Privacy Policy
1. This Policy
Effective Date: January 24, 2024
This Privacy Policy (this “Policy”) is issued by Center for Breakthrough Medicines (CBM), 411 Swedeland Rd #100, King of Prussia, PA 19406, United States
Protecting your privacy is important to us, and we want you to understand how we collect and use data about you. To ensure transparency and security, this Policy provides important information about the nature and scope of personal data processed by us and the reasons we collect and process it.
We may amend or update this Policy from time to time to reflect changes in our practices with respect to the processing of personal data or changes to applicable law. We will post such amendments and updates to our websites. We encourage you to read this Policy carefully and contact us if you have questions or concerns about this Policy or the use of your personal information.
Our site may contain links to third party websites/content/services that are not owned or controlled by CBM. CBM is not responsible for how these properties operate or treat your personal data so we recommend that you read the privacy policies and terms associated with these third party properties carefully.
2. California Residents
This Policy describes how we collect, use, disclose, and retain your personal information. For additional information relating to your rights and our processing of your personal information collected both online and offline, please navigate to the Additional State Disclosures Section below.
3. About CBM
We have a mother company and sister companies within our corporate group (SK group) that may share with us your Personal Data, as defined below, depending upon, among other things, where you reside, namely:
- SK Pharmteco
- SK biotek Ireland
- SK biotek Ireland Analytical Services
- AMPAC Fine Chemicals
- AMPAC Analytical
- Yposkesi
Hereafter, “CBM Affiliates”
To obtain further information regarding the list of CBM Affiliates or to request additional information regarding your Personal Data within the SK group, please consult the Annex 1 here.
4. Personal Data
Personal data” refers to any information that may identify you directly (e.g., your name) or indirectly (e.g., through pseudonymized data such as a unique identifier).
This means that personal data includes information such as postal/email addresses, cell phone numbers, user names, profile information, financial data and information provided to us.
Personal data may also include unique numerical identifiers such as the IP address of your computer or the MAC address of your mobile device, as well as cookies.
5. What Personal Data Do We Collect From You And How Do We Use It?
We may collect personal data from you, or receive it from you, via our websites, questionnaires, applications, contracts, social networks or by any other means. In some cases, you provide us with personal data directly (e.g., when you create an account, when you contact us, or when you are in a contractual relationship with us). In other cases, we collect such data ourselves (e.g., by using cookies to understand how you use our websites/applications) or the data in question is sent to us by third parties, including other CBM Affiliates.
Information We Collect Automatically. We and our third party business partners, including analytics and advertising partners, automatically collect information when you use our site through cookies, pixel tags, clear GIFs, or similar technologies, such as your browser type and operating system, web pages you view, your interactions with content or webpages on the site, links you click, your IP address or other identifiers, the length of time you visit our site, the referring URL or webpage that led you to our site, the information, content, or advertisements you view, hover over, or click on, and the search terms you enter. Our third party business partners may use these technologies to collect information about your online activities over time and across different websites and services.
Information We Collect From Other Sources. From time to time, we may use or augment the personal data we have about you with information obtained from other sources, such as public databases, social media platforms and other third parties. For example, we may use such third party information to confirm contact or financial information, to verify licensure of healthcare professionals or to better understand your interests by associating demographic information with the information you have provided.
If you submit any personal data relating to other people to us, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.
When we collect data, we mark mandatory fields with an asterisk. Some of the data we request from you is essential for the following reasons:
- The performance of the contract we have entered into with you (e.g. in order to deliver the goods you have purchased on our website/application);
- To provide the service you have requested (e.g., to send you a newsletter);
- Compliance with legal obligations (e.g. billing).
Failure to complete the fields marked with an asterisk may affect our ability to offer you products and services.
6. Data, Purposes of processing and their legal basis
Types of data | Processing Purpose | Legal Basis for Processing |
| We will process Personal Data when on-boarding new customers or vendors. We may also process personal data to comply with legal requirements and our internal policies and procedures. |
|
| We will process Personal Data when for contractual purposes. This may, include, for example:
|
|
| We will process Personal Data when marketing our products and services. Specifically, we may communicate with you via any means (including email, telephone, mail or in-person) subject to applicable law and maintaining and updating your contact information where appropriate. |
|
| We will process Personal Data to manage our suppliers, customers, sales, finances, operations, and legal relationships. |
|
| We will process Personal Data if we or any local authority are investigating into any breach of policy, law, or contract or any criminal offense. Similarly, we may process Personal Data for the purpose of preventing such breach. |
|
| We will process Personal Data to comply with our legal and regulatory obligations under applicable law, any legal or regulatory proceeding to the extent necessary to establish, exercise, or defend a legal right, to prevent incurring a legal obligation, or to defend ourselves against a claim. We will process Personal Data to conduct risk assessments and management, audits, and other compliance functions, or to permit regulatory authorities or customers to do so to the extent required by law or by contract. |
|
| We may process Personal Data for the purpose of managing our career opportunities |
|
CBM does not knowingly collect, maintain, disclose, or otherwise process Personal Data from minors below the age of 16 without the permission of such minor’s parents or legal guardians.
For additional information regarding how we balance our legitimate interest in processing Personal Data with your privacy interest, you may contact us.
7. Disclosure of Personal Data to Third Parties
We may share your information with certain third parties, such as:
- Other entities within the SK group (CBM Affiliates), to comply with our legal and contractual obligations or for other legitimate business purposes (including providing services to you or your employer and operating our websites), in accordance with applicable law.
- Governmental, legal, regulatory, or similar authorities or ombudsmen where required, including for the purposes of reporting any actual or suspected breach of applicable law or regulation or when that disclosure is legally required;
- Our accountants, auditors, financial advisors, lawyers, and other professional advisors, subject to binding contractual or professional obligations of confidentiality
- In Connection with Business Transfers, if we sell or transfer a business unit (such as a subsidiary) or an asset (such as a website) to another company (including in connection with any bankruptcy or similar proceedings), we will disclose your personal data to such company and will require such company to use and protect your personal data consistent with this Policy.
- Third-party processors subject to binding contractual obligations of
If we engage a third-party processor to process your Personal Data, the processor will be subject to binding contractual obligations to: (i) process your Personal Data only in accordance with our written instructions; and (ii) protect the confidentiality and security of the Personal Data, together with any additional requirements under applicable law.
Finally, CBM may also disclose aggregate or de-identified data that is not personally identifiable to third parties for any purpose permitted under applicable law.
We do not provide your Personal Data to any third party for its own marketing purposes.
8. Additonal State disclosures
You may have certain rights regarding our processing of your personal data under applicable local state law, including, for example, if you are a consumer in California or Virginia.
If our processing of your personal data is governed by such laws, the following provisions apply to our processing of your personal data, whether collected online or offline. These provisions supplement the other sections of the Privacy Policy.
We do not “sell” or “share” for cross-contextual behavioral advertising (as those terms are defined under applicable local law) the categories of personal data described below. Instead, where we may use cookies for analytics purposes, for example, we do so at your instruction based on your permission to use cookies associated with this processing. We do not use or disclose sensitive personal data for purposes other than permitted under applicable local law.
As may be required under applicable local law, the chart below provides the categories of personal data that we: (1) collect and have collected in the preceding 12 months; and (2) disclose for a business purpose and have disclosed for a business purpose in the preceding 12 months:
CATEGORIES OF PERSONAL DATA WE COLLECT AND DISCLOSE | CATEGORIES OF PERSONAL DATA WE COLLECT AND DISCLOSE |
A. NAME, CONTACT INFORMATION AND IDENTIFIERS: Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, user name, social security number, tax ID, driver’s license number, passport number, or other similar identifiers. |
CBM Affiliates; Providers; professional advisors; public and government entities |
B. CUSTOMER AND OTHER RECORDS: Paper and electronic customer records containing personal data, such as name, signature, physical characteristics or description, address, telephone number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information | |
C. PROTECTED CLASSIFICATIONS: Characteristics of protected classifications under applicable state or federal law such as race, color, sex, gender, age, national origin, disability, and citizenship status. | |
D. PURCHASE HISTORY AND TENDENCIES: Commercial information, including records of products or services considered, purchased or owned. | |
E. USAGE DATA: Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement | |
F. PROFILES AND INFERENCES: Inferences drawn from any of the information identified above to create a profile about a resident reflecting the resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
We collect this personal data directly from you, automatically through your use of our site, and from other categories of sources: public databases; social media platforms; and other third parties, when they share the information with us. For example, we may use such third party information to confirm contact or financial information.
We may use this personal data to serve you; to connect you with third parties; to validate your ability to access and/or use certain products, services and information; to provide and improve products and services; to protect patients and consumers; in accordance with special program terms; to operate, manage, and maintain our business; to respond to your inquiries and fulfill your requests; to send administrative information to you; to send you certain marketing communications; to personalize certain experiences; and to facilitate social sharing or messages services when available.
We may also use your personal data for our business purposes and objectives, including, data analysis; audits; developing new products; improving existing products; identifying usage trends; determining the effectiveness of promotional campaigns; preventing fraud; and expanding our business activities.
Additionally, we may use this personal data to comply with applicable law, legal process, respond to requests from public and government authorities, and to protect our rights, operations, and enforce our terms of service.
We may retain your personal data for as long as needed or permitted in light of the purpose(s) for which it was obtained and as outlined in this Privacy Policy, depending on the length of our relationship with you, whether there is a legal obligation to which we are subject; or whether retention is advisable in light of our legal position.
9. Marketing, cookies, and tracking
CBM and its third party business partners, including analytics and advertising partners, collect information about you by using cookies, tracking pixels and other technologies (collectively, “Tools”) when you visit or interact with our Site, including where you direct us to do so through the cookie banner on the Site you are viewing. We use this information to better understand, customize and improve user experience with our websites, services and offerings as well as to manage our advertising and analytics purposes. For example, we use web analytics services that leverage these Tools to help us to understand how visitors engage with and navigate our Site, e.g., how and when pages in a site are visited and by how many visitors. We are also able to offer our visitors a more customized, relevant experience on our sites using these Tools by delivering content and functionality based on your preferences and interests. If we or our third party business partners have collected your personal data, e.g., through a registration or a request for certain materials, we may associate this personal data with information gathered through the Tools. This allows us to offer increased personalization and functionality on the Site.
You can change your settings for these Tools, including opting out of their use for advertising, by visiting the preference center in the cookie banner of the Site you are viewing. If you have already closed the cookie banner, you may need to select the cookie icon on the site or click the “cookie preferences” link in the footer to access the preference center.
Your web browser can also be set to allow you to control whether you will accept cookies, reject cookies, or to notify you each time a cookie is sent to your browser. If your browser is set to reject cookies, websites that are cookie-enabled will not recognize you when you return to the website, and some website functionality may be lost. The Help section of your browser may tell you how to prevent your browser from accepting cookies. To find out more about cookies, visit www.aboutcookies.org.
Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language and Internet browser type and version. We use this information to ensure that the services function properly.
Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Site, along with the time of the visit and the pages visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Site. We may also derive your approximate location from your IP address.
On certain of our websites, we use Google Analytics, to help us understand how users engage with this and other of our websites. Google Analytics may track your activity on our sites (i.e., the pages you have seen and the links you have clicked on) and helps us measure how you interact with the content that we provide. This information is used to compile reports and to help us improve the sites. The reports we receive disclose website trends without identifying individual visitors. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and exercise the opt-out provided by Google by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout or as described in our Notice on Cookies.
We may use Flash Local Shared Objects (“Flash LSOs”) and other technologies to, among other things, collect and store information about your use of the Site. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also control Flash LSOs by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash LSOs (referred to as “information” on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including those used in connection with the Site.
To the extent permitted by applicable law, including in accordance with your consent where required by applicable law, we may engage in the following activities, we may use your contact details to contact you to determine whether you would like to initiate a business relationship with us or to send you marketing emails. If you no longer wish to receive such marketing emails, you can always opt out by declining to receive such emails in our subsequent communications by following opt-out instructions included in the email or at other information collection points on the Online Services. In any case, please note that if applicable law does not require your consent prior to receiving marketing communications, you will always be able to opt out.
For more information, please see our Cookie Policy.
10. International Transfer of Personal Data
Please be aware that Personal Data we collect and process may be transferred and maintained outside your state, province, country, or other jurisdiction where the privacy laws may not be as protective as those in your location, including the United States. SK group has put in place lawful transfer mechanisms and adequate safeguards, in accordance with applicable legal requirements, to protect your Personal Data
In particular, if this involves transferring your Personal Data from inside to outside the European Economic Area (the “EEA”), we will take steps to ensure your information remains adequately protected in accordance with this Policy and applicable law.
If we make such a transfer of your Personal Data, we will take steps to ensure that the privacy of your Personal Data is respected, by ensuring that one of the following safeguards is put in place:
- Our intercompany data transfer agreement for transfers between entities in the SK group;
- Appropriate contractual clauses; or
- Other valid transfer mechanisms, EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
11. Security
Consistent with applicable laws and requirements, SK group has put in place physical, technical, and administrative safeguards to protect Personal Data from loss, misuse, alteration, theft, unauthorized access, and unauthorized disclosure consistent with legal obligations and industry practices.
12. Data Retention
We generally retain Personal Data for as long as needed for the specific business purpose or purposes for which it was collected. In some cases, we may be required to retain Personal Data for a longer period of time by law or for other necessary business purposes.
To establish how long we keep your data, we apply the following criteria:
- If you purchase products and services, we retain your personal data for the duration of our contractual relationship;
- If you contact us with a request, we keep your personal data for as long as is necessary to process your request;
- If you have consented to receive commercial prospecting messages and advertising tailored to your interests while browsing third-party sites, we retain your personal data until you unsubscribe and/or withdraw your consent, or until you ask us to delete it, or after a period of inactivity (no active interaction with the brands) of three years;
- If cookies are placed on your computer, we retain your data only for the time necessary to achieve their purpose (e.g., for the duration of a session for shopping cart cookies or session identification cookies) and for any period defined in accordance with local regulations and instructions.
We may retain certain personal data in order to fulfil our legal or regulatory obligations, and to enable us to exercise our rights (e.g. to bring an action before any court) or for statistical or historical purposes.
When we no longer need to use your personal data, we delete it from our systems and files or anonymize it so that it can no longer be used to identify you.
Whenever possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the specified retention period.
13. Your Rights Regarding Your Personal Data
All persons with whom we interact may request additional information about how we process Personal Data by contacting us.
You have certain choices regarding our use and disclosure of your Personal Data, as described below.
For Residents of the EEA (European Economic Area):
If you live in the EEA, you have certain rights under the GDPR* regarding the processing of your Personal Data.
*GDPR: the European General Data Protection Regulation
Should you wish to exercise those rights, please contact us at the email addresses listed in Annex 1 here. If you wish to find out more about these rights, please contact us or your applicable Data Protection Authority.
You have the right to:
- The right to be informed about how we process your Personal Data.
- The right to access copies of your Personal Data that we process or control, together with information regarding the nature, processing, and disclosure of that Personal Data;
- The right to request rectification of any inaccuracy in your Personal Data that we processor control;
- The right to request, on legitimate grounds:
- erasure of your Personal Data that we process or control (“the right to be forgotten”); or
- restriction of processing of your Personal Data that we process or control;
- The right to object to processing;
- The right to data portability, which means the right to have your Personal Data provided to you in an accessible format that allows it to be transferred to and used by another Controller;
- Where we process your Personal Data on the basis of your consent, you have the right to withdraw that consent, although such withdrawal will not make any processing we carried out while we had your consent unlawful; and
- The right to lodge complaints with your applicable data protection authority regarding the processing of your Personal Data by
Your California Privacy Rights
Subject to certain exceptions and depending on where you live, you may have the right to make the following requests, at no charge:
Copy: You may request, up to twice every 12 months, a copy of the specific pieces of personal data that we have collected, used or disclosed about you in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows you to transmit this information to another entity without hindrance.
Correct: You may request correction of your personal data that we have collected about you if it is inaccurate or incomplete.
Delete: You may request deletion of your personal data that we have collected about you.
Know: You may request that we provide you certain information about how we have handled your personal data, including the:
- categories of personal data collected;
- categories of sources of personal data;
- business and/or commercial purposes for collecting your personal data;
- categories of third parties/with whom we have disclosed or shared your personal data; and
- categories of personal data that we have disclosed or shared with a third party for a business purpose.
You have the right to be free from unlawful discrimination for exercising your rights under applicable state law.
You may submit requests to delete, correct, access a copy and/or know personal data we have collected about you. You may have a right to appeal a decision we make relating to requests to exercise your rights under applicable local law.
Please contact us according to the Contact details Section below, if you have any questions regarding this Section.
14. Children’s privacy
The Site is not directed to individuals under the age of thirteen (13), and we do not knowingly collect personal data from children under the age of 13.
15. Contact details
If you have questions, suggestions or concerns about this Policy, or about the use of your information, please contact us at the email addresses listed in Annex 1 here.
16. Updates to our Policy
From time to time, we may update this Policy. Any changes will be effective when we post the revised Privacy Policy. This Policy was last updated as of the effective date listed above. If the Policy changes in a way that significantly affects how we handle personal data, we will not use the personal data we previously gathered in the manner described in the new policy without providing notice and/or obtaining your consent, as appropriate.
Minor changes to the policy may occur that will not significantly affect our use of personal data without notice or consent.
We encourage you to periodically review this page for the latest information on our privacy practices.