kaleo, Inc. Privacy Notice
Effective Date: January 1, 2020
Last Revised: November 16, 2020
kaleo, Inc. (“Company,” “we,” or “us”) respects your concerns about privacy. This Privacy Notice describes the types of personal information we collect on websites, mobile sites, mobile applications, and other digital services and products that are owned or controlled by us and that link to this Privacy Notice (collectively, our “Sites”), how we may use the information, and with whom we may share it. This Privacy Notice does not apply to any website, mobile app or other service or product operated by us that has a separate privacy notice or to any linked website that is not owned by us. The Privacy Notice also describes the measures we take to safeguard personal information and how users can contact us about our privacy practices.
Click on one of the links below to jump to the listed section:
- Information We Collect or Obtain
- How We Use Personal Information
- More About Cookies
- How We Share Personal Information
- How to Submit A Request Regarding Your Personal Information
- How We Protect Personal Information
- Links to Other Websites
- Children’s Personal Information
- Updates to This Privacy Notice
- Contact Us
We obtain certain personal information through our Sites or offline. “Personal information” is information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or device. We collect or obtain the following categories of personal information about you. Please see How We Use Personal Information for more information about why we collect the categories of information below.
CategoryExamples of Information We CollectIdentifiers.We collect names, addresses, phone numbers, email addresses, and account names (collectively, “Contact Information”) of patients, caregivers, health care professionals (“HCPs”) and others when you communicate with us or to provide our products and services. We collect identifiers about HCPs, such as license number and NPI number, for regulatory compliance purposes. From our shareholders, we collect the information required for regulatory compliance and communications, such as name, address, Social Security number, and email address. From our HCP shareholders, we also collect the physician type (e.g., MD, DO), specialty, and license and NPI numbers. We may automatically collect your Internet Protocol address when you visit our Sites to improve our products, services and communications (see More About Cookies below).
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
We do not collect:
- Biometric information.
- Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
The “personal information” categories disclosed in this Privacy Notice do not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information. We may use or disclose to any party de-identified or aggregated information (that is no longer personally identifiable) for any purpose. For example, we may share this aggregated data with our affiliates, agents, advertisers, manufacturers and business partners. We may also disclose aggregated user statistics in order to describe our services to current and prospective business partners and to other third parties for other lawful purposes.
- Information covered by sector-specific privacy laws, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA); the Fair Credit Reporting Act (FCRA); the Gramm-Leach-Bliley Act (GLBA); the California Financial Information Privacy Act (FIPA); or the Driver’s Privacy Protection Act of 1994.
- Information about our contractors, employees, or candidates for employment. If you are a job applicant or a Company employee or contractor, please see the Company’s Privacy Notice for Applicants, Employees, and Contractors for more information.
Sources of Personal Information
We may obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete or products and services you purchase.
- Indirectly from you. For example, from observing your actions on our Sites using cookies.
- From third-party service providers. For example, we obtain demographic data from a third-party service provider to use for marketing analytics.
- From health care providers. We may obtain some personal information, if a healthcare provider makes a report to us about one of our products, in compliance with applicable laws.
We use personal information for one or more of the following business purposes:
- To fulfill the reason you provided the information. For example, if you share your name and Contact Information to ask a question about our products or services, we will use your personal information to respond to your inquiry.
- To offer, provide, support, personalize, improve, and develop our Sites, products, and services.
- To create, maintain, customize, and secure your account with us.
- To enroll you in and provide you with customized services and support, including to monitor, investigate, and respond to your inquiries and concerns.
- To assess and improve the impact of our products, services and responses to your inquiries.
- For testing, research, analysis, and product development, including to develop and improve our Sites, products, and services, and for use in clinical publications regarding the impact of our interventions and services.
- To personalize your experience on the Sites and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Site, third-party sites, and via email or text message (with your consent, where required by law).
- To conduct our business or to help maintain the safety, security, and integrity of our Sites, products and services, databases and other technology assets, and business.
- To perform data analyses and other processing (including scientific, market and consumer research, trend analysis, financial analysis, anonymization, encryption or tokenization of personal information).
- To protect against, identify, and prevent fraud and other criminal activity, or to defend against or enforce legal claims and other liabilities.
- To evaluate, enforce, defend, or fulfill our own or others’ legal rights or obligations, including submission of filings and disclosure of information to government entities.
- To respond to law enforcement requests; as required by applicable law, court order, or governmental regulations; or to monitor our compliance with those obligations.
- Comply with our obligations to shareholders, such as the payment of dividends.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, acquisition, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred or otherwise impacted by or relevant to the transaction or proceeding.
- As described to you when collecting your personal information.
When you use our Sites or open our emails, we may obtain certain information by automated means, such as through browser cookies, web beacons, device identifiers, server logs, and other technologies. A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server.
We may use these automated technologies to collect information about your devices, browsing actions, and usage patterns. The information we obtain in this manner may include your device IP address, domain name, identifiers associated with your devices, device and operating system type and characteristics, web browser characteristics, language preferences, clickstream data, your interactions with our Sites (such as the web pages you visit, links you click and features you use), the pages that led or referred you to our Sites, dates and times of access to our Sites, and other information about your use of our Sites.
We may use third party web analytics services on our Sites, such as those of Google Analytics. These services help us analyze how users use our Sites. The information collected for this purpose (including IP address and other information collected by automated means) will be disclosed to or collected directly by these service providers. To learn more about Google Analytics and how to opt out, please visit https://policies.google.com/privacy/partners.
You can manage cookies through your web browser. Most web browsers will tell you how to stop accepting new browser cookies, how to be notified when you receive a new browser cookie and how to disable existing cookies. You can find out how to do this for your particular browser by visiting www.allaboutcookies.org. In addition, your mobile device settings may allow you to restrict your device from sharing certain information obtained by automated means with mobile app developers and operators such as us. Please note, however, that without cookies and similar technologies we use, you may not be able to take full advantage of the features of our Sites. For more information on deleting or controlling cookies, visit www.aboutcookies.org.
Our Sites do not respond to “Do Not Track” signals or similar mechanisms or signals received from browsers as no standard mechanism has yet emerged and become universally accepted.
We do not sell or otherwise share personal information about you, except as described in this Privacy Notice.
We share your personal information with the following categories of third parties:
- Service providers. We share your personal information with third parties that provide services for us. These third parties are not authorized by us to use or disclose the information except as necessary to perform services for us or to comply with legal requirements.
- Government entities. We disclose information about you (i) if we are required to do so by law, regulation or legal process (such as a court order or subpoena), (ii) in response to requests by government agencies, such as law enforcement authorities, (iii) for the purpose of or in connection with legal proceedings, or otherwise for the purpose of establishing, exercising or defending our legal rights, or (iv) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
- Other pharmaceutical companies. If you tell us about a problem with another company’s product (known as an adverse event report), we will forward your report to the proper company if we conclude that your report went to us by mistake and are able to identify the company that should receive the report.
- Per your request. We may share information at your direction and request.
We may transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution, liquidation or other corporate restructuring).
We do not disclose personal information of our users to third parties for their direct marketing purposes.
Sales of Personal Information
In the preceding twelve (12) months, we have not sold personal information. Our policy is that we do not and will not sell your personal information, unless you give us your consent or direct us to do so.
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, we have disclosed the following categories of personal information for the business purposes described above (in How We Use Personal Information):
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
- Protected classification characteristics under California or federal law.
- Commercial information.
- Internet or other similar network activity.
- Geolocation data.
- Professional or employment-related information.
- Sensory data.
- Profiles or inferences drawn from other personal information.
We strive to keep your personal information accurate. To protect your privacy and security, we also will take reasonable steps to verify your identity before granting you access or enabling you to make updates or corrections.
If you are a California resident, you have the right to request that we delete certain personal information or disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. If you are not a California resident, we will make reasonable efforts to consider your request to access your information, delete your information, or correct your information. We do not discriminate against consumers for exercising any of the privacy rights discussed in this Privacy Notice.
If you are a California resident, once we receive and confirm your verifiable consumer request for access to personal information collected about you, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources of the personal information we collected about you.
- Our business or commercial purpose for collecting that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also known as a “data portability” request).
- If we disclosed your personal information for a business purpose, we will provide you with a list of the personal information categories disclosed.
If you are a California resident, you have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct any service providers with whom we have shared your personal information to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request, if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products or services to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise his or her free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Submit a Request
To make a request to access or delete personal information, please submit a verifiable consumer request to us by emailing PrivacyPolicy@kaleo.com or by calling 855-550-0007.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You also may make a verifiable consumer request on behalf of your minor child.
You may make a verifiable consumer request for access or data portability only twice within a 12-month period. When you make a verifiable consumer request, you must:
- Provide your name, phone number, and email address, so that we can contact you to verify your request;
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information, or an authorized representative of that person; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We will not be able to respond to your request or provide you with personal information, if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
We maintain reasonable administrative, technical and physical safeguards designed to protect personal information against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure.
Our Sites may contain links to other websites for your convenience and information. Linked websites may have their own privacy policies or notices, which we strongly suggest you review if you visit any linked websites. To the extent any linked websites are not owned or controlled by us, we are not responsible for their content, any use of the websites, or the privacy practices of the websites.
The Sites are designed for a general audience and are not directed to children under the age of 13. We do not knowingly collect or solicit personal information from children under the age of 13 through our Sites. If we become aware that we have collected personal information from a child under the age of 13, we will promptly delete the information from our records. If you believe that a child under the age of 13 may have provided us with personal information, please contact us as specified in the Contact Us section of this Privacy Notice.
This Privacy Notice may be updated periodically and without prior notice to you to reflect changes in our personal information practices. We will notify you before materially changing the way we use your personal information. If this Privacy Notice is revised, we will update the date at the top of this Privacy Notice and post (or provide a link to) the updated version on our Sites.
If you have any questions or concerns about this Privacy Notice or about our privacy practices, or if you would like us to update information we have about you or your preferences, please contact us by e-mail at PrivacyPolicy@kaleo.com.