DYNAVAX PRIVACY NOTICE
Effective Date: Dec 19, 2018
Dynavax Technologies Corporation and Dynavax GmbH and their respective subsidiaries and affiliates (collectively, “Dynavax”, “we” and “us”) recognize the importance of protecting the privacy of Personal Data that we collect in online and offline formats through the Services.
This Privacy Notice covers the Personal Data we collect through our provision of the Services. Please note this Privacy Notice does not apply to Dynavax’s processing of employee Personal Data.
When we use the term “Personal Data”, we mean data that reasonably can be used to identify a living person or that reasonably relates to a living person (a “Data Subject”).
When we use the term “Services”, we mean to refer collectively to:
- The websites dynavax.com, heplisavb.com and any others owned and controlled by us that link to this Privacy Notice (“Sites”);
- Prospective employee application processes (“Application Activities”); and
- Our marketing and business development activities, including events we host (such as webinars) and social media properties we operate (“Marketing Activities”).
The Data Subjects we receive Personal Data from in providing the Services are:
- Physicians and other health care professionals;
- Clinical trial investigators;
- Prospective research participants;
- Service providers, contractors and consultants;
- Job applicants;
- Volunteers; and
- Other individuals who interact directly with Dynavax or its business partners.
Dynavax may provide additional privacy notices to individuals at the time we collect their data. For example, we often provide a specific privacy notice to participants in research studies or clinical trials (collectively, “Research”) during the informed consent process that describes our privacy practices in connection with conducting Research. This type of an “in-time” notice will govern how we may process the information you provide at that time instead of this Privacy Notice.
In connection with the Services, we collect:
- Identification information including name, profession, email address, zip code and telephone number;
- contact information including postal address and e-mail address, zip code and phone number;
- health information including information about interest in our products;
- professional and employment information including CV/resume details, professional and academic history, credentials, designations, licenses and personnel files;
- service data including information on requests made and interactions with our Services; and
- other background data includinginformation on criminal history/unlawful conduct in the case of job applicants.
We collect this Personal Data in various ways, including:
- Directly from the Data Subject including from users of the Services when you voluntarily submit information, when you register with us to receive information about research trials, when you register for events such as webinars, trainings, lectures, seminars, or workshops, when you submit a grant request, when you express interest in our expanded access program, when you apply for a job, send us an email, other correspondence or complete a form in connection with our Services;
- Indirectly from other sources including from service providers and business partners that identify potential employment candidates, potential investigators, or prospective business partners or patient groups, or that coordinate events and programs for the Application Activities and Marketing Activities;
- Publicly available sources including from social media platforms such as Facebook, Twitter, and Instagram and other publicly available databases; and
We use Personal Data for a variety of business purposes. These purposes include:
- managing, operating and growing our business, and administering the Services, including through the use of third party service providers;
- complying with legal or regulatory obligations;
- developing new resources and services;
- processing and considering applications for employment, including evaluating and confirming your suitability for a position and accuracy of any information submitted;
- monitoring and auditing compliance with internal policies and procedures, legal obligations and to meet requirements and orders of regulatory authorities;
- developing and maintaining relationships with health care professionals, investigators, researcher, patients and caregivers;
- communicating with you to respond to your inquiries and to provide technical or administrative support;
- conducting Marketing Activities, communicating updates, invitations and other information that we believe may be of interest to you;
- preventing, investigating and providing notice of fraud, unlawful or criminal activity, unauthorized access to or use of Personal Data, the website or our data systems, and to meet legal, regulatory, judicial and company policy obligations; and
- for any other lawful, legitimate business purposes.
- Within Dynavax. We share your Personal Data within Dynavax for the purposes set forth above.
- Service Providers. We share Personal Data with third-party service providers who complete transactions or perform services on our behalf, such as health care professionals, contract research organizations or other medical institutions conducting Research on our behalf, data storage and analytics providers, recruiters, background check providers, event coordinators, market research providers, technology providers (including technology support providers, email communications providers and web developers) or those providers assisting with the Services.
- Collaborations. We share Personal Data with third-party collaborators, such as medical institutions conducting Research in collaboration with us.
- Regulatory, Legal Process, Safety and Terms Enforcement. We may disclose Personal Data to governmental regulatory authorities, including in connection with monitoring, review and approval of our studies, products and services, financial disclosure obligations, adverse event reporting, and in response to their requests for such information or to assist in investigations. We may also disclose Personal Data to third parties in connection with claims, disputes or litigation, when otherwise required by law, or if we determine its disclosure is necessary to protect the health and safety of you or us, to protect against fraud or credit risk, or to enforce our legal rights or contractual commitments that you have made.
- Business Transfers. We may disclose Personal Data as part of a corporate business transaction, such as a merger, acquisition, joint venture, financing, or sale of company assets and may transfer Personal Data to a third party as one of the business assets in such a transaction. Personal Data may also be disclosed in the event of insolvency, bankruptcy, or receivership.
If you have signed up to receive information from us (or where permitted by law, if you have provided us or we have obtained your contact information), we may send you email messages, direct mail information, push notifications, or other communications regarding products or services depending on the method of communication selected. You may ask us not to do so when you access our Services or change your preferences by updating any accounts you have with us. At any time, you may elect to discontinue receiving commercial messages from us by following the unsubscribe instructions in the form of the communication you received or by submitting an opt-out request to the contact information set forth in the Contact Us section below.
- Printed Materials: To opt out of receiving printed marketing materials at your postal address, such as advertisements, flyers, or postcards, please submit an opt-out request to the contact information set forth in the Contact Us section below. Please be sure to include your name and mailing address exactly as they appear on the printed marketing materials you received.
- Emails: To opt out of receiving marketing communications via email, please click on the unsubscribe link at the bottom of the email that was sent to you or submit an opt-out request to the contact information set forth in the Contact Us section below. Please note that you may continue to receive certain transactional or account-related electronic messages from us.
The Sites are not intended for, or directed to, children under the age of 13. We do not knowingly receive Personal Data from children under the age of 13. If you are under the age of under the age of 13, do not provide us with any Personal Data either directly, through any website forms, or by any other means. If you become aware that your child has provided us with Personal Data, please contact us at [Contact Email].
For individuals in the European Economic Area (“EEA”), please see below for additional detailed disclosures.
The below information applies to any Data Subject located in the EEA. For the purposes of processing this Personal Data, Dynavax acts as a “data controller” and our headquarters is located in the United States at 2929 Seventh Street, Suite 100, Berkeley, CA 94710.
Legal Basis of Processing
In this section, we identify the lawful ground we rely on for processing Personal Data.
If Dynavax relies on consent for the processing of Personal Data, we will provide transparent notice of the purposes for which we seek such consent at the time we collect your Personal Data.
If Dynavax wishes to process any special categories of Personal Data as set out in Article 9(1) of the EU’s General Data Protection Regulation, Dynavax may obtain your explicit consent for such processing.
Dynavax processes Personal Data to fulfill our contracts with our business partners and service providers, such as for rendering payment or communicating with health care professionals or consultants.
Dynavax may process Personal Data as specifically required by applicable legal obligations, such as laws and regulations that require Dynavax to process Personal Data for purposes of obtaining medical research approvals and spend transparency disclosures.
Dynavax may process Personal Data for scientific or historical research purposes, or statistical purposes in the public interest, as authorized by applicable law.
If Dynavax wishes to process any special categories of Personal Data as set out in Article 9(1) of the EU’s General Data Protection Regulation, it may do so when necessary for scientific research purposes, medical diagnosis, or the protection of vital interests.
Dynavax may process Personal Data subject to its own legitimate interests, such as to develop, administer and support Research; to operate, evaluate and improve our business; to facilitate and manage patient advocacy and engagement programs; to promote scholarly research; to support our recruitment activities; or to facilitate a sale of assets or merger or acquisition.
Dynavax may also process Personal Data for purposes that are compatible with those described above. Such purposes may include scientific research.
We retain Personal Data for as long as is necessary to accomplish the purposes set out in this Privacy Notice, unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights, in accordance with the principles set forth in Article 5(1) of the GDPR.
The criteria used to determine the period for which Personal Data about you will be stored varies depending on the legal basis under which we process such Personal Data:
For the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain Personal Data about you erased (see Data Subject Rights below).
For the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the limitation period for legal claims that could arise from the contractual relationship.
For the duration of time we are legally obligated to keep the information.
For the period of time necessary to fulfill the purposes of the business process in the public interest and for any period of time that may be required under.
For a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of the data subjects.
We may face any threat of legal claim and in that case, we may need to apply a “legal hold” that retains information beyond our typical retention period. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.
Transfer of Personal Data Outside of the EEA
Dynavax processes your Personal Data in the United States, which does not provide the same level of data protection as the EEA. Where your Personal Data is processed by Dynavax or third parties outside of the EEA, we will ensure that appropriate safeguards are in place to adequately protect your Personal Data, as required by applicable law, including the execution of standard contractual clauses if the recipients are not located in a country with adequate data protection laws (as determined by the European Commission) or certified under the EU-US Privacy Shield framework.
GDPR Data Subject Rights
Under the GDPR, in certain circumstances, an EEA-resident Data Subject has certain individual rights with respect to the Personal Data that we hold about them. In particular, you may have the right to:
- Request access to any data held about you;
- Ask to have inaccurate data amended;
- Request data held about you to be erased, provided the data is not required by Dynavax to perform a contract, protect its rights, interests or those of a third party, defend against a legal claim or to comply with applicable laws or regulations;
- Prevent or restrict processing of data which is no longer required; and
- Request transfer of appropriate data to a third party where this is technically feasible
Additionally, in the circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific purpose at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
To exercise any of these rights, please contact us using the contact details set out under the “Contact Us” heading below. As a resident of the EEA, you are also entitled to direct any complaints in relation to our processing of your Personal Data to your national or local data protection supervisory authority.
Dynavax is continually improving and adding new functionality and features to the Services. Because of these ongoing improvements, changes in the law and the changing nature of technology, Dynavax’s data practices will change from time to time. Accordingly, this Privacy Notice is subject to occasional revisions. We will notify you of changes by posting the new Privacy Notice on the Sites and updating the effective date of the Privacy Notice. Such changes to the Privacy Notice will become effective when posted. You acknowledge and agree that it is your responsibility to review this Privacy Notice periodically and become aware of modifications.
If you have any questions about this Privacy Notice or concerns about the way Dynavax processes your Personal Data, or require assistance in managing your privacy choices, please get in touch with us at:
Dynavax Technologies Corporation
2100 Powell Street Suite 900
Emeryville, CA 94608
Toll Free: +1.877.848.5100
A cookie is a string of information, including a unique reference code, that a website stores on a visitor’s computer when visiting a website and that the visitor’s browser provides to the website each time the visitor returns. A number of cookies we use will last only for the duration of your web session and expire when you close your browser. Other cookies last longer and are used to recognize your computer when you return to the Site.
The cookies you receive from the Sites are served by Dynavax. However some cookies served by us use code provided by a third party delivering analytical services on our behalf. We and our service providers use the following categories of cookies:
- Essential Cookies: These cookies are strictly necessary to provide you with features available through our Sites and to use some of their features, such as contact forms. Because these cookies are strictly necessary to deliver the Sites, you cannot refuse them without impacting how our Sites function.
- Performance and Functionality Cookies: These cookies are used to enhance the performance and functionality of our Sites but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.
- Analytics and Customization Cookies: These cookies collect information that is used to help us understand how our Sites are being used or how effective our Marketing Activities are, or to help us customize our Sites for you in order to enhance your experience.
- Persistent Cookies: These record your visit to our Sites, recognize you as a previous visitor and track your activity on the Sites. These cookies qualify as persistent cookies, because they remain on your device for us to use during a next visit to our Sites. You can delete these cookies via your browser settings. See below for further details on how you can control persistent cookies.
Most web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can review your Internet browser settings, typically under the sections “Help” or “Internet Options”, to exercise choices you have for certain cookies.
Please note that by blocking or deleting cookies used on the Sites, you may not be able to take full advantage of the Sites.
You can also learn more about how to manage all cookies across different types of browsers by visiting www.allaboutcookies.org. The site includes additional useful information on cookies.
Please note that new services using cookies may be added to the Sites from time to time. Accordingly, this Cookies Policy is subject to occasional revisions. We will notify you of changes by posting the new Cookies Policy on the Sites. Such changes to the Cookies Policy will become effective when posted. Please review this Cookies Policy periodically and become aware of modifications.