may transfer data to legal counsel where same is necessary for the defence of legal claims.
10.8We may also disclose your identity or any personal data in connection with any complaint regarding your use of the Sites
11. EUROPEAN DATA AND TRANSFERS OUTSIDE OF THE EEA
11.1Your personal data may be processed by Delcath, its subsidiaries and Delcath’s trusted third party suppliers outside of your home country. If you are a located in the EEA, you should be aware that your data may be transferred to Delcath’s affiliates outside of the EEA and in particular the United States of America. Data privacy laws in the countries to which your personal data is transferred may not be equivalent to, or as protective as, the laws in your home country.
11.2We will implement appropriate measures to ensure that your personal data remains protected and secure when it is transferred outside of the EEA, in accordance with applicable data protection and privacy laws. Because the United States and other countries that have not received an “adequacy finding” regarding their privacy laws from the European Commission, and except as set forth above, Delcath may rely on derogations in Article 49 of the General Data Protection Regulation (EU) 2016/679 to transfer your information to those countries.
12. HOW LONG DO WE KEEP PERSONAL DATA?
12.1The period for which we retain information varies according to the use of that information. In some cases, there are legal requirements to keep data for a minimum period of time. Unless specific legal requirements dictate otherwise, we will retain personal data in accordance with our Data Retention Policy and for:
- no longer than is necessary for the purposes for which the data were collected and processed;
- where you have contacted us with a question or request, for as long as necessary to allow us to respond to your question or request.
13. YOUR RIGHTS:
13.1Your rights as regards the personal data we hold on you depends on the applicable laws in your country.
13.2EEA citizen privacy rights: If you are an EEA Citizen, you have the right to request that we:
- provide you with information as to whether we process your data and details relating to our processing, and with a copy of your data;
- rectify any inaccurate data we might have about your without undue delay;
- complete any incomplete information about you;
- under certain circumstances, erase your personal data without undue delay;
- under certain circumstances, be restricted from processing your data; and
- under certain circumstances, furnish you with the personal data which you provided