Powering the Immune System to Transform Lives

Privacy Policy

Effective as of September 8, 2023.

This “Privacy Policy” describes the privacy practices of Vir Biotechnology, Inc. and our subsidiaries and affiliates (collectively, “Vir”, “we”, “us”, or “our”). This Privacy Policy describes how we collect, use, disclose and otherwise process personal information in connection with the websites on which we post or link to this Privacy Policy (the “Sites”) and when individuals otherwise interact with us (including in connection with our clinical trials, products and services), and explains the rights and choices available to individuals with respect to their information. In some circumstances, we may provide additional privacy notices to you in connection with your participation in our programs, events or other engagements with Vir (“in-time notices”). Such in-time notices will govern our privacy practices in connection with those engagements to the extent there exists any conflict between this Privacy Policy and the in-time notice.

Individuals who interact with our European subsidiaries, Humabs BioMed SA (“Humabs”) and Vir Biotechnology International GmbH (“VBI”) and individuals located within the European Economic Area (“EEA”), United Kingdom or Switzerland (collectively, “Europe”) should read the important information provided here.

Personal Information We Collect

Investors

Job Applicants

Cookies and Similar Technologies

How We Use Your Personal Information

How We Share Your Personal Information

Your Choices

Security

Children

International Data Transfer

Other Websites and Services

Changes to this Privacy Policy

Contact Us

Notice To Individuals Who Interact With Humabs BioMed SA or Vir Biotechnology International GmbH

Notice to California Residents

Personal Information We Collect

Types of Personal Information We Collect

Information you provide to us. Personal information you provide to us through the Sites or otherwise includes:

  • Business and personal contact information, such as your first and last name, email and mailing addresses, phone number, professional title, company name and emergency contact information.
  • Demographic information, such as your date of birth, age, gender, marital status, and information regarding your parents or legal guardians.

  • Professional credentials, such as your educational and professional history, certifications, and institutional affiliations

  • Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.

  • Usage information, such as information about how you use the Sites and interact with us.

  • Marketing information, such as your preferences for receiving communications about our activities and publications, and details about how you engage with our communications.

  • Information provided by job applicants, such as professional credentials and skills, educational and work history, and other information of the type that may be included on a resume or curriculum vitae.

  • Health and medical information, such as medical insurance details, information about physical and mental health conditions and diagnoses, treatments for medical conditions, to the extent you participate in our clinical trials, patient support programs, or expanded access programs.

  • Payment-related information, such as information you may provide so we can pay you for professional services (such as your tax identification number and financial account information).

  • Professional activity information. If you are a health care professional, we collect information about the programs and activities in which you have participated, your prescribing of our products, and the agreements you have executed with us.

  • Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

We may combine other publicly available information, such as information related to the organization for which you work, with the personal information that you provide to us.

Information automatically collected. We may automatically log information about you and your computer or mobile device when you access the Sites. For example, we may log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the website you visited before browsing to our websites, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our websites. We collect this information about you using cookies. Please refer to the Cookies and Similar Technologies section for more details.

From Whom We Collect Personal Information. We collect personal information:

  • directly from you, such as when you contact us;
  • through the Sites;
  • from healthcare professionals;
  • from hospitals, clinics and other healthcare providers;
  • from contract research organizations and clinical trial investigators;
  • from government agencies or public records;
  • from third-party service providers, data brokers, or business partners;
  • from industry and patient groups and associations;
  • from social media and other public forums (including adverse event information or product quality complaints); and
  • as otherwise described in this Privacy Policy.

Investors

You may provide information to us when visiting the Investors page of our Sites, such as your name and contact information. We use this information to respond to and communicate with you, as well as to respond to your requests, operate the Sites, to comply with law, and for other compliance, fraud prevention, and safety purposes. We may share this information with our affiliates, service providers, and professional advisors, as well as for compliance, fraud prevention and safety, and in the event of a business transfer, each as explained below.

Job Applicants

When you visit the careers portion of our Sites, we collect the information that you provide to us in connection with your job application. This includes business and personal contact information, professional credentials and skills, educational and work history, and other information of the type that may be included in a resume. This may also include diversity information that you voluntarily provide. We use this information to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics. We may also use this information to operate the Sites, and as otherwise necessary to comply with law or for compliance, fraud prevention, and safety purposes. A Candidate Privacy Notice for California individuals can be found here.

Cookies And Similar Technologies

We use cookies and other similar technologies when you visit our website. Please refer to our Cookie Policy for more information about the cookies we use and for what purposes. You can manage and review your personal cookie settings and opt-out of sharing your data at any time by visiting the Cookie Preferences Center.

How We Use Your Personal Information

To operate our Sites and related services. We use your personal information to:

  • operate, maintain, administer and improve the Sites;
  • provide information about our products and services;
  • better understand your needs and interests, and personalize your experience with the Sites;
  • provide support and maintenance for the Sites;
  • respond to your service-related requests, questions and feedback;
  • provide you with investor, media or other information and materials; and
  • manage access to our products, including where access is limited by law to licensed physicians.


To support our research and patient support activities. We may use your personal information when necessary to facilitate our clinical trials, studies, research and related activities that support patients and our product improvement, including to:

  • recruit staff and manage clinical trials, including by recruiting investigators and participants;
  • track and respond to safety and product quality concerns (including product recalls);
  • facilitate medication adherence programs;
  • define and manage appropriate patient engagement activities and patient support programs (including to provide co-pay and other financial assistance where available);
  • support public health initiatives, symposia, conferences, and scientific, educational and volunteer events;
  • identify and engage thought leaders and external experts;
  • award scholarships and grants;
  • attribute authorship to academic and promotional materials; and
  • pay for services that physicians, researchers and other individuals may provide to us.


To send you marketing and promotional communications. We may send you Vir-related marketing communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications as described in the Opt out of marketing communications section below.

To comply with law. We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention and safety. We use your personal information as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our websites, mobile apps, products and services; (b) comply with regulatory monitoring and reporting obligations (such as those related to adverse events, product complaints, patient safety, and financial disclosures); (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

With your consent. In some cases we may ask for your consent to collect, use or share your personal information, such as when required by law.

To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes.

How We Share Your Personal Information

Affiliates. We may disclose your personal information to our subsidiaries and corporate affiliates for purposes consistent with this Privacy Policy.

Service providers. We may employ third party companies and individuals to perform services on our behalf, including, without limitation:

  • contract research organizations that conduct clinical trials;
  • technology services and support (including email and web hosting providers, data storage and analytics vendors, and marketing and advertising technology providers);
  • event planning and travel organizations that help facilitate Vir programs;
  • payment, shipping and fulfillment service providers;
  • customer service representatives and patient-support providers (such as for product quality and adverse event reporting, patient co-pay assistance, prescription adherence programs and similar efforts); and
  • companies that support product recall administration.

These third parties may use your information only as directed by Vir and in a manner consistent with this Privacy Policy. Such third parties are prohibited from using or disclosing your information for any other purpose.

Business partners and other professionals and organizations. We may disclose your personal information to partners with whom we jointly develop products or services in connection with the development and promotion of such products or services. We will ask for your consent before disclosing your information with our business partners where required by applicable law. We may also share your personal information with healthcare professionals, researchers, institutions, academics, public health organizations and publishers for purposes consistent with this Privacy Policy.

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of professional services that they render to us.

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.

Public authorities. We may disclose your personal information in response to lawful requests by public authorities.

Business transfers. We may sell, transfer or otherwise share some or all of its business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy or dissolution.

Your Choices

Opt out of marketing communications. You may opt out of marketing-related emails by clicking the “Unsubscribe” link at the bottom of each such email. You may continue to receive service-related and other non-marketing emails.

Choosing not to share your personal information. Where we are required by law to collect your personal information, or where we need your personal information in order to provide the Service to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services. We will tell you what information you must provide to receive the Service by designating it as required at the time of collection or through other appropriate means.

Security

The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

Children

We do not knowingly collect personal information from children under age 16 through our Sites. If we learn that we have collected personal information directly from a child under the age of 16 through our Sites, we will delete that information as soon as practicable.

International Data Transfers

Vir is headquartered in the United States and has affiliates and may have service providers in other countries. Your personal information may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.

Individuals who interact with Humabs or VBI and individuals who reside in Europe should read the important information provided below about transfer of personal information outside of Europe.

Other Websites and Services

For your convenience and information, we may provide links to websites and other third-party content that is not owned or operated by Vir. These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third-party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.

Changes To This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on our Sites. We may, and if required by law will, also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if we have your contact information) or another manner through the Sites.

Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on the Sites (or as otherwise indicated at the time of posting). In all cases, your continued use of the Sites after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

Contact Us

If you have any questions or concerns about our Privacy Policy or privacy practices, please contact us at:

Vir Biotechnology, Inc.
Attn: Legal – Privacy
1800 Owens Street, Suite 900
San Francisco, CA 94158
privacy@vir.bio

Humabs BioMed SA
Attn: Legal – Privacy
Via dei Gaggini 3
CH-6500 Bellinzona
Switzerland
privacy@vir.bio

Vir Biotechnology International GmbH
Attn: Legal – Privacy 
Grafenauweg 8
CH-6300 Zug
Switzerland
privacy@vir.bio

Notice to Individuals Who are Located in Europe

Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Controller. Vir Biotechnology, Inc., Humabs BioMed SA, and Vir Biotechnology International GmbH, respectively, are the controllers of personal information for purposes of European data protection legislation, with respect to the individuals who interact with each entity or its service providers, respectively.

EU Data Protection Representative. Vir’s EU Data Protection Representative is:

DataRep
3rd and 4th floor
Altmarkt 10 B/D 
Dresden, 01067 
Germany

You may also email any personal information-related questions to DataRep at datarequest@datarep.com, making sure to include “Vir Biotechnology, Inc.” in the subject line.        

UK Data Protection Representative.  Vir’s UK Data Protection Representative is:

DataRep
107-111 Fleet Street
London, EC4A 2AB
United Kingdom

You may also email any personal information-related questions to DataRep at datarequest@datarep.com, making sure to include “Vir Biotechnology, Inc.” in the subject line.        

EU and UK Data Protection Officer. Vir’s Data Protection Officer is:

Trilateral Research
Attn: Rosie Christos
Marine Point
Belview Port, Waterford
X91 W0XW
Ireland

You may also send an email to dpo@vir.bio

Legal bases for processing. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.

Processing purpose Legal basis

Details regarding each processing purpose listed below are provided in the section above titled “How we use your personal information”.

 

To operate our Sites and related services

Processing is necessary to perform the contract governing our provision of the Sites or related services or to take steps that you request prior to entering into the contract. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the services you access and request.

To support our research and related activities

Where we process sensitive personal information in connection with this processing purpose, the processing is authorized by Member State law or is necessary for scientific research, historical research, or statistical purposes.
 

In all other cases, these processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

To send you marketing and promotional communications

To manage our recruiting and process employment applications

For compliance, fraud prevention and safety

To create anonymous, aggregated or de-identified data

These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

To comply with law Processing is necessary to comply with our legal obligations.
With your consent Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consented.

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) through the Sites. If you provide us with any sensitive personal information, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not submit to us such sensitive personal information.

Retention. We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.

Your rights. United Kingdom, Switzerland and European Union data protection laws may give you certain rights regarding your personal information. If you are located within these jurisdictions, you may ask us to take the following actions in relation to your personal information that we hold:

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal information.
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information.

You can submit these requests by email to dpo@vir.bio or by contacting either Vir’s EU or UK Data Protection Representative or Data Protection Officer set forth above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

Cross-Border Data Transfer
If we transfer your personal information out of Europe to a country not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be performed:

  • Pursuant to the recipient’s compliance with standard contractual clauses, the Swiss-U.S. Data Privacy Framework, or Binding Corporate Rules;
  • Pursuant to the consent of the individual to whom the personal information pertains; or
  • As otherwise permitted by applicable European requirements.

You may contact us if you want further information on the specific mechanism used by us when transferring your personal information out of Europe.

Swiss-U.S. Data Privacy Framework

Vir complies with the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. We have certified to the Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this Privacy Policy and the Swiss-U.S. DPF Principles, the Swiss-U.S. DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, please visit https://www.dataprivacyframework.gov/s/. You may view our certification by searching “Vir Biotechnology” at https://www.dataprivacyframework.gov/s/participant-search.

In compliance with the Swiss-U.S. DPF, Vir commits to cooperate and comply with with the advice of the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data in reliance on the Swiss-U.S. DPF in the context of the employment relationship.

Consistent with the Swiss-U.S. DPF Principles, we may transfer your personal information to third parties as described in this Privacy Policy. We maintain contracts with our third-party service providers restricting their access to, and use and disclosure of, personal information in accordance with our Swiss-U.S. DPF obligations. Vir may be liable under the Swiss-U.S. DPF Principles if these third parties fail to meet those obligations and we are responsible for the event giving rise to the damage.
If you have any inquiry or complaint regarding our privacy practices, please contact us at:

Vir Biotechnology, Inc.
Attn: Legal – Privacy
1800 Owens Street, Suite 900
San Francisco, CA 94158
privacy@vir.bio

We hope to be able to resolve any questions or complaints you may have. To the extent we cannot, you may, under certain circumstances, invoke binding arbitration to resolve the complaint through the Data Privacy Framework Arbitration Panel. Additional information on the arbitration process is available on the Data Privacy Framework Program website at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.

We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. The Federal Trade Commission has jurisdiction over Vir’s compliance with the Data Privacy Framework. Our commitments under the Swiss-U.S. DPF Principles are subject to the investigatory and enforcement powers of the Federal Trade Commission.

Notice To California Residents

We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide to California residents an explanation of how we collect, use and share their personal Information, and of the rights and choices we offer California residents regarding our handling of the personal information.

Our Sites are directed to healthcare providers (in their business capacity) who want to learn more about our immunology technologies, individuals who are interested in (or who are already) participating in our clinical trials (including as investigators and study staff), current and potential investors in Vir, and candidates who wish to apply for a job with Vir.

The CCPA does not apply to the information we collect in connection with clinical trials, to any health or medical information we collect that is otherwise governed by California’s Confidentiality of Medical Information Act or the Health Insurance Portability and Accountability Act of 1996, or to information related to our business contacts (including healthcare providers).

We do not sell personal information. As we explain in this Privacy Policy, we use cookies and other tracking technologies to analyze website traffic and facilitate advertising. If you would like to learn how you may opt out of our (and our third party advertising partners’) use of cookies and other tracking technologies, please review the instructions provided in the Online Tracking Opt-out Guide.

California Residents’ Privacy Rights

The CCPA grants individuals whose information is governed by the CCPA the following rights. We extend these rights only to individual investors who provide information on our website.

  • Information. You can request information about how we have collected, used and shared and used your Personal Information during the past 12 months. We have made this information available to California residents without having to request it by including it in this notice, in the above descriptions under Personal Information We Collect, How We Use Your Personal Information, and How We Share Your Personal Information.
  • Access. You can request a copy of the Personal Information that we maintain about you.
  • Deletion. You can ask us to delete the Personal Information that we collected or maintain about you.

Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.

You are entitled to exercise the rights described above free from discrimination.

How to Submit a Request

If you are an investor and you would like to request access to or deletion of personal information:

Identity verification. The CCPA requires us to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request.

Authorized agents. Investors who are California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority.