Last Updated December 2021
Almirall, LLC (“Almirall,” “we,” or “us”), a company belonging to Almirall Group, respects your privacy and recognizes the need for appropriate protection and management information you may share with us. The purpose of this Privacy Statement (“Statement”) is to inform you how we may use information collected from you and the choices you have regarding our use of, and your ability to review and correct, the information collected. Because we may revise our privacy policies from time to time, you should periodically visit this page to review this Statement.
Please note that some of the information you provide to us may be considered Protected Health Information (“PHI”) protected under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and falls outside the scope of other applicable privacy laws, including the California Consumer Privacy Act (“CCPA”). In instances where we are handling your PHI (and therefore subject to HIPAA requirements) we will comply with the requirements of HIPAA applicable to your data, including when we processing safety information or conducting safety assessments or required safety reporting.
I. How We Collect Information
In general, you can visit many of our Sites without telling us who you are or revealing any of your information. We may track the Internet domain address from which people visit our Sites and analyze this data for trends and statistics, but individual users will remain anonymous, unless you voluntarily tell us who you are. The ways that we collect information from you are discussed further below. We may also collect your information through in person meetings or phone calls with our representatives.
Information You Voluntarily Provide:
There may be times when we ask you to provide certain information about yourself through different forms available in the Site or when communicating with one of representatives, such as Identifiers like your name, address, telephone number, and e-mail address, (“Personal Information”), such as when you report an adverse event, ask for information on our products, subscribe to our email alerts, ask for information regarding media or investors relations, give us feedback, express interest in our events or otherwise communicate with us.
Whether or not to provide such Personal Information is completely your own choice; we collect only the Personal Information that you provide to us. In some instances, you may also provide us with certain Commercial Information, such as credit card or payment information, such as when you sign up for the Almirall Advantage patient co pay card. In other instances, you may provide us with PHI or other medical data, such as when you participate in studies involving our products. We handle all such PHI and medical data in accordance with the standards set forth by HIPAA.
Information We Collect From Your Interaction With The Sites:
As you navigate around the Sites, certain information can be passively collected (that is, gathered without your actively providing the information), using various technologies. We and our third-party service providers passively collect information in a variety of ways, including the following:
Through your browser
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: browser type and browser version, operating system used, deferrer URL, host name of the accessing computer, time of the server request and IP address.
We use third party cookies provided by Google Analytics to assist us in better understanding our website visitors. These cookies collect IP address and usage data, such as the length of time a user spends on a page, the pages a user visits, and the websites a user visits before and after visiting our website. Based on this information, Google Analytics compiles Aggregate Data about website traffic and interactions, which we use to offer better user experiences and tools in the future. For more information on Google Analytics, visit https://support.google.com/analytics.
These data are not combined with other data sources.
II. How We Use the Information We Collect
We use the information we automatically receive from your Web browser to see which pages you visit within the Sites for various business purposes, including:
- Providing you with information we believe you may find of interest by emailing or mailing you, if you decide to subscribe to our emails alerts;
- Recognizing your computer or device, which makes your use of the Sites easier and makes the Sites display properly on your device;
- Gathering statistical information about your usage of the Sites in order to continually improve design and functionality, understand how individuals use the Sites;
- Resolving questions regarding the Sites; and Communicating with our investors and shareholders.
In some instances, you may provide us with additional Personal Information, including PHI or medical data, such as when you ask questions about our products, participate in a clinical trial, or use our products for medical treatment. In those instances, we will use your PHI for the following purposes, and adhere to the standards set forth by HIPAA:
- Responding to your medical questions regarding our products;
- Conducting clinical trials;
- Conducting safety assessments and required safety reporting.
The information you provide during communications with our representatives may be used by us and our event partners to communicate with you about our upcoming events and/or other events we think may be of interest to you.
The information we collect will be limited to that information necessary to conduct follow up and maintain in compliance of our safety reporting obligations.
III. How We Share Your Information
We will not sell, share, or otherwise distribute your Personal Information except as provided herein.
We may occasionally transfer your Personal Information to third parties who act on our behalf, or in connection with our business, for further processing in accordance with the purposes for which the data was originally collected. Where disclosure of Personal Information to a third party is likely or necessary, further explanation may be provided, where appropriate, at such collection points as to the intended use of the data. We will require that such third parties protect the information and, where appropriate, we will contractually require them to process data transferred only for the purposes expressly authorized by us. Where your PHI or medical data is shared with third parties, we will adhere to the standards set forth by HIPAA and contractually obligate them to do the same.
We may also share your name and email address with our event partners who may later communicate with you about our events and other events that may interest you.
We may transmit your Personal Information to our affiliates outside the United States (“Almirall Affiliates”), such as parent company or subsidiaries, for storage purposes only. All such transmissions remain on the systems of Almirall Affiliates, and are not shared with outside parties.
In the event that we, or any portion of our assets, are acquired or we undergo another transaction in our business, your information may be transferred to the acquiring company or other entity surviving such transaction.
We may report to law enforcement agencies any activities that we reasonably believe to be unlawful, or that we reasonably believe may aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release your information to law enforcement agencies if we determine, in our sole judgment, that either you have violated our policies, or the release of your information may protect the rights, property, or safety of us or another person.
Subject to applicable law, we may disclose information about you (i) if we are required to do so by law, regulation or legal process, such as a subpoena; (ii) in response to requests by government entities, such as law enforcement authorities; (iii) when we believe disclosure is necessary or appropriate to prevent physical, financial or other harm, injury or loss; or (iv) in connection with an investigation of suspected or actual unlawful activity.
We may also use the information to investigate security breaches or cooperate with authorities pursuant to a legal matter.
Sales of Personal Information
Like most companies, we allow certain third party advertising partners to place tracking technology such as cookies and pixels on our websites. This technology allows these advertising partners to receive information about your activities on our website, which is then associated with your browser or device. These companies may use this data to serve you more relevant ads as you browse the internet. Under some state laws, sharing data for online advertising may be considered a “sale” of information. Except for this limited sharing, we do not sell any of your information. You can opt out of this sharing by clicking on the “Do Not Sell My Info” link on our website.
In certain instances, we may remove your Personal Information and use the other information for historical, statistical, or scientific purposes.
IV. Third Parties and Links To Third Party Sites
This Policy only addresses your interaction with us on our Sites. Our Sites may contain content that is supplied by a third party, and those third parties may collect usage information and your device identifier when pages from the website are served to you. We are not responsible for the data collection and privacy practices employed by any of these third parties or their services and they may be tracking you across multiple sites and may be sharing the results of that tracking with us and/or others. These third-party owners may have their own terms of service, privacy policies or other policies and ask you to agree to the same. Be sure to review any available policies before submitting personally identifiable information to a third-party application or otherwise interacting with it and exercise caution in connection with these applications. We have no control over, and cannot and do not assume responsibility for, the content, privacy policies or practices of such websites or the companies that own them.
We seek to use reasonable administrative, technical, and physical safeguards designed to protect Personal Information under our control. For your PHI and medical data, we adhere to the standards set forth by HIPAA. Please be aware that, despite our best efforts, no security measures are perfect or impenetrable and, therefore, we cannot guarantee that your information will remain secure.
Protecting the privacy of children is especially important. Our Sites are not directed to children under 16 years of age and we do not provide services to children, or knowingly collect or solicit personal information from children under 16 years of age. If we learn that Personal Information has been collected on the Sites from persons under 16 years of age, we will take the appropriate steps to delete this information.
VII. Changes To This Statement
VIII. Questions or Comments
IX. Additional Privacy Information For California Users
The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that Almirall disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information we collected about you (also called a data portability request).
- If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
- sales, identifying the Personal Information categories that each category of recipient purchased;
- and disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
Deletion Request Rights:
You have the right to request that Almirall delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by any of the following methods:
- Filling out the CCPA Data Access Request Form
- Emailing us at email@example.com
- Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
- You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
- We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
- Making a verifiable consumer request does not require you to create an account with us.
- We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
You have the right to direct us to not sell your Personal Information at any time (the “Right to Opt-Out”). Users who opt-in to Personal Information sales may opt-out of future sales at any time.
To exercise the Right to Opt-Out, you (or your authorized representative) may submit a request to us at: CCPA Data Access Request Form.
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Information sales. However, you may change your mind and opt back in to Personal Information sales at any time by contacting Almirall, LLC at the email address or phone number provided in this notice.
You do not need to create an account with us to exercise your Right to Opt-Out. We will only use Personal Information provided in an opt-out request to review and comply with the request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
X. California’s Shine the Light Law:
As referenced in this policy, we do not share your Personal Information with third parties for those third parties’ direct marketing purposes. California Civil Code Section 1798.83 permits California residents who have supplied Personal Information, as defined in the statute, to us to, under certain circumstances, request and obtain certain information regarding disclosure, of Personal Information to third parties for their direct marketing purposes. With any questions about the foregoing, please email us at firstname.lastname@example.org.