Specifically, this Policy applies:
- When you interact with us by means other than our Services (and we collect or process Personal Data as part of that interaction).
- This could include Personal Data collected in-person, by telephone, or by mail and where you are not provided a more specific privacy notice at the beginning of our relationship or, in the case of a single interaction, at the time of our interaction.
- For example, you may engage Deciphera and provide your information to us in-person when you attend a conference, contact us, or interact with us in other ways.
Please note, Deciphera may have other unique privacy policies that apply to certain specific situations, such as privacy notices that cover data processing activities related to your role as a participant in a clinical trial or study. To the extent those policies or notices apply and conflict with this Policy, those policies govern our interactions with you.
Information We Collect
Information You Provide
We collect the Personal Data you voluntarily provide to us when you access or use the Services or when you interact with us offline. For example, we might collect information from you when you:
- Use a feature on the Services;
- Contact us with a question, comment, or request;
- Sign up to receive information from us;
- Register with us to receive information about research trials;
- Register to attend our virtual or in-person events; or
- Submit a grant request.
The categories of personal data that we collect directly from you include the following:
- Personal Identifiers, including first name, last name, email address, phone number, or online identifiers such as device ID or cookie ID;
- Commercial Information, including financial transaction history, financial account number, user account logs, records of services provided, requested documentation, or customer service logs;
- Professional or Employment Information, including employer, job title, academic or research expertise or interests, academic position or title, or affiliated academic institution or entity;
- Educational Information, including information about education history or background; and
- Medical Information, including health care providers that you have visited, the reasons for your visit, the dates of visits, health care preferences, and medical and health information that you choose to share with us.
Information We May Generate
In addition, we may generate the following categories of personal data about you in the context of your interactions with us:
- Records of our interactions with you; and
- Internal notes, including notes about your inquiry into our programs and services.
Information We Receive from Third Parties
We may combine the information we collect from you with information that we receive about you from other sources, including:
- Public and private databases;
- Business partners and service providers; and
- Other users with whom you are connected via the Services.
For example, we receive your information, including online identifiers, from our marketing partners in order to provide various marketing, advertising, and customer support Services directly to you.
If you are a third party, such as a health care provider, hospital, medical treatment facility personnel or one of their representatives, that is a Deciphera customer or acting on behalf of a Deciphera customer and you provide patient information (for example, health or treatment information that relate to an individual) to Deciphera in any manner, including over any Deciphera Services that link to this Policy, please note that you are responsible for obtaining any consent required under applicable laws from the relevant individual before providing, uploading, or posting the information. In addition, you are responsible for complying with all applicable privacy laws.
Information We Collect Automatically
When you access and use the Services, we and our third party service providers may collect information, including usage and technical data, automatically from your device, including, for example:
- Personal Identifiers, such as device identifiers;
- Internet or other electronic network activity information, such as IP address, cookies and other device identifying technologies revealing the date and time you accessed our Services and how you interacted with our Services; and
- Geolocation Information, including precise, real-time information about the location of the devices you use to access the Services.
Sensitive Categories of Personal Data. We do not intentionally collect sensitive categories of Personal Data, such as information about your race, political views, religious views, or health conditions or other protected classifications, without obtaining your consent, where required.
Online Identification Technologies
We may use online identification technologies, such as cookies, web beacons, or pixels in connection with the Services.
Cookies are small files that are stored on your computer by your web browser. A cookie allows a website to recognize whether you have visited before and may store user preferences and other information. For example, cookies can be used to collect information about your use of the Services during your current session and over time (including the pages you view and the files you download), your computer’s operating system and browser type, your Internet service provider, your domain name and IP address, your general geographic location, the website that you visited before the Services, and the link you used to leave the Services.
It is our intention to use these technologies to make navigation of our websites easier for visitors, to facilitate efficient registration procedures (including remembering preferences), and to better deliver tailored content to visitors.
Type of Cookie
What does it do?
Third Party Analytics Cookies
We also may partner with certain third parties to collect, analyze, and use some of the personal and non-personal information described in this section. For example, we may allow these third parties to set cookies or use web beacons on the Site or in email communications from Deciphera. This information may be used for a variety of purposes, including online behavioral advertising, as discussed below (see the section entitled “How we share personal and non-personal information with third parties”).
The Site or the emails that you receive from Deciphera may use an application known as a “web beacon” (also known as a “clear gif” or “web bug”). A web beacon is an electronic file that usually consists of a single-pixel image. It can be embedded in a web page or in an email to transmit information, which could include personal information. For example, it allows an email sender to determine whether a user has opened a particular email.
Third Party Online Tracking
We partner with certain third parties to collect the non-personal information discussed above and to engage in analysis, auditing, research, and reporting. These third parties may use web logs or web beacons, and they may set and access cookies on your computer or other device. The use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy.
In particular, the Site uses Google Analytics to help collect and analyze certain information for the purposes discussed above. You may opt out of the use of Google Analytics cookies here.
If you prefer to prevent all or some third parties from setting and accessing cookies on your computer, you may set your browser to block cookies. Our site currently does not respond to “do not track” browser headers, but you can limit tracking through these third-party programs by taking the steps described above.
Most browsers permit individuals to decline cookies. In most cases, you may refuse or delete one or more cookies and still access our websites, but the functionality of the Services may be impaired. After you finish using the Services, you may delete site cookies from your system if you wish. If you would like more information on how to opt out of cookies, please visit: http://optout.aboutads.info or http://www.youronlinechoices.eu/.
How We Use Your Personal Data
We may use your Personal Data or other information we collect about you for the following purposes:
- Identification and authentication: We use Personal Data to verify your identity when you access and use our services and to ensure the security of your Personal Data.
- Operating the Services: We process your Personal Data to provide the services you have requested, including to deliver confirmations, account information, notifications, and similar operational communications,
- Improving our Services: We analyze information about how you use our Services to provide an improved experience for our customers of all our services, including product testing and analytics.
- Informing you of research, clinical trial, and treatment opportunities: If you are healthcare provider or patient, we may use your Personal Data to identify research studies, clinical trials, treatments, and similar opportunities that may be of interest to you and, as appropriate, we may communicate with you regarding any such opportunities. Where necessary, we will obtain your consent before sending such communications. Please note, if you choose to participate in any opportunities, as patient or provider, the Personal Data collected from you as participant may be subject to additional and different privacy notices.
- Marketing: We may use your Personal Data to build a profile about you and place you into particular marketing segments in order to understand your preferences better and to appropriately personalize the marketing messages we send to you.
Complying with our obligations: We may process your Personal Data to, for example, fulfill the terms of any agreement you have with us, carry out fraud prevention check, or comply with other legal or regulatory requirements, where this is explicitly required by law.
- In the context of a transaction involving our business: We may process information about you to facilitate the financing, securitization, insuring, sale, assignment, bankruptcy, or other disposal of all or part of our business or assets.
- Customizing your experience: when you use the Services, we may use your Personal Data to improve your experience of the Services, such as by providing interactive or personalized elements on the Services and providing you with content based on your interests.
We may use de-identified aggregate or anonymized information to help us analyze the use of the Services. Where permitted by law, this Policy does not limit our use or disclosure of de-identified, aggregate, or anonymous information, and we reserve the right to use and disclose such information other third parties in our discretion.
Legal Bases for Processing
We need to have a legal basis to process your Personal Data. There are different legal bases that we rely on to use Personal Data, namely:
- Performance of a Contract: The use of Personal Data may be necessary to perform the contract that you have with us or to take steps at your request prior to entering into a contract with you. For example, if you are a consumer or a user of our services, we will use your Personal Data to carry out our obligations under the contract that we have with you.
- Consent. We will rely on consent, which, in some cases where local laws allow, may be implied, to use: (i) technical information, such as cookie data, as described in this Policy; (ii) Personal Data for certain marketing purposes in accordance with your preferences; and (iii) Personal Data for certain research purposes. You may withdraw your consent at any time by contacting us at the addresses at the end of this Policy. We may obtain certain Personal Data and sensitive Personal Data about you from healthcare professionals (including hospitals, clinics, or similar healthcare providers or one of their representatives) that use our products and services or enter into other business arrangements with us, in which case they are responsible for obtaining and handling any required consents or for having another legitimate basis for processing such information.
- Legitimate interests. It is in our legitimate interests to process Personal Data in order to improve our products and services, perform administrative tasks, and, where consent is not required by applicable law, to identify and authenticate you, secure our systems and information, conduct research, and develop new products.
It is also in our legitimate interests to communicate with you. This may include:
- The delivery of marketing communications to users where consent is not required by applicable law; and
- Communicating with patients, including communication regarding potential research, clinical trial, and treatment opportunities.
Furthermore, it is in our legitimate interests to protect the legal rights, safety, and security of Deciphera, our affiliates, and our business partners; to respond to and resolve claims or complaints; to prevent fraud; and to manage risks associated with our business.
For more information about the balancing test that we carry out to process your Personal Data to meet our legitimate interests, please contact us using the details below.
- Public interest. In limited circumstances, including, in some cases, complaint handling, we may process your information, including sensitive Personal Data, for reasons of public interest in the area of public health. In particular, Deciphera may process your information in connection with efforts to ensure high standards of quality and safety.
- Legal obligations. We may use Personal Data to comply with legal obligations to which we are subject. For example, we may disclose Personal Data for regulatory reporting requirements or to law enforcement in accordance with legal process.
Disclosure of Personal Data
We may share your Personal Data with third parties under the following circumstances which include:
- Our affiliates: We may share Personal Data with our affiliated entities for their own research and analytics purposes or for internal reporting purposes.
- Service providers and business partners: We may share your Personal Data with our service providers and business partners that perform services for us including third-party providers for website hosting, maintenance, business operations, and identity verification. These service providers and business partners are only given access to your information to the extent necessary to process your information and/or provide the Services, and they are prohibited from using or sharing your information for any other purposes.
- Parties to a corporate transaction: In the event our assets are transferred or sold to another entity, your Personal Data may be transferred to the acquiring entity and/or to potential acquiring entities to the extent permitted by applicable law and we will seek your consent where required.
- Law enforcement agencies, courts, or other government authorities or third parties where required by law: We may share your Personal Data with law enforcement agencies, courts, other government authorities or other third parties where we believe necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
Data Subject Rights
You may have certain rights regarding your personal data, subject to local data protection laws. These include the following rights:
- Access your Personal Data;
- Rectify the information we hold about you;
- Erase your Personal Data;
- Restrict our use of your Personal Data;
- Object to our use of your Personal Data;
- Receive your Personal Data in a usable electronic format and transmit it to a third party (right to data portability); and
- Lodge a complaint with your local data protection authority.
Please note, we do not make automated decisions about you based on your Personal Data.
If you would like to discuss or exercise these rights, please contact us at the details below. We encourage you to contact us to update or correct your information if it changes or if the Personal Data we hold about you is inaccurate. We may contact you if we need additional information from you in order to honor your requests.
Please note that we may require additional information from you in order to honor your request, and there may be circumstances where we will not be able to honor your request. For example, if you request deletion, we may need to retain certain Personal Data to comply with our legal obligations or other permitted purposes. We will only use Personal Data provided in a verifiable consumer request to verify your identity or authority to make the request. If you are submitting a request through an authorized agent, the authorized agent must provide us with your signed written permission stating that the agent is authorized to make the request on your behalf. We may also request that any authorized agents verify their identity and may reach out to you directly to confirm that you have provided the agent with your permission to submit the request on your behalf.
International Data Transfer
Any information you provide to us or that we automatically collect will be received in the United States and may be transferred to other jurisdictions. By using our Services or submitting information, you explicitly authorize its processing in the United States and subsequent transfers outside the United States.
As such, your Personal Data may be transferred to, stored and processed in various countries, including those that are not regarded as ensuring an adequate level of protection for Personal Data under European Union law or by the European Commission. We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.
For information on data collection pertaining to clinical trial site staff and investigators, please click here.
This notice does not apply to the processing of personal data of our Vendors. The relevant privacy notice for our Vendors may be found here.
The Services is not intended for or directed to individuals under the age of sixteen (16). We also do knowingly collect any Personal Data from children under thirteen (13). If a parent or guardian becomes aware that his or her child has directly provided us with Personal Data, please contact us by using the contact information below.
Deciphera uses commercially reasonable physical, electronic, and procedural safeguards to protect Personal Data against loss or unauthorized access, use, modification, or deletion. However, we cannot guarantee the absolute security of Personal Data or other information.
Information for California Residents
We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide California residents with an explanation of how we collect, use and share their Personal Data, and of the rights and choices we offer California residents regarding our handling of such Personal Data.
References to “Personal Data” in this section are equivalent to “personal information” governed by the CCPA.
This section describes our privacy practices with respect to individuals whose information is governed by the CCPA, such as our individual investors and caregivers who visit our websites.
This section does not apply to the information we collect, use or disclose about clinical trial volunteers, candidates, participants and investigators, patients, health care providers, and other individuals who represent businesses that provide services to us or to which we provide our products or services. This is because information about these individuals is governed by clinical trial regulations, California’s Confidentiality of Medical Information Act or the Health Insurance Portability and Accountability Act of 1996, or is subject to the CCPA’s exemption on business contact information.
The CCPA grants California residents the following rights.
- Information. You can request information about how we have collected, used and shared your personal information during the past 12 months. We describe the sources through which we collect personal information and the types of personal information collected in the “Information We Collect” section above. We describe the purposes for which we use and share this information in the “How We Use Your Personal Data” section above and the “Disclosure of Personal Data” section above.
- Access. You can request a copy of the Personal Data that we maintain about you.
- Deletion. You can ask to delete the Personal Data that we maintain about you.
- Opt out of sale of your Personal Data. We do not sell personal information. We offer instructions on how to limit online tracking in the “Online tracking opt-out” section above.
Please note that the CCPA limits these rights by, for example, prohibiting businesses from providing certain sensitive information in response to an access request and limiting the circumstances in which they must comply with a deletion request.
You are entitled to exercise the rights described above free from discrimination.
Here is how you can submit requests:
- To request access to or deletion of Personal Data collected via the Services, please email us at firstname.lastname@example.org or call us at 781-209-6400.
- To learn how to limit tracking, please see the “Online tracking opt-out” section.
- To verify your identity prior to responding to your requests, we may ask you to confirm information that we have on file about you or your interactions with us. Where we ask for additional Personal Data to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer.
Authorized agents. California residents can empower an “authorized agent” to submit requests on their behalf.
Changes to the Privacy Notice
We may modify or update this privacy notice from time to time. If we make any revisions that materially change the ways in which we process your Personal Data, we will notify you of these changes before applying them to that Personal Data. We may notify you by email or other reasonable means, including through notifications on the Services.
Deciphera Pharmaceuticals, LLC is the controller responsible for the Personal Data we collect and process.
To exercise your rights under applicable local law, please email us at email@example.com or call us at 781.209.6400.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If you have any questions or concerns about this Policy, please contact us at firstname.lastname@example.org.
If you are located outside of the United States, such as in the EEA, you may have the right to contact our EU Representative. If you have questions or concerns regarding the way in which your Personal Data has been used, please contact:
Ingolstädter Str. 20, 80807
0049 (0) 89 3750 899 35
Effective Date: May 14, 2021