Privacy Policy
IVERIC bio, Inc. (“we” or “IVERIC bio”) is committed to protecting the personal information of all individuals who visit our websites or otherwise interact with us, including prospective and current participants in our clinical trials, clinical trial investigators and other healthcare professionals, our employees and contractors, our business and academic collaborators, investors and members of the public. This privacy policy contains information about the personal information that we or our affiliates collect about you, how we use and share that information, the security measures we take to protect that information, your rights to that information, and how you can contact us about our privacy practices and your personal information held by us.
This privacy policy also applies to your use of our websites (including our corporate website, www.ivericbio.com) and how our websites collect your personal information, including through the use of cookies. Please note that other sites you may visit, including third-party sites linked from any of our websites, may have their own privacy policies and we are not responsible for the content or practices of those websites.
IVERIC bio may provide additional fair processing notices to individuals at the time when we collect or process your personal information. For example, we provide in the informed consent forms for our clinical trial participants information on the use of their personal data in conducting the clinical trial. This privacy policy is meant to supplement, but not limit, the information in those notices.
Our privacy policy is not a contract and does not create any legal rights or obligations. We may amend this privacy policy at any time.
What Personal Information We Collect About You
In general, we will not collect any personal information about you unless you provide it to us voluntarily. You are not required to provide any personal information as a condition of visiting any of our websites. However, we may collect and process your personal information in order to provide certain services to you, or for us to perform under a contract with you or your organization. If you have any questions about the personal information you may need to provide for those purposes, please ask the relevant IVERIC bio contact.
You may provide personal information to us through the “Contact Us” page of our websites or by communicating with us through other means. For example, you may inquire about enrolling in a clinical trial we are sponsoring, or if you apply for an open position in our company. You may contact us through interacting with our employees or contractors.
The types of personal information we may collect and process include:
- General information, such as names, mailing or email addresses, phone numbers, date of birth, gender, photographs and government-issued IDs
- Professional information, such as job titles, education and professional qualifications, professional networks, and programs and activities in which you participate
- Financial information, such as tax identification numbers and bank account information
- Health and genetic information, such as diseases or conditions you may have, medical history and records, and diagnostic testing results
- Digital information such as any digital identifiers (e.g., usernames, Twitter handles), IP addresses and data transmitted via cookies.
For health and genetic information, we generally do not collect that information directly and instead receive it from third parties such as our clinical trial sites. Our practice is for that information to be pseudonymized – in other words, replacing any personally identifiable information, including the name of the clinical trial participant, with codes to render the individual difficult to identify. While pseudonymization protects the identity of the individual and we do not intend to know the identity of the individual, it is still possible that the identity of the individual may be learned from the data that we collect if it is combined with data that third parties may have.
We may collect digital information about you automatically from the device you are using when visiting any of our websites, including through the use of cookies placed on your device and other technical means. For more information, please see the Cookies section below.
We may combine the personal information you provide with other information about you that we gather from other sources, including publicly available information on the Internet.
Why We Collect and Process Personal Information
We only collect and process your personal information for our legitimate business purposes and if permitted by applicable laws, which may vary depending on where you live and where we operate. These laws include, for example, the General Data Protection Regulation of the European Union (the GDPR), which applies to the collection and processing of personal data of individuals located in the European Union. For purposes of the GDPR, IVERIC bio is the “controller” of your personal data.
The purposes of processing personal information may include:
- Conducting clinical trials and other research and development activities: for example, recruiting clinical trial investigators and participants for our clinical trials, and analyzing the data from our clinical trials and submitting them to regulatory authorities
- Complying with regulatory requirements and other applicable laws: for example, reporting any issues relating to drug safety to regulatory authorities, and complying with requirements relating to financial disclosures
- Performing under a contract between you or your organization and us: for example, paying service providers for the services they provide to us
- Recruitment and employment: for example, responding to applications from candidates for open positions, conducting background checks, and processing payroll and benefits for employees
- Healthcare professional outreach and business development activities: for example, identifying and engaging with key opinion leaders and other healthcare professionals, and responding to and pursuing business development opportunities
- Other marketing activities: for example, inviting individuals to our and industry events, and conducting outreach to investors
- Maintenance of websites and our operations: for example, maintaining and improving our websites, including their functionality and any personalized features
- Any other purposes that are relevant to the relationship between IVERIC bio and you
For personal data subject to the GDPR, we will not collect or process that information unless we have a lawful basis to do so under the GDPR. The principal lawful bases that we rely on include:
- Legitimate interests: We conduct most of our data processing activities under this lawful basis, in pursuit of legitimate interests pursued by us (such as those listed in the above bullets) or by a third party. We balance those interests against any risks to your rights from our data processing activities and do not pursue any data processing to the extent the potential harm to your rights outweighs our legitimate interests.
- Performance of a contract: We process personal data to the extent necessary to perform under a contract with you or your organization, or if requested by you or your organization to enter into a contract with us.
- Legal obligation: We may need to process personal data to comply with a law or legal process to which we are subject.
- Consent: We will have obtained your consent before processing your personal data for one or more specific purposes. You are free to withdraw your consent at any time.
How We Process and Share Your Personal Information
We process and disclose personal information when reasonably necessary to pursue our legitimate business objectives and when required by law (for example, responding to subpoenas or requests from governmental authorities). If we are legally required to disclose any personal information, we will take reasonable steps to protect that personal information and limit disclosure to what is required.
We use service providers and other third parties to help us collect and process personal information on our behalf. These third parties include clinical trial sites, data management vendors, contract research organizations and contract development and manufacturing organizations, travel and payment processing vendors, communications vendors, and technology support vendors. These third-party processors are permitted to use your personal information only as directed by IVERIC bio and in accordance with all applicable laws, and are prohibited from using or disclosing your information for any other purpose. We generally require that our processors have adequate organizational and technical measures in place to protect your personal information from unauthorized access, use or disclosure, and we endeavor to take measures, such as routine audits, to ensure compliance. However, please keep in mind that these measures are not guaranteed to prevent all unauthorized access, use or disclosure.
We may share your personal information with our business partners and collaborators in a manner consistent with this privacy policy and applicable law. We may also disclose personal information to our affiliates, who are subject to the same privacy provisions as us, and to our professional advisers, contractors and agents on a need-to-know basis, all of whom are subject to stringent confidentiality obligations.
We may need to transfer your personal information in connection with a corporate reorganization, or acquisition or combination with another entity.
Cross Border Transfers
IVERIC bio is headquartered in the United States and we use service providers across the world. As part of our data processing activities, we may transfer your personal information across borders, including into countries whose laws protecting personal information may not be as robust as your home country’s laws. We endeavor to take reasonable steps to have adequate safeguards in place to protect your personal information when it is transferred across borders.
If we transfer any personal data from the European Economic Area to third countries not deemed by the European Commission to have an adequate level of personal data protection, we will use adequate safeguards or other lawful means to make the transfer in accordance with the GDPR. Currently, we and our processors generally rely on European Commission-approved standard contractual clauses for these types of transfers.
Data Retention
We aim to retain your personal information for no longer than as needed for the specific business purpose(s) for which it is collected. However, we and our processors may be required by law to retain certain personal information for a longer period. We or our processors may also need to retain personal information for accounting or insurance purposes, or to establish, defend against or respond to legal claims.
Security Measures To Protect Your Personal Information
We have implemented reasonable and industry-standard security measures to protect our physical and electronic systems from unauthorized access, use, alteration and disclosure of information under our control. We routinely test those measures and update them as needed to protect our information security systems. We generally require the same from our data processors.
However, even with those measures, we cannot guarantee that unauthorized access, use, alteration or disclosure of personal information will not occur. You should understand that your use of our websites is subject to the same limitation and information submitted through our websites may be compromised. In particular, we encourage you not to submit any sensitive personal information, such as health information or financial information, through any of our websites.
Your Rights to Your Personal Information
You have certain rights to your personal information held by us, which may depend on the laws that apply (such as the GDPR). These rights may include:
- Access: the right to obtain additional information concerning our processing of your personal information, and to obtain a copy of your personal information held by us
- Correct: the right to request that we correct or update any inaccuracies or incompleteness in your personal information held by us
- Erase: in certain circumstances, the right to request that we delete all personal information about you held by us
- Restrict: in certain circumstances, the right to restrict our processing of your personal information
- Object: if we rely on legitimate interests to process your personal information, the right to object to us continuing to process your personal information
- Withdraw Consent: if we rely on your consent to process your personal information, you may withdraw the consent at any time. Withdrawing consent, however, does not affect the lawfulness of our processing your personal information before the consent was withdrawn (and we may continue to process your personal information after you withdraw your consent if we have a lawful basis to do so)
- Transfer: in certain circumstances, the right to request that we transfer a machine-readable copy of your personal information to you or a third party designated by you
- Opt Out: the right to request that we stop sending you any direct marketing communications. If so, we may continue to send you service-related and other non-marketing communications
See the “Contact Us” section below about how to exercise your rights. Your request will be forwarded to the most appropriate IVERIC bio team member. Depending on the nature of the request, you may be required to provide additional information (including as required to verify your identity). We will use reasonable efforts to comply with your request in a timely manner.
Information for Clinical Trial Participants
As a biopharmaceutical company, one of our principal activities is sponsoring and conducting clinical trials of our product candidates. The purposes of these clinical trials are to evaluate those product candidates in humans to determine whether they are safe and effective treatments for the intended diseases. Clinical trials are subject to stringent oversight by regulatory authorities such as the U.S. Food and Drug Administration (FDA) and the European Medicines Agency (EMA).
We collect and process the personal information of prospective and enrolled participants in our clinical trials. In our clinical trials, clinical trial sites collect the participant’s name, medical history and other relevant personal information from individual clinical trial participants and then will pseudonymize any personally identifiable information into codes that make it difficult to identify the individual to whom such information belongs. This key coded data may be associated with information relating to ethnicity, gender, date of birth and other health or medical information. Coded study data will only be used for research purposes, including follow-up regarding the safety and effectiveness of the study medication. Only authorized members of the study investigator’s staff, our personnel or the third parties that help us conduct the clinical trial will have access to this data. We may transfer the coded study data outside your country in order to further analyze the data, share with our business partners and submit the data to regulatory authorities.
We will not have access to the names or contact details of clinical trial participants, and we do not seek to identify our clinical trial participants. We encourage you to contact your clinical trial site and the clinical trial investigators to learn more about how your personal information is processed by them and to exercise your rights to your personal information.
We may also share information collected during the study with outside scientists and other collaborators for further scientific research in the interest of public health. We will not provide information about your identity to those scientists and collaborators.
We and our clinical trial sites are required by law to retain certain information collected during clinical trials for certain periods of time following conclusion of the trials. We may need to share this information with regulatory authorities in accordance with applicable laws. Following the customary retention period, we may elect to securely archive the clinical trial data.
Please refer to your informed consent form for more detailed information about our processing of your personal information in conducting the clinical trial.
Information for Current and Prospective Employees and Contractors
We process personal information to identify potential and actual applicants and to evaluate job applications. The information processed may include information such as your name and contact details, your job title, education information, professional qualifications, work experience, publications and scientific activities, and activities or programs you participate in.
In the course of considering an application and upon starting work with us, we may process other personal information for human resources purposes, such as government-issued ID numbers, tax status, bank account details, details of disability/workplace accessibility needs, personal and family background information, travel and expenses information, emergency contact details, and benefits related information.
If you are a current employee, please refer to the employee handbook and other IVERIC bio policies for additional information on how we may use or process your personal information.
Information for Healthcare Professionals
We may collect information about you from our business partners, industry or patient groups or other public sources, such as publicly available information on the Internet. We generally collect your name, contact information and your professional information, including your areas of expertise, your professional affiliations and activities and programs that you participate in. We use this information to help identify key opinion leaders and prospective clinical trial investigators and to help us with outreach to potential clinical trial participants.
We may use the above information for sending you communications regarding IVERIC bio’s clinical trials and other programs. You may opt out of those communications at any time.
Children
Our websites are not intended or designed for children or minors under the age of 18. Without the prior authorization of his or her parent or legal guardian, we do not collect personal information from any individual whom we know to be under the age of 18.
Cookies
Cookies are small data files that are placed on your device by websites you visit. They are used widely to make websites work more efficiently, including to enhance user experience, as well as to provide information about website visitors to website owners. Our websites currently use both necessary or functional cookies to maintain and enhance the website experience for visitors, as well as performance or tracking cookies to analyze site usage. Note that our Investor Relations website is hosted by a third-party domain and it deposits its own cookies.
Most web browsers allow some control of cookies through browser settings. Please keep in mind that if you set your browser to reject cookies, your user experience when visiting websites may be affected.
We may provide a separate cookies notice and settings regarding our use of cookies on some of our websites or any mobile applications we may develop.
For more information about cookies, including how to manage and delete them, please visit www.allaboutcookies.org.
Contact Us
If you have any questions about this privacy policy or the personal information we collect or process about you, or to exercise any of your rights to your personal information, please contact us at:
privacy@ivericbio.com
Attn: Legal Department – Privacy
Email is the best option to reach us and we endeavor to acknowledge and respond to your email promptly. If you wish to reach us via mail, our address is below. Please note that given the COVID-19 pandemic, our response time may be delayed if you choose to contact us via mail.
IVERIC bio, Inc.
1249 South River Road, Suite 107
Cranbury, NJ 08512
United States
Attn: Legal Department – Privacy
If you are a citizen or resident of the European Union or the United Kingdom, in lieu of contacting us, you may contact our GDPR Article 27 & UK Representative, DataRep (formerly DPR Group). For more information, please click here.
Changes to this Privacy Policy
We may modify or update this privacy policy from time to time by posting the updates on this page. If there are material changes, we may place a prominent notice on this page or on our websites’ homepages.
Updated September 2020