A World Without Infectious Disease
Effective as of August 4, 2020.
Individuals who interact with our European subsidiary, Humabs BioMed SA (“Humabs”) and individuals located within the European Economic Area (“EEA”), United Kingdom or Switzerland (collectively, “Europe”) should read the important information provided here.
Types of Personal Information We Collect
Information you provide to us. Personal information you provide to us through the Sites or otherwise includes:
- Business and personal contact information, such as your first and last name, email and mailing addresses, phone number, professional title, company name and emergency contact information.
Demographic information, such as your date of birth, age, gender, marital status, and information regarding your parents or legal guardians.
Professional credentials, such as your educational and professional history, certifications, and institutional affiliations
Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.
Usage information, such as information about how you use the Sites and interact with us.
Marketing information, such as your preferences for receiving communications about our activities and publications, and details about how you engage with our communications.
Information provided by job applicants, such as professional credentials and skills, educational and work history, and other information of the type that may be included on a resume or curriculum vitae.
Health and medical information, such as medical insurance details, information about physical and mental health conditions and diagnoses, treatments for medical conditions, to the extent you participate in our clinical trials, patient support programs, or expanded access programs.
Payment-related information, such as information you may provide so we can pay you for professional services (such as your tax identification number and financial account information).
Professional activity information. If you are a health care professional, we collect information about the programs and activities in which you have participated, your prescribing of our products, and the agreements you have executed with us.
We may combine other publicly available information, such as information related to the organization for which you work, with the personal information that you provide to us.
Information automatically collected. We may automatically log information about you and your computer or mobile device when you access the Sites. For example, we may log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the website you visited before browsing to our websites, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our websites. We collect this information about you using cookies. Please refer to the Cookies and Similar Technologies section for more details.
From Whom We Collect Personal Information. We collect personal information:
- directly from you, such as when you contact us;
- through the Sites;
- from healthcare professionals;
- from hospitals, clinics and other healthcare providers;
- from contract research organizations and clinical trial investigators;
- from government agencies or public records;
- from third-party service providers, data brokers, or business partners;
- from industry and patient groups and associations;
- from social media and other public forums (including adverse event information or product quality complaints); and
You may provide information to us when visiting the Investors page of our Sites, such as your name and contact information. We use this information to respond to communicate with you and respond to your requests, operate the Sites, to comply with law and for other compliance, fraud prevention, and safety purposes. We may share this information with our affiliates, service providers, and professional advisors, as well as for compliance, fraud prevention and safety, and in the event of a business transfer, each as explained below.
When you visit the careers portion of our Sites, we collect the information that you provide to us in connection with your job application. This includes business and personal contact information, professional credentials and skills, educational and work history, and other information of the type that may be included in a resume. This may also include diversity information that you voluntarily provide. We use this information to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics. We may also use this information to operate the Sites, and as otherwise necessary to comply with law or for compliance, fraud prevention, and safety purposes.
What are cookies?
We may collect information using “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Sites.
We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our Sites; and (2) third party cookies, which are served by service providers on our Sites, and can be used by such service providers to recognize your computer or mobile device when it visits other websites.
Cookies we use
Our Site uses the following types of cookies for the purposes set out below:
|Type of cookie||Purpose|
These cookies are necessary to allow the technical operation of our Sites (e.g., they enable you to move around on a website and to use its features).
|Analytics and Performance Cookies||
These cookies help us understand how our Sites are performing and being used. These cookies may work with web beacons included in emails we send to track which emails recipients open and which links recipients click.
We use Google Analytics for this purpose. Google Analytics uses its own cookies. You can find out more information about Google Analytics cookies here and about how Google protects your data here. You can prevent the use of Google Analytics relating to your use of our Site by downloading and installing the browser plugin available here.
Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Sites may not work properly.
For more information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org. If you do not accept our cookies, you may experience some inconvenience in your use of our Sites. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Sites.
Other tracking technologies.
We may also use web beacons (which are also known as pixel tags and clear GIFs) on our Sites and in our HTML formatted emails to track the actions of users on our Sites and interactions with our emails. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages or within HTML formatted emails. Pixel tags are used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of the Sites, so that we can manage our content more effectively.
Do not track signals.
Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We do not currently respond to “Do Not Track” signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.
- operate, maintain, administer and improve the Sites;
- provide information about our products and services;
- better understand your needs and interests, and personalize your experience with the Sites;
- provide support and maintenance for the Sites;
- respond to your service-related requests, questions and feedback;
- provide you with investor, media or other information and materials; and
- manage access to our products, including where access is limited by law to licensed physicians.
To support our research and patient support activities. We may use your personal information when necessary to facilitate our clinical trials, studies, research and related activities that support patients and our product improvement, including to:
- recruit staff and manage clinical trials, including by recruiting investigators and participants;
- track and respond to safety and product quality concerns (including product recalls);
- facilitate medication adherence programs;
- define and manage appropriate patient engagement activities and patient support programs (including to provide co-pay and other financial assistance where available);
- support public health initiatives, symposia, conferences, and scientific, educational and volunteer events;
- identify and engage thought leaders and external experts;
- award scholarships and grants;
- attribute authorship to academic and promotional materials; and
- pay for services that physicians, researchers and other individuals may provide to us.
To send you marketing and promotional communications. We may send you Vir-related marketing communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications as described in the Opt out of marketing communications section below.
To comply with law. We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
For compliance, fraud prevention and safety. We use your personal information as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our websites, mobile apps, products and services; (b) comply with regulatory monitoring and reporting obligations (such as those related to adverse events, product complaints, patient safety, and financial disclosures); (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes.
Service providers. We may employ third party companies and individuals to perform services on our behalf, including:
- contract research organizations that conduct clinical trials;
- technology services and support (including email and web hosting providers, data storage and analytics vendors, and marketing and advertising technology providers);
- event planning and travel organizations that help facilitate Vir programs;
- payment, shipping and fulfillment service providers;
- customer service representatives and patient-support providers (such as for product quality and adverse event reporting, patient co-pay assistance, prescription adherence programs and similar efforts); and
- companies that support product recall administration.
Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of professional services that they render to us.
For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.
Public authorities. We may disclose your personal information in response to lawful requests by public authorities.
Business transfers. We may sell, transfer or otherwise share some or all of its business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy or dissolution.
Opt out of marketing communications. You may opt out of marketing-related emails by clicking the “Unsubscribe” link at the bottom of each such email. You may continue to receive service-related and other non-marketing emails.
Choosing not to share your personal information. Where we are required by law to collect your personal information, or where we need your personal information in order to provide the Service to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services. We will tell you what information you must provide to receive the Service by designating it as required at the time of collection or through other appropriate means.
The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.
We do not knowingly collect personal information from children under age 16 through our Sites. If we learn that we have collected personal information directly from a child under the age of 16 through our Sites, we will delete that information as soon as practicable.
Vir is headquartered in the United States and has affiliates and may have service providers in other countries. Your personal information may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.
Individuals who interact with Humabs and individuals who reside in Europe should read the important information provided below about transfer of personal information outside of Europe.
For your convenience and information, we may provide links to websites and other third-party content that is not owned or operated by Vir. These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third-party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.
Vir Biotechnology, Inc.
Attn: Legal – Privacy
499 Illinois Street, Suite 500
San Francisco, CA 94158
Humabs BioMed SA
Attn: Legal – Privacy
Via dei Gaggini 3
Controller. Vir Biotechnology, Inc. and Humabs BioMed SA, respectively, are the controllers of personal information for purposes of European data protection legislation, with respect to the individuals who interact with each entity or its service providers, respectively.
EU Personal Information Representative and Data Protection Officer. For Vir, the EU representative to whom to address personal information related inquiries is: DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany. You may also send an email to DataRep at firstname.lastname@example.org quoting “Vir Biotechnology, Inc.” in the subject line.
The Data Protection Officer for Vir is Alex Bangs, at 499 Illinois Street, Suite 500, San Francisco, CA 94158 with email at email@example.com.
|Processing purpose||Legal basis|
Details regarding each processing purpose listed below are provided in the section above titled “How we use your personal information”.
|Processing is necessary to perform the contract governing our provision of the Sites or related services or to take steps that you request prior to entering into the contract. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the services you access and request.|
Where we process sensitive personal information in connection with this processing purpose, the processing is authorized by Member State law or is necessary for scientific research, historical research, or statistical purposes.
These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
|To comply with law||Processing is necessary to comply with our legal obligations.|
|With your consent||Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consented.|
Retention. We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
Your rights. United Kingdom, Switzerland and European Union data protection laws may give you certain rights regarding your personal information. If you are located within these jurisdictions, you may ask us to take the following actions in relation to your personal information that we hold:
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information.
You can submit these requests by email to firstname.lastname@example.org or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
Cross-Border Data Transfer
If we transfer your personal information out of Europe to a country not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be performed:
- Pursuant to the recipient’s compliance with standard contractual clauses, the Swiss-U.S. Privacy Shield, or Binding Corporate Rules;
- Pursuant to the consent of the individual to whom the personal information pertains; or
- As otherwise permitted by applicable European requirements.
You may contact us if you want further information on the specific mechanism used by us when transferring your personal information out of Europe.
Swiss-U.S. Privacy Shield
Vir complies with the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. You may view our certification by searching “Vir” at https://www.privacyshield.gov/list.
Vir Biotechnology, Inc.
Attn: Legal – Privacy
499 Illinois Street, Suite 500
San Francisco, CA 94158
We hope to be able to resolve any questions or complaints you may have. To the extent we cannot, Vir has further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association (AAA), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please visit https://go.adr.org/privacyshield.html for more information or to file a complaint. The AAA services are provided at no cost to you. If neither Vir nor AAA resolves your complaint, you may, under certain circumstances, invoke binding arbitration to resolve the complaint through the Privacy Shield Panel. Additional information on the arbitration process is available on the Privacy Shield website at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. The Federal Trade Commission has jurisdiction over Vir’s compliance with the Privacy Shield. Our commitments under the Privacy Principles are subject to the investigatory and enforcement powers of the Federal Trade Commission.
We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide to California residents an explanation of how we collect, use and share their personal Information, and of the rights and choices we offer California residents regarding our handling of the personal information.
Our Sites are directed to healthcare providers (in their business capacity) who want to learn more about our immunology technologies, individuals who are interested in (or who are already) participating in our clinical trials (including as investigators and study staff), current and potential investors in Vir, and candidates who wish to apply for a job with Vir.
The CCPA does not apply to the information we collect in connection with clinical trials, to any health or medical information we collect that is otherwise governed by California’s Confidentiality of Medical Information Act or the Health Insurance Portability and Accountability Act of 1996, or to information related to our business contacts (including healthcare providers).
California Residents’ Privacy Rights
The CCPA grants individuals whose information is governed by the CCPA the following rights. We extend these rights only to individual investors who provide information on our website.
- Information. You can request information about how we have collected, used and shared and used your Personal Information during the past 12 months. We have made this information available to California residents without having to request it by including it in this notice, in the above descriptions under Personal Information We Collect, How We Use Your Personal Information, and How We Share Your Personal Information.
- Access. You can request a copy of the Personal Information that we maintain about you.
- Deletion. You can ask us to delete the Personal Information that we collected or maintain about you.
Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.
You are entitled to exercise the rights described above free from discrimination.
How to Submit a Request
If you are an investor and you would like to request access to or deletion of personal information:
- email email@example.com
- telephone (888) 639-6001
Identity verification. The CCPA requires us to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request.
Authorized agents. Investors who are California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority.