Privacy Notice for Health Care Professionals
Privacy Notice for Medical Information, Pharmacovigilance Reports and Product Complaints
SCOPE
Please see our Privacy Snapshot for a high-level overview of our privacy practices.
This privacy policy (“Policy”) describes how Deciphera Pharmaceuticals, LLC and its affiliates and subsidiaries (collectively “Deciphera,” “we,” “our,” or “us”) collects, uses, and discloses information about you (“Personal Data”) in the course of operating our business.
Specifically, this Policy applies:
- When you visit www.deciphera.com and any other websites and applications that link to this Privacy Policy (the “Services”); and
- When you interact with us by means other than our Services (and we collect or process Personal Data as part of that interaction).
- This could include Personal Data collected in-person, by telephone, or by mail and where you are not provided a more specific privacy notice at the beginning of our relationship or, in the case of a single interaction, at the time of our interaction.
- For example, you may engage Deciphera and provide your information to us in-person when you attend a conference, contact us, or interact with us in other ways.
By accessing or using our Services, you confirm that you understand the use of your Personal Data in accordance with this Policy, which is incorporated into our Terms of Use. If you do not understand this Policy or have any questions regarding the collection, use, or disclosure of your Personal Data by Deciphera, please reach out to us by using the contact details found at the end of this Policy.
Please note, Deciphera may have other unique privacy policies that apply to certain specific situations, such as privacy notices that cover data processing activities related to your role as a participant in a clinical trial or study. To the extent those policies or notices apply and conflict with this Policy, those policies govern our interactions with you.
Information We Collect
Information You Provide
We collect the Personal Data you voluntarily provide to us when you access or use the Services or when you interact with us offline. For example, we might collect information from you when you:
- Use a feature on the Services;
- Contact us with a question, comment, or request;
- Sign up to receive information from us;
- Register with us to receive information about research trials;
- Register to attend our virtual or in-person events; or
- Submit a grant request.
The categories of personal data that we collect directly from you include the following:
- Personal Identifiers, including first name, last name, email address, phone number, or online identifiers such as device ID or cookie ID;
- Commercial Information, including financial transaction history, financial account number, user account logs, records of services provided, requested documentation, or customer service logs;
- Professional or Employment Information, including employer, job title, academic or research expertise or interests, academic position or title, or affiliated academic institution or entity;
- Educational Information, including information about education history or background; and
- Medical Information, including health care providers that you have visited, the reasons for your visit, the dates of visits, health care preferences, and medical and health information that you choose to share with us.
Information We May Generate
In addition, we may generate the following categories of personal data about you in the context of your interactions with us:
- Records of our interactions with you; and
- Internal notes, including notes about your inquiry into our programs and services.
Information We Receive from Third Parties
We may combine the information we collect from you with information that we receive about you from other sources, including:
- Public and private databases;
- Business partners and service providers; and
- Other users with whom you are connected via the Services.
For example, we receive your information, including online identifiers, from our marketing partners in order to provide various marketing, advertising, and customer support Services directly to you.
If you are a third party, such as a health care provider, hospital, medical treatment facility personnel or one of their representatives, that is a Deciphera customer or acting on behalf of a Deciphera customer and you provide patient information (for example, health or treatment information that relate to an individual) to Deciphera in any manner, including over any Deciphera Services that link to this Policy, please note that you are responsible for obtaining any consent required under applicable laws from the relevant individual before providing, uploading, or posting the information. In addition, you are responsible for complying with all applicable privacy laws.
Information We Collect From Investors
You may provide Personal Data to us when visiting the Investors page of our website, such as your name and contact information. We use this information to communicate with you and respond to your requests, to operate our website, to comply with law and for other compliance, fraud prevention, and safety purposes. We may share this information with our affiliates, service providers, and professional advisors, to comply with law, for compliance, protection and safety, and in the event of a business transfer, each as explained below.
Information We Collect Automatically
When you access and use the Services, we and our third party service providers may collect information, including usage and technical data, automatically from your device, including, for example:
- Personal Identifiers, such as device identifiers;
- Internet or other electronic network activity information, such as IP address, cookies and other device identifying technologies revealing the date and time you accessed our Services and how you interacted with our Services; and
- Geolocation Information, including precise, real-time information about the location of the devices you use to access the Services.
Sensitive Categories of Personal Data. We do not intentionally collect sensitive categories of Personal Data, such as information about your race, political views, religious views, or health conditions or other protected classifications, without obtaining your consent, where required.
Online Identification Technologies
We may use online identification technologies, such as cookies, web beacons, or pixels in connection with the Services.
Cookies are small files that are stored on your computer by your web browser. A cookie allows a website to recognize whether you have visited before and may store user preferences and other information. For example, cookies can be used to collect information about your use of the Services during your current session and over time (including the pages you view and the files you download), your computer’s operating system and browser type, your Internet service provider, your domain name and IP address, your general geographic location, the website that you visited before the Services, and the link you used to leave the Services.
It is our intention to use these technologies to make navigation of our websites easier for visitors, to facilitate efficient registration procedures (including remembering preferences), and to better deliver tailored content to visitors.
We use cookies and other tracking technologies in the following categories described in the table below.
Type of Cookie | What does it do? |
Third Party Analytics Cookies | We also may partner with certain third parties to collect, analyze, and use some of the personal and non-personal information described in this section. For example, we may allow these third parties to set cookies or use web beacons on the Site or in email communications from Deciphera. This information may be used for a variety of purposes, including online behavioral advertising, as discussed below (see the section entitled “How we share personal and non-personal information with third parties”). |
Web Beacons | The Site or the emails that you receive from Deciphera may use an application known as a “web beacon” (also known as a “clear gif” or “web bug”). A web beacon is an electronic file that usually consists of a single-pixel image. It can be embedded in a web page or in an email to transmit information, which could include personal information. For example, it allows an email sender to determine whether a user has opened a particular email. |
Third Party Online Tracking | We partner with certain third parties to collect the non-personal information discussed above and to engage in analysis, auditing, research, and reporting. These third parties may use web logs or web beacons, and they may set and access cookies on your computer or other device. The use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy. In particular, the Site uses Google Analytics to help collect and analyze certain information for the purposes discussed above. You may opt out of the use of Google Analytics cookies here. If you prefer to prevent all or some third parties from setting and accessing cookies on your computer, you may set your browser to block cookies. Our site currently does not respond to “do not track” browser headers, but you can limit tracking through these third-party programs by taking the steps described above. |
Most browsers permit individuals to decline cookies. In most cases, you may refuse or delete one or more cookies and still access our websites, but the functionality of the Services may be impaired. After you finish using the Services, you may delete site cookies from your system if you wish. If you would like more information on how to opt out of cookies, please visit: http://optout.aboutads.info or http://www.youronlinechoices.eu/.
How We Use Your Personal Data
We may use your Personal Data or other information we collect about you for the following purposes:
- Identification and authentication: We use Personal Data to verify your identity when you access and use our services and to ensure the security of your Personal Data.
- Operating the Services: We process your Personal Data to provide the services you have requested, including to deliver confirmations, account information, notifications, and similar operational communications,
- Improving our Services: We analyze information about how you use our Services to provide an improved experience for our customers of all our services, including product testing and analytics.
- Communicating with you: We may use your Personal Data when we communicate with you, in accordance with your preferences, for example to send you information about our services and other topics that are likely to be of interest to you, including newsletters, updates, or other communications, to respond to your questions or requests concerning the Services offered by Deciphera or our partner, or if we are providing information about changes to our Terms of Use.
- Informing you of research, clinical trial, and treatment opportunities: If you are healthcare provider or patient, we may use your Personal Data to identify research studies, clinical trials, treatments, and similar opportunities that may be of interest to you and, as appropriate, we may communicate with you regarding any such opportunities. Where necessary, we will obtain your consent before sending such communications. Please note, if you choose to participate in any opportunities, as patient or provider, the Personal Data collected from you as participant may be subject to additional and different privacy notices.
- Marketing: We may use your Personal Data to build a profile about you and place you into particular marketing segments in order to understand your preferences better and to appropriately personalize the marketing messages we send to you. You may opt out of marketing-related communications by following the opt-out or unsubscribe instructions contained in the marketing communications we send you, or by contacting us as provided in the “Contact Us” section below.
- Exercising our rights: We may use your Personal Data to exercise our legal rights where it is necessary to do so, for example to detect, prevent and respond to fraud claims, intellectual property infringement claims or violations of law or our Terms of Use or to investigate, prevent, or take action in situations involving threats to our property or the property or physical safety of any person or third party.
- Complying with our obligations: We may process your Personal Data to, for example, fulfill the terms of any agreement you have with us, carry out fraud prevention check, or comply with other legal or regulatory requirements, where this is explicitly required by law.
- In the context of a transaction involving our business: We may process information about you to facilitate the financing, securitization, insuring, sale, assignment, bankruptcy, or other disposal of all or part of our business or assets.
- Customizing your experience: when you use the Services, we may use your Personal Data to improve your experience of the Services, such as by providing interactive or personalized elements on the Services and providing you with content based on your interests.
We may use de-identified aggregate or anonymized information to help us analyze the use of the Services. Where permitted by law, this Policy does not limit our use or disclosure of de-identified, aggregate, or anonymous information, and we reserve the right to use and disclose such information other third parties in our discretion.
Legal Bases for Processing
We need to have a legal basis to process your Personal Data. There are different legal bases that we rely on to use Personal Data, namely:
- Performance of a Contract: The use of Personal Data may be necessary to perform the contract that you have with us or to take steps at your request prior to entering into a contract with you. For example, if you are a consumer or a user of our services, we will use your Personal Data to carry out our obligations under the contract that we have with you.
- Consent. We will rely on consent, which, in some cases where local laws allow, may be implied, to use: (i) technical information, such as cookie data, as described in this Policy; (ii) Personal Data for certain marketing purposes in accordance with your preferences; and (iii) Personal Data for certain research purposes. You may withdraw your consent at any time by contacting us at the addresses at the end of this Policy. We may obtain certain Personal Data and sensitive Personal Data about you from healthcare professionals (including hospitals, clinics, or similar healthcare providers or one of their representatives) that use our products and services or enter into other business arrangements with us, in which case they are responsible for obtaining and handling any required consents or for having another legitimate basis for processing such information.
- Legitimate interests. It is in our legitimate interests to process Personal Data in order to improve our products and services, perform administrative tasks, and, where consent is not required by applicable law, to identify and authenticate you, secure our systems and information, conduct research, and develop new products.
It is also in our legitimate interests to communicate with you. This may include:
-
- The delivery of marketing communications to users where consent is not required by applicable law; and
- Communicating with patients, including communication regarding potential research, clinical trial, and treatment opportunities.
Furthermore, it is in our legitimate interests to protect the legal rights, safety, and security of Deciphera, our affiliates, and our business partners; to respond to and resolve claims or complaints; to prevent fraud; and to manage risks associated with our business.
For more information about the balancing test that we carry out to process your Personal Data to meet our legitimate interests, please contact us using the details below.
- Public interest. In limited circumstances, including, in some cases, complaint handling, we may process your information, including sensitive Personal Data, for reasons of public interest in the area of public health. In particular, Deciphera may process your information in connection with efforts to ensure high standards of quality and safety.
- Legal obligations. We may use Personal Data to comply with legal obligations to which we are subject. For example, we may disclose Personal Data for regulatory reporting requirements or to law enforcement in accordance with legal process.
Disclosure of Personal Data
We may share your Personal Data with third parties under the following circumstances which include:
- Our affiliates: We may share Personal Data with our affiliated entities for their own research and analytics purposes or for internal reporting purposes.
- Service providers and business partners: We may share your Personal Data with our service providers and business partners that perform services for us including third-party providers for website hosting, maintenance, business operations, and identity verification. These service providers and business partners are only given access to your information to the extent necessary to process your information and/or provide the Services, and they are prohibited from using or sharing your information for any other purposes.
- Professional advisors: We may share Personal Data with professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
- Parties to a corporate transaction: In the event our assets are transferred or sold to another entity, your Personal Data may be transferred to the acquiring entity and/or to potential acquiring entities to the extent permitted by applicable law and we will seek your consent where required.
- Third parties as necessary to protect our interests and interests of others: We may disclose your Personal Data as is necessary to identify, contact, or bring legal action against a person or entity who may be violating our Terms of Use, or who may be causing harm to, or interfering with, other users of the Services.
- Law enforcement agencies, courts, or other government authorities or third parties where required by law: We may share your Personal Data with law enforcement agencies, courts, other government authorities or other third parties where we believe necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
Data Subject Rights
You may have certain rights regarding your personal data, subject to local data protection laws. These include the following rights:
- Access your Personal Data;
- Rectify the information we hold about you;
- Erase your Personal Data;
- Restrict our use of your Personal Data;
- Object to our use of your Personal Data;
- Receive your Personal Data in a usable electronic format and transmit it to a third party (right to data portability); and
- Lodge a complaint with your local data protection authority.
Please note, we do not make automated decisions about you based on your Personal Data.
If you would like to discuss or exercise these rights, please contact us at the details below. We encourage you to contact us to update or correct your information if it changes or if the Personal Data we hold about you is inaccurate. We may contact you if we need additional information from you in order to honor your requests.
Please note that we may require additional information from you in order to honor your request, and there may be circumstances where we will not be able to honor your request. For example, if you request deletion, we may need to retain certain Personal Data to comply with our legal obligations or other permitted purposes. We will only use Personal Data provided in a verifiable consumer request to verify your identity or authority to make the request. If you are submitting a request through an authorized agent, the authorized agent must provide us with your signed written permission stating that the agent is authorized to make the request on your behalf. We may also request that any authorized agents verify their identity and may reach out to you directly to confirm that you have provided the agent with your permission to submit the request on your behalf.
International Data Transfer
Any information you provide to us or that we automatically collect will be received in the United States and may be transferred to other jurisdictions. By using our Services or submitting information, you explicitly authorize its processing in the United States and subsequent transfers outside the United States.
As such, your Personal Data may be transferred to, stored and processed in various countries, including those that are not regarded as ensuring an adequate level of protection for Personal Data under European Union law or by the European Commission. We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.
For information on data collection pertaining to clinical trial site staff and investigators, please click here.
This notice does not apply to the processing of personal data of our Vendors. The relevant privacy notice for our Vendors may be found here.
Children’s Information
The Services is not intended for or directed to individuals under the age of sixteen (16). We also do knowingly collect any Personal Data from children under thirteen (13). If a parent or guardian becomes aware that his or her child has directly provided us with Personal Data, please contact us by using the contact information below.
Retention
We will retain your Personal Data as long as is necessary to fulfill the purposes for which it was collected and processed, in accordance with our retention policies, and in accordance with applicable laws and regulatory obligations or until you withdraw your consent (where applicable). When deciding how long to keep your Personal Data after our relationship with you has ended, we take into account our legal obligations, including, for example fraud prevention, dispute resolution, investigations, and enforcement our Terms of Use.
Security
Deciphera uses commercially reasonable physical, electronic, and procedural safeguards to protect Personal Data against loss or unauthorized access, use, modification, or deletion. However, we cannot guarantee the absolute security of Personal Data or other information.
Information for California Residents
We are required by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (California Civil Code § 1798.100) (“CCPA”), to provide California residents with an explanation of how we collect, use and share their Personal Data, and of the rights and choices we offer California residents regarding our handling of such Personal Data.
References to “Personal Data” throughout this Policy are equivalent to “personal information” governed by the CCPA.
Scope
This section describes our privacy practices with respect to individuals whose information is governed by the CCPA, such as our individual investors and caregivers who visit our websites, and in certain circumstances, physicians who help administer the Services.
This section does not apply to the information we collect, use or disclose about clinical trial volunteers, candidates, participants, investigators, and patients. This is because information about these individuals is governed by clinical trial regulations, California’s Confidentiality of Medical Information Act or the Health Insurance Portability and Accountability Act of 1996, rather than the CCPA.
Privacy Rights
The CCPA grants California residents the following rights.
- Information. You can request information about how we have collected, used and shared your Personal Data during the past 12 months. We describe the sources through which we collect Personal Data and the types of Personal Data collected in the “Information We Collect” section above. We describe the purposes for which we use and share this information in the “How We Use Your Personal Data” section above and the “Disclosure of Personal Data” section above.
- Access. You can request a copy of the Personal Data that we maintain about you.
- Correction. You can request the correction of Personal Data that is inaccurate or out of date.
- Deletion. You can ask to delete the Personal Data that we maintain about you.
- Opt out of sharing your Personal Data for interest-based advertising. We may share Personal Data with advertising partners that display targeted advertisements to users around the web. You can limit online tracking as explained in the “Cookies” section above or by clicking “Cookie Settings.”
Please note that the CCPA limits these rights by, for example, prohibiting businesses from providing certain sensitive information in response to an access request and limiting the circumstances in which they must comply with a deletion request.
You are entitled to exercise the rights described above free from discrimination.
Here is how you can submit requests:
- To request access to or deletion of Personal Data collected via the Services, please email us at dataprotection@deciphera.com or call us at 781-209-6400.
- As explained above, you can limit online tracking by clicking “Your Privacy Choices.”
- To verify your identity prior to responding to your requests, we may ask you to confirm information that we have on file about you or your interactions with us. Where we ask for additional Personal Data to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer.
Authorized agents. California residents can empower an “authorized agent” to submit requests on their behalf.
Changes to the Privacy Notice
We may modify or update this privacy notice from time to time. If we make any revisions that materially change the ways in which we process your Personal Data, we will notify you of these changes before applying them to that Personal Data. We may notify you by email or other reasonable means, including through notifications on the Services.
Deciphera Pharmaceuticals, LLC is the controller responsible for the Personal Data we collect and process.
To exercise your rights under applicable local law, please email us at dataprotection@deciphera.com or call us at 781.209.6400.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If you have any questions or concerns about this Policy, please contact us at dataprotection@deciphera.com.
If you are located outside of the United States, such as in the EEA, you may have the right to contact our EU Representative. If you have questions or concerns regarding the way in which your Personal Data has been used, please contact:
Pharm-Olam International
Ingolstädter Str. 20, 80807
München, Germany
0049 (0) 89 3750 899 35
Effective Date: [September 13, 2023]
The chart below provides a high-level snapshot of our privacy practices. You need to read the entire Privacy Policy for complete information.
Category | Do We Collect? | How We Collect | Primary Purposes of Processing | Key Recipients / Disclosures | Can You Limit Sharing? |
Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name | Yes | When you visit or use our Services; from third-party sites and services; when you apply for a job with us | To operate our Services; to improve our Services; to communicate with you; for marketing and advertising; to process your job application | Service providers | No |
Advertising partners (except for information of job applicants) | Yes | ||||
Characteristics of protected classifications under CA or federal law | Yes | When you apply for a job with us | To process your job application | Service providers | No |
Commercial information, including but not limited to records of personal property, products or services purchased, obtained or considered | Yes | When you visit or use our Services | To operate our Services; to improve our Services; to communicate with you; for marketing and advertising | Service providers | No |
Advertising partners | Yes | ||||
Personal information categories listed in the CA Customer Records Statute (e.g., name, contact details) | Yes | When you visit or use our Services; from third-party sites and services; when you apply for a job with us | To operate our Services; to improve our Services; to communicate with you; for marketing and advertising; to process your job application | Service providers | No |
Advertising partners (except for information of job applicants) | Yes | ||||
Biometric information | No | N/A | N/A | N/A | N/A |
Internet or other electronic network activity information, including information regarding a consumer’s interaction with a website | Yes | When you visit or use our Services | To operate our Services; to improve our Services; for marketing and advertising | Service providers | No |
Advertising partners | Yes | ||||
Geolocation data | Yes | When you visit or use our Services | To operate our Services; to improve our Services; for marketing and advertising | Service providers | No |
Advertising partners | Yes | ||||
Audio, electronic, visual, thermal, olfactory or similar information | No | N/A | N/A | N/A | N/A |
Professional or employment-related information | Yes | When you visit or use our Services; when you apply for a job with us | To operate our Services; to improve our Services; to process your job application | Service providers | No |
Education information, defined as information that is not publicly available personally identifiable information as defined in FERPA | No | N/A | N/A | N/A | N/A |
Inferences drawn from information identified to create a profile about a consumer | Yes | When you visit or use our Services | To operate our Services; to improve our Services; for marketing and advertising | Service providers | No |
Advertising partners | Yes | ||||
Sensitive personal information (as defined in CA Civil Code 1798.140 (ae)) | Yes | When you apply for a job with us | To process your job application | Service providers | No |