Privacy Notice

DYNAVAX PRIVACY NOTICE

Last updated on December 24, 2019

Dynavax Technologies Corporation and Dynavax GmbH and their respective subsidiaries and affiliates (collectively, “Dynavax”, “we” and “us”) recognize the importance of protecting the privacy of Personal Data that we collect in online and offline formats through the Services. 

BY PROVIDING YOUR PERSONAL DATA TO DYNAVAX OR OTHERWISE USING OUR SERVICES, YOU AGREE TO THE TERMS OF THIS PRIVACY NOTICE AND OUR TERMS OF USE AND TO THE TRANSFER AND PROCESSING OF YOUR PERSONAL DATA IN THE UNITED STATES.

Scope and Definitions

What Personal Data We Collect

How We Collect Personal Data

How We Use Personal Data

How We Share Personal Data

Managing Communication Preferences

Children’s Privacy

EEA-Specific Disclosures

Links to Other Sites

Updates to Our Privacy Notice

Contact Us

Scope and Definitions

This Privacy Notice covers the Personal Data we collect through our provision of the Services. Please note this Privacy Notice does not apply to Dynavax’s processing of employee Personal Data. 

When we use the term “Personal Data”, we mean data that reasonably can be used to identify a living person or that reasonably relates to a living person (a “Data Subject”). 

When we use the term “Services”, we mean to refer collectively to: 

  • The websites dynavax.comheplisavb.com and any others owned and controlled by us that link to this Privacy Notice (“Sites”);
  • Prospective employee application processes (“Application Activities”); and
  • Our marketing and business development activities, including events we host (such as webinars) and social media properties we operate (“Marketing Activities”).

The Data Subjects we receive Personal Data from in providing the Services are:

  • Physicians and other health care professionals;
  • Clinical trial investigators;
  • Prospective research participants;
  • Researchers;
  • Service providers, contractors and consultants;
  • Job applicants;
  • Volunteers; and
  • Other individuals who interact directly with Dynavax or its business partners.

Dynavax may provide additional privacy notices to individuals at the time we collect their data. For example, we often provide a specific privacy notice to participants in research studies or clinical trials (collectively, “Research”) during the informed consent process that describes our privacy practices in connection with conducting Research. This type of an “in-time” notice will govern how we may process the information you provide at that time instead of this Privacy Notice.

What Personal Data We Collect

In connection with the Services, we collect:

  • Identification information including name, profession, email address, zip code and telephone number;
  • contact information including postal address and e-mail address, zip code and phone number;
  • health information including information about interest in our products;
  • professional and employment information including CV/resume details, professional and academic history, credentials, designations, licenses and personnel files;
  • service data including information on requests made and interactions with our Services; and
  • other background data includinginformation on criminal history/unlawful conduct in the case of job applicants.

How We Collect Personal Data

We collect this Personal Data in various ways, including:

  • Directly from the Data Subject including from users of the Services when you voluntarily submit information, when you register with us to receive information about research trials, when you register for events such as webinars, trainings, lectures, seminars, or workshops, when you submit a grant request, when you express interest in our expanded access program, when you apply for a job, send us an email, other correspondence or complete a form in connection with our Services;
  • Indirectly from other sources including from service providers and business partners that identify potential employment candidates, potential investigators, or prospective business partners or patient groups, or that coordinate events and programs for the Application Activities and Marketing Activities;
  • Publicly available sources including from social media platforms such as Facebook, Twitter, and Instagram and other publicly available databases; and
  • Automatic Collection Tools.  We automatically collect certain data from Data Subjects who visit the Sites that may be identifiable through the use of cookies or other data collection tools on the Sites that record certain usage information, such as the number and frequency of visitors to the Sites.  This information may include the websites that you access immediately before and after your visit to the Sites and which Internet browser you are using.  Please see our separate Cookies Policy to learn about how we use Cookies on the Site and your choices in relation to the use of Cookies.

How We Use Personal Data

We use Personal Data for a variety of business purposes. These purposes include:

  • managing, operating and growing our business, and administering the Services, including through the use of third party service providers;
  • complying with legal or regulatory obligations;
  • developing new resources and services;
  • processing and considering applications for employment, including evaluating and confirming your suitability for a position and accuracy of any information submitted;
  • monitoring and auditing compliance with internal policies and procedures, legal obligations and to meet requirements and orders of regulatory authorities;
  • developing and maintaining relationships with health care professionals, investigators, researcher, patients and caregivers;
  • communicating with you to respond to your inquiries and to provide technical or administrative support;
  • conducting Marketing Activities, communicating updates, invitations and other information that we believe may be of interest to you;
  • investigating and resolving disputes and security issues and enforcing our Terms of Use;
  • preventing, investigating and providing notice of fraud, unlawful or criminal activity, unauthorized access to or use of Personal Data, the website or our data systems, and to meet legal, regulatory, judicial and company policy obligations; and
  • for any other lawful, legitimate business purposes. 

How We Share Personal Data

  • Within Dynavax.  We share your Personal Data within Dynavax for the purposes set forth above. 
  • Service Providers.  We share Personal Data with third-party service providers who complete transactions or perform services on our behalf, such as health care professionals, contract research organizations or other medical institutions conducting Research on our behalf, data storage and analytics providers, recruiters, background check providers, event coordinators, market research providers, technology providers (including technology support providers, email communications providers and web developers) or those providers assisting with the Services.
  • Collaborations. We share Personal Data with third-party collaborators, such as medical institutions conducting Research in collaboration with us.
  • Regulatory, Legal Process, Safety and Terms Enforcement.  We may disclose Personal Data to governmental regulatory authorities, including in connection with monitoring, review and approval of our studies, products and services, financial disclosure obligations, adverse event reporting, and in response to their requests for such information or to assist in investigations. We may also disclose Personal Data to third parties in connection with claims, disputes or litigation, when otherwise required by law, or if we determine its disclosure is necessary to protect the health and safety of you or us, to protect against fraud or credit risk, or to enforce our legal rights or contractual commitments that you have made.
  • Business Transfers.  We may disclose Personal Data as part of a corporate business transaction, such as a merger, acquisition, joint venture, financing, or sale of company assets and may transfer Personal Data to a third party as one of the business assets in such a transaction. Personal Data may also be disclosed in the event of insolvency, bankruptcy, or receivership.

Managing Communication Preferences

If you have signed up to receive information from us (or where permitted by law, if you have provided us or we have obtained your contact information), we may send you email messages, direct mail information, push notifications, or other communications regarding products or services depending on the method of communication selected. You may ask us not to do so when you access our Services or change your preferences by updating any accounts you have with us. At any time, you may elect to discontinue receiving commercial messages from us by following the unsubscribe instructions in the form of the communication you received or by submitting an opt-out request to the contact information set forth in the Contact Us section below.

  • Printed Materials: To opt out of receiving printed marketing materials at your postal address, such as advertisements, flyers, or postcards, please submit an opt-out request to the contact information set forth in the Contact Us section below. Please be sure to include your name and mailing address exactly as they appear on the printed marketing materials you received.
  • Emails: To opt out of receiving marketing communications via email, please click on the unsubscribe link at the bottom of the email that was sent to you or submit an opt-out request to the contact information set forth in the Contact Us section below. Please note that you may continue to receive certain transactional or account-related electronic messages from us.

Children’s Privacy

The Sites are not intended for, or directed to, children under the age of 13. We do not knowingly receive Personal Data from children under the age of 13. If you are under the age of under the age of 13, do not provide us with any Personal Data either directly, through any website forms, or by any other means.  If you become aware that your child has provided us with Personal Data, please contact us at [Contact Email]. 

EEA-Specific Disclosures

For individuals in the European Economic Area (“EEA”), please see below for additional detailed disclosures.

ADDITIONAL INFORMATION FOR INDIVIDUALS IN THE EUROPEAN ECONOMIC AREA

The below information applies to any Data Subject located in the EEA. For the purposes of processing this Personal Data, Dynavax acts as a “data controller” and our headquarters is located in the United States at 2929 Seventh Street, Suite 100, Berkeley, CA 94710.

Legal Basis of Processing

In this section, we identify the lawful ground we rely on for processing Personal Data.

Consent

If Dynavax relies on consent for the processing of Personal Data, we will provide transparent notice of the purposes for which we seek such consent at the time we collect your Personal Data. 

If Dynavax wishes to process any special categories of Personal Data as set out in Article 9(1) of the EU’s General Data Protection Regulation, Dynavax may obtain your explicit consent for such processing. 

Contractual Necessity

Dynavax processes Personal Data to fulfill our contracts with our business partners and service providers, such as for rendering payment or communicating with health care professionals or consultants.

Legal Obligation

Dynavax may process Personal Data as specifically required by applicable legal obligations, such as laws and regulations that require Dynavax to process Personal Data for purposes of obtaining medical research approvals and spend transparency disclosures. 

Public Interest

Dynavax may process Personal Data for scientific or historical research purposes, or statistical purposes in the public interest, as authorized by applicable law.

If Dynavax wishes to process any special categories of Personal Data as set out in Article 9(1) of the EU’s General Data Protection Regulation, it may do so when necessary for scientific research purposes, medical diagnosis, or the protection of vital interests. 

Legitimate Interests

Dynavax may process Personal Data subject to its own legitimate interests, such as to develop, administer and support Research; to operate, evaluate and improve our business; to facilitate and manage patient advocacy and engagement programs; to promote scholarly research; to support our recruitment activities; or to facilitate a sale of assets or merger or acquisition.

It may be also necessary for Dynavax to process Personal Data to establish, exercise or defend against fraud, illegal activity, and claims and other liabilities, including by enforcing the Terms Of Use that govern the services we provide.

Compatible purposes

Dynavax may also process Personal Data for purposes that are compatible with those described above.  Such purposes may include scientific research. 

 

Data Retention

We retain Personal Data for as long as is necessary to accomplish the purposes set out in this Privacy Notice, unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights, in accordance with the principles set forth in Article 5(1) of the GDPR.

The criteria used to determine the period for which Personal Data about you will be stored varies depending on the legal basis under which we process such Personal Data:

Consent

For the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain Personal Data about you erased (see Data Subject Rights below).

Contractual Necessity

For the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the limitation period for legal claims that could arise from the contractual relationship.

Legal Obligation

For the duration of time we are legally obligated to keep the information.

Public Interest

For the period of time necessary to fulfill the purposes of the business process in the public interest and for any period of time that may be required under.

Legitimate Interests

For a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of the data subjects.

 

We may face any threat of legal claim and in that case, we may need to apply a “legal hold” that retains information beyond our typical retention period.  In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

Transfer of Personal Data Outside of the EEA

Dynavax processes your Personal Data in the United States, which does not provide the same level of data protection as the EEA.  Where your Personal Data is processed by Dynavax or third parties outside of the EEA, we will ensure that appropriate safeguards are in place to adequately protect your Personal Data, as required by applicable law, including the execution of standard contractual clauses if the recipients are not located in a country with adequate data protection laws (as determined by the European Commission) or certified under the EU-US Privacy Shield framework.

GDPR Data Subject Rights

Under the GDPR, in certain circumstances, an EEA-resident Data Subject has certain individual rights with respect to the Personal Data that we hold about them.  In particular, you may have the right to:

  • Request access to any data held about you;
  • Ask to have inaccurate data amended;
  • Request data held about you to be erased, provided the data is not required by Dynavax to perform a contract, protect its rights, interests or those of a third party, defend against a legal claim or to comply with applicable laws or regulations;
  • Prevent or restrict processing of data which is no longer required; and
  • Request transfer of appropriate data to a third party where this is technically feasible

Additionally, in the circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific purpose at any time.  Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

To exercise any of these rights, please contact us using the contact details set out under the “Contact Us” heading below.  As a resident of the EEA, you are also entitled to direct any complaints in relation to our processing of your Personal Data to your national or local data protection supervisory authority. 

Links to Other Sites

Our Sites contains links to other sites that are not owned or controlled by Dynavax. Please be aware that we are not responsible for the privacy policies of such other sites or how these sites operate or treat your Personal Data. We encourage you to be aware of this when you leave our Sites and to read the privacy policies and terms of use associated with each of these third party sites that collect personally identifiable information.

Updates to Our Privacy Notice

Dynavax is continually improving and adding new functionality and features to the Services. Because of these ongoing improvements, changes in the law and the changing nature of technology, Dynavax’s data practices will change from time to time. Accordingly, this Privacy Notice is subject to occasional revisions. We will notify you of changes by posting the new Privacy Notice on the Sites and updating the effective date of the Privacy Notice. Such changes to the Privacy Notice will become effective when posted. You acknowledge and agree that it is your responsibility to review this Privacy Notice periodically and become aware of modifications.

Contact Us

If you have any questions about this Privacy Notice or concerns about the way Dynavax processes your Personal Data, or require assistance in managing your privacy choices, please get in touch with us at:

Dynavax Technologies Corporation
2100 Powell Street Suite 720
Emeryville, CA 94608

Phone: +1.510.848.5100
Toll Free: +1.877.848.5100
Fax: +1.510.848.1327
privacy@dynavax.com

Cookies Policy

Our use of Cookies

We use cookies and related data collection technologies (“cookies”) to provide services, gather information when users navigate through the Site to enhance and personalize the experience, to understand usage patterns, and to improve our Sites, products, and services.

A cookie is a string of information, including a unique reference code, that a website stores on a visitor’s computer when visiting a website and that the visitor’s browser provides to the website each time the visitor returns.  A number of cookies we use will last only for the duration of your web session and expire when you close your browser.  Other cookies last longer and are used to recognize your computer when you return to the Site.

The cookies you receive from the Sites are served by Dynavax.  However some cookies served by us use code provided by a third party delivering analytical services on our behalf.  We and our service providers use the following categories of cookies:

  • Essential Cookies: These cookies are strictly necessary to provide you with features available through our Sites and to use some of their features, such as contact forms. Because these cookies are strictly necessary to deliver the Sites, you cannot refuse them without impacting how our Sites function.
  • Performance and Functionality Cookies: These cookies are used to enhance the performance and functionality of our Sites but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.
  • Analytics and Customization Cookies: These cookies collect information that is used to help us understand how our Sites are being used or how effective our Marketing Activities are, or to help us customize our Sites for you in order to enhance your experience.
  • Persistent Cookies: These record your visit to our Sites, recognize you as a previous visitor and track your activity on the Sites. These cookies qualify as persistent cookies, because they remain on your device for us to use during a next visit to our Sites. You can delete these cookies via your browser settings. See below for further details on how you can control persistent cookies.

Managing cookies

Most web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set.  You can review your Internet browser settings, typically under the sections “Help” or “Internet Options”, to exercise choices you have for certain cookies.

Please note that by blocking or deleting cookies used on the Sites, you may not be able to take full advantage of the Sites.

You can also learn more about how to manage all cookies across different types of browsers by visiting www.allaboutcookies.org.  The site includes additional useful information on cookies.

To learn more about the use of cookies by Google for analytics and to exercise choice regarding those cookies, please visit the Google Analytics Opt-out Browser Add-on

Please note that new services using cookies may be added to the Sites from time to time.  Accordingly, this Cookies Policy is subject to occasional revisions. We will notify you of changes by posting the new Cookies Policy on the Sites. Such changes to the Cookies Policy will become effective when posted.  Please review this Cookies Policy periodically and become aware of modifications.

Notice to California Residents

This Section only applies to users of our Services that reside in the State of California.

For purposes of this Notice to California Residents, the term “personal information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include publicly available information that is made available from federal, state, or local government records, nor does it include information collected in a clinical trial conducted in accordance with applicable regulations or guidelines on the protection of human subjects, patient information collected and maintained by us in compliance with HIPAA and/or the California Confidentiality of Medical Information Act, or anonymized data that cannot be used to identify you.

California privacy rights. In addition to the rights described elsewhere in this Privacy Policy, California residents have the right to: (i) request additional disclosures about the personal information we collect, use, disclose and sell; (ii) request access to and deletion of your personal information; (iii) opt out of the sale of your personal information; and (iv) obtain a copy of your personal information. We will not discriminate against you for exercising any of these rights, for example, by charging a different price or denying goods or services. However, we may charge a different price or rate or provide a different level or quality of goods or services when that difference is reasonably related to the value provided to you by the data.

Methods for submitting requests. If you wish to exercise any of these rights please email privacy@dynavax.com with the phrase “California Privacy Rights” in the subject line. You may also send a postcard to us at Dynavax Technologies Corporation, 2100 Powell Street Suite 720, Emeryville, CA 94608, complete a CCPA Request Form at one of our California locations, call us toll-free at 1-877-848-5100, or complete an online form at http://investors.dynavax.com/contact-us. We will review your request and respond accordingly. The rights described herein are not absolute, and we reserve all of our rights available to us at law in this regard. Additionally, if we retain your personal information only in de-identified form, we will not attempt to re-identify your data in response to a California privacy rights request.

If you make a request related to personal information about you, you will be required to supply a valid means of identification as a security precaution. We will verify your identity with a reasonably high degree of certainty using the following procedure where feasible: we will match identifying information you provide when making the request to the personal information maintained by us, or use a third-party identity verification service. If it is necessary to collect additional information, we will use the information only for verification purposes and will delete it as soon as practicable after complying with your request. For requests related to particularly sensitive information, we may require additional proof of your identity.

If you make a California privacy rights request through an authorized agent, we will require written proof that the agent is authorized to act on your behalf.

We will process your request within the timeframe provided by applicable law.

Additional Disclosures.

  • Categories of personal information we collect. In the previous 12 months, Dynavax has collected the following categories of personal information:
    • Identifiers such as names, dates of birth, and contact information;
    • Information protected by California Civil Code Section 1798.80, subdivision (e), such as names, contact information, financial information, and health insurance information;
    • Characteristics of protected classifications under California or federal law, such as age, ancestry, and medical condition;
    • Commercial information such as records of products or services purchased;
    • Biometric information such as genetic characteristics;
    • Internet or other electronic network activity information;
    • Professional or employment-related information;
  • Sources from which we collect personal information. Dynavax may collect personal information from you directly. Dynavax may also receive personal information about you from third parties or through automated means. For additional information on how we may collect personal information, refer to the section of this Privacy Policy above labeled “How We Collect Personal Data.”
  • Purpose for collecting or selling personal information. Your personal information may be collected or used for the purposes described in the section of this Privacy Policy above labeled “How We Use Personal Data,” as well as for other purposes that may be described to you at the time we collect your personal information.
  • Categories of third parties with whom we share your personal information. Dynavax may share your personal information with the third parties described in the section of this Privacy Policy above labeled “How We Share Personal Data,” as well as with other third parties as may be described to you at the time we collect your personal information.
  • Sale of personal information. In the preceding 12 months, Dynavax has not sold personal information.In the previous 12 months, Dynavax has disclosed the following categories of personal information for a business purpose:
    • Identifiers such as names, dates of birth, and contact information;
      • Information protected by California Civil Code Section 1798.80, subdivision (e), such as names, contact information, financial information, and health insurance information;
      • Characteristics of protected classifications under California or federal law;
      • Commercial information such as records of products or services purchased;
      • Biometric information such as genetic characteristics;
      • Internet or other electronic network activity information;
      • Professional or employment-related information;