Privacy Policy
This Privacy Policy was last reviewed on June 4, 2024.
1) PURPOSE OF THIS PRIVACY POLICY
This Privacy Policy (the “Policy”) for, Chiesi USA, Inc., with offices at 175 Regency Woods Place, Suite 600, Cary, NC 27518 (“Chiesi” or “we”), describes how we collect, use, disclose, and otherwise process your Personal Information.
We use the term “Personal Information” to mean information that may be used to identify you personally; this includes, for example, name, email address, physical address, telephone number, and any other information that can be used to reasonably identify you.
In this Privacy Policy, we will refer to the websites, forms, mobile applications, and digital services that may link to or post this Privacy Policy collectively as “Websites.”
Our Websites may contain links to third-party websites/content/services that are not owned or controlled by Chiesi. Chiesi is not responsible for how these third-party properties operate or treat your Personal Information, so we recommend that you read the privacy policies and terms associated with these third-party properties carefully.
This Privacy Policy applies to:
- Websites or forms that link to this statement when you click on "Privacy" in the web page footer.
- Mobile applications and digital services that link to or post this Privacy Policy.
- Participation in any Chiesi events that reference this Privacy Policy.
- Participation in any Chiesi program, including patient assistance programs or patient education program that reference this notice.
- Any other instance where this Privacy Policy is linked or referenced.
2) WHAT PERSONAL INFORMATION DO WE COLLECT?
a) When you visit our Websites:
- Identifiers: Information that identifies you directly or could be used to identify you.
Examples include: First name, last name, email address, phone number, job title and description, institutional association, IP address, device and/or browser ID, date of birth, NPI Number, age or age group, gender, information required to request a prescription, other demographic information, and other data that identifies or could identify you or your online activity - Usage Information: When you visit our Websites, we automatically collect the following types of information during your use and navigation of our Websites (“Usage Information”): how you navigated to the Websites, your browser type (to ensure compatibility between our Website and your browser), the domain name of the websites that allowed you to navigate to our Websites, time spent on our Websites, web pages viewed, frequency of visits, which calculator tools you used on our web/mobile applications and for how long, form submission data, and other relevant statistics about your use of our Websites.
- Geolocation-IP Information: Information about where your computer or device is approximately located (at the city or state level).
- Inferences: Information we can determine or estimate about you based on information we collect about you.
b) When you attend or participate in a Chiesi event:
- Identifiers: Full name, email address, phone number, job title and description, institutional association, date of birth, age or age group, gender, and other demographic information.
c) When you enroll in a Chiesi program, such as our patient assistance programs:
- Identifiers: Full name, email address, phone number, date of birth, age or age group, gender, and other demographic information.
- Sensitive Personal Information: Information about your health condition(s), diagnoses, treatments, lab results, and medications.
Please note, this list is not conclusive and Chiesi may collect some or all of these Personal Information types in other instances where this Privacy Policy is linked or referenced.
3) HOW DO WE COLLECT OR RECEIVE PERSONAL INFORMATION?
a) Forms: When you complete and submit or update a form, registration, survey, or profile (collectively, “Form”), we collect the Personal Information that you included in the Form for the business purposes described in the Form and in this Privacy Policy.
b) Recording: We may record any Chiesi-conducted calls, training sessions, webinars, or similar events that you participate in. We will take commercially reasonable efforts to inform you prior to the recording and provide you with the opportunity to object to the recording.
c) Cookies and Other Tools: When you visit our Websites we use cookies and other identifiers to collect information about your online activity and usage, including identification of your IP address to keep track of your browsing patterns and to build a demographic profile.
d) Publicly Available Information: Where permitted by applicable law, we may augment the Personal Information we have about you with information obtained from third-party publicly available sources. For example, to verify licensure of healthcare professionals, we may use Personal Information in conjunction with information lawfully obtained from a licensing board.
4) HOW DO WE USE YOUR PERSONAL INFORMATION?
We may use your Personal Information for the following purposes, as permitted by applicable law:
a) To facilitate the reason you provided the information and/or as described to you when collecting your Personal Information, including our programs.
b) To facilitate and deliver services, products, and information, including our events.
c) To maintain and improve our Websites.
d) To create, maintain, customize, and secure your account with us.
e) To communicate with you and complete, process, and fulfill your requests, payments, and transactions.
f) To perform and enforce contracts with you or with third parties.
g) To tailor marketing programs and campaigns, conduct market research analysis and surveys.
h) To serve ads to you about Chiesi products and disease states.
i) To perform activities necessary to ensure compliance with applicable national, state, provincial and other applicable laws, including to comply with regulatory monitoring and reporting obligations such as those related to adverse events, product complaints, patient safety, and financial disclosures, to respond to requests from government authorities, and to protect the legal interests of yours, ours or third parties, such as to protect against fraud.
j) In the event that some or all of our assets are acquired by or merged with a third-party entity or in connection with a proposed or actual merger, acquisition, sale, or other change of control, we may use or transfer some or all of the Personal Information that we have collected about you to determine whether to proceed with the transaction and execute the transaction if we decide to do so.
5) HOW DO WE SHARE YOUR PERSONAL INFORMATION?
We may share your Personal Information in the following situations, as permitted by applicable law:
a) Within Our Family of Companies. Chiesi and its subsidiaries, affiliates, and its parent company may share your Personal Information amongst and between each other for the purposes set forth in this Privacy Policy.
b) Service Providers. We share your information with affiliated and unaffiliated service providers as necessary for them to provide services to us, subject to appropriate confidentiality and data protection agreements. Service providers assist us with data analysis, customer service, web hosting, website development, government and regulatory compliance reporting, and other activities related to the management of our business and provision of our products and services.
c) Interest-Based Advertising and Third-Party Marketing. We may allow third-party advertising partners to set tracking tools on our Websites to collect information regarding your online activity. We may also use this and other Personal Information with third-party advertising partners. These advertising partners may use this information (and similar information collected from other Websites) to provide you with more relevant advertisements when you visit Websites within their networks. This practice is commonly referred to as “interest-based advertising” or “online behavioral advertising.”
d) Legal Compliance. We will share information for legal reasons as we believe appropriate to: (a) satisfy any applicable law, regulation, judicial process, court order, legal process, or proper government request; (b) enforce any agreement we may have entered into with you; (c) detect, prevent, or otherwise address fraud, security or technical issues; (d) protect against harm (whether tangible or intangible) to the rights, property or safety of ours, our users or the public; and (e) establish or exercise our rights, defend against a legal claim, and investigate, prevent or take action regarding possible illegal activities or a violation of our policies.
e) Professional Advisors. We may disclose Personal Information to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services they provide to us.
f) Mergers and Acquisitions. We may provide Personal Information to a potential or actual buyer in connection with a proposed or actual merger, acquisition, sale, or other change of control, as described above.
g) Aggregate and De-identified Data. Chiesi may also disclose aggregate or de-identified data that is not personally identifiable to third parties for any purpose.
h) Other Disclosures with Your Consent. We may ask you to share your information with other recipients not described elsewhere in this Privacy Policy.
6) HOW DO WE PROTECT PERSONAL INFORMATION?
We have implemented a variety of security measures and technologies intended to help protect Personal Information from unauthorized access, use, disclosure, alteration, or destruction. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us by contacting us at us.privacy@chiesi.com.
7) YOUR DATA RIGHTS – OPT-OUT AND CHOICE
a) General. Under certain data protection laws, you may have certain rights regarding your Personal Information. If you have questions or concerns regarding Chiesi’s processing of your Personal Information, our privacy policies, or if you’d like to exercise your rights under data protection laws, please contact us at us.privacy@chiesi.com or as described in Section 14. Where you have provided opt-in consent to the use of your Personal Information, we will also give you the option to opt-out in a similar manner, as required by law.
b) Email Communication. To opt out of promotional emails, you can use the unsubscribe link at the bottom of the email or email us.privacy@chiesi.com. We may send you other non-promotional emails that you will not be able to opt out of (e.g., communications regarding updates to this Policy).
c) Do Not Track and Global Privacy Control Signals. Do Not Track (“DNT”) and Global Privacy Control (“GPC”) are privacy preferences that users can set in certain web browsers to inform websites and services that they do not want certain information about their webpage visits collected over time and across Websites or online services. You may choose to enable online, where available, DNT or GPC signals to opt out of the collection and sharing of Personal Information related to your website activity.
8) EU, UK, AND SWITZERLAND – CONTROLLER, LEGAL BASES, AND DATA SUBJECT RIGHTS
a) Data Controller. For residents of the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland, Chiesi USA, Inc. is the controller responsible for the Personal Information collected on our Websites.
Chiesi USA, Inc. will process your Personal Information in accordance with the following data protection laws, where applicable:
- For data subjects in the UK, the UK Data Protection Act 2018 (“DPA 2018”), United Kingdom Data Protection Regulation (“UK GDPR”), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”) and any legislation implemented in connection with the aforesaid legislation.
- For data subjects in Switzerland, the revised Federal Act on Data Protection (“FADP”) and the Swiss Federal Act against Unfair Competition (“UCA”).
- For data subjects in the European Union, the General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”), and any legislation implementing the EU GDPR. This includes any legislation amending or updating the EU GDPR.
b) Personal Information. Please refer to Section 2 “WHAT PERSONAL INFORMATION DO WE COLLECT?”.
c) Purposes. Please refer to Section 4 “HOW DO WE USE YOUR PERSONAL INFORMATION?”.
d) Legal Bases. Chiesi only processes, stores, or transfers your Personal Information when we have a legal basis for doing so. We may rely on the following legal bases:
- Legitimate Interest: Where processing of your Personal Information is necessary for the purposes of Chiesi’s legitimate interests, except where Chiesi’s interests are overridden by your interests or fundamental rights and freedoms which require protection of Personal Information.
- Consent: Where processing of your Personal Information may occur when you have given consent to the processing for one or more specific purposes.
- Legal Obligation: Where processing of your Personal Information is necessary for compliance with legal obligations to which Chiesi is subject.
- Contractual Obligation: Where processing of your Personal Information is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
e) Recipients of your Personal Information. Please refer to Section 5 “HOW DO WE SHARE YOUR PERSONAL INFORMATION?”.
f) Rights. If you are a citizen of a country in the European Economic Area, UK, or Switzerland, you have the right to:
- Be informed about the processing of your Personal Information.
- Access your Personal Information.
- Receive or have your electronic Personal Information transferred to another party in certain circumstances.
- Correct your Personal Information where it is inaccurate or incomplete.
- Request deletion of your Personal Information, within certain exceptions.
- Request restriction of or object to processing of your Personal Information, where applicable.
- Not be subject to automated decision-making, including profiling, which have a legal or similarly significant effect on you.
You can exercise the rights above by emailing us at us.privacy@chiesi.com or by contacting us at 1-866-271-8587.
g) Data Retention. Please refer to Section 9 “DATA RETENTION”.
h) Cross-Border Transfers. Chiesi USA, Inc. is a US-based affiliate of Chiesi Farmaceutici S.p.A. If you are an individual located outside of the United States, please be aware that information we collect may be transferred to and processed in the United States and elsewhere outside the United States. Any cross-border transfers of are supported by an approved adequacy mechanism where required by data protection laws, such as the Standard Contractual Clauses.
i) Supervisory Authorities. In the EU, each Member State has a Supervisory Authority that regulates data protection and privacy matters. In the UK, The Information Commissioner’s Office (“ICO”) regulates data protection and privacy matters. In Switzerland, the Federal Data Protection and Information Commissioner (FDPIC) regulates data protection and privacy matters. Based on your location of residence, you can make a complaint to any of these Supervisory Authorities about Chiesi’s use of your Personal Information.
9) U.S. STATE-SPECIFIC PRIVACY DISCLOSURES
The following provisions apply to the Personal Information of California, Colorado, Connecticut, Utah, Texas, Oregon, and Virginia residents processed by Chiesi, whether collected online or offline. These provisions supplement the other sections of the Privacy Policy.
Based on your state of residence other privacy laws might apply. To determine the applicability of such laws, each request will be evaluated individually, on a case-by-case basis by Chiesi.
a) Sharing of Personal Information for Advertising Purposes
Chiesi may use your Personal Information for advertising purposes. For example, we may gather information via a retargeting cookie placed on your internet browser. The information we receive allows us to serve you ads on other websites, based on your visit to our Websites. If you would like to opt-out of the sharing of your Personal Information to show you advertisements on other websites, please email us.privacy@chiesi.com.
b) Categories of Personal Information that we collect and disclose
Listed below are the categories of Personal Information about California, Colorado, Connecticut, Utah, Texas, Oregon, and Virginia residents that we may collect, disclose, sell, or share for a business purpose. For more information about the categories of third-parties with whom we sell or share your Personal Information, refer to the “HOW DO WE SHARE YOUR PERSONAL INFORMATION” Section above.
In particular, we have collected, disclosed, sold, or shared the following categories of Personal Information from our consumers within the last twelve (12) months:
|
Category |
Examples |
Collected? |
Disclosed for a Business Purpose? |
Sold or Shared? |
|
Identifiers. |
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, National Provider Identifier (NPI), Medicare provider number, driver's license number, passport number, or other similar identifiers. |
YES |
YES
Within Our Family of Companies
Service Providers
Third-Party Advertisers
Legal Compliance |
YES, SHARED |
|
Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). |
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. |
YES |
YES
Within Our Family of Companies
Service Providers
Third-Party Advertisers
Legal Compliance |
YES, SHARED |
|
Protected classification characteristics under California or federal law. |
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
YES |
YES
Within Our Family of Companies
Service Providers
|
NO |
|
Commercial information. |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, including prescribing data. |
YES |
YES
Within Our Family of Companies
Service Providers
|
YES, SHARED |
|
Biometric information. |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
YES |
YES
Within Our Family of Companies
Service Providers
Legal Compliance
|
NO |
|
Internet or other similar network activity. |
Website navigation, browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. |
YES |
YES
Service Providers
Third-Party Advertisers
|
YES, SHARED |
|
Geolocation data. |
Physical location or movements. |
YES |
YES
Within Our Family of Companies
Service Providers
Third-Party Advertisers
Legal Compliance |
YES, SHARED |
|
Audio/Visual. |
Audio, electronic, or visual recordings, or similar information. |
NO (Except in instances where explicit consent is granted.) |
NO
|
NO |
|
Professional or employment-related information. |
Current or past job history or performance evaluations. |
YES |
YES
Within Our Family of Companies
Service Providers
Third-Party Advertisers
Legal Compliance
|
YES, SHARED |
|
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
YES |
YES
Within Our Family of Companies
|
NO |
|
Inferences drawn from other Personal Information. |
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
YES |
YES
Within Our Family of Companies
Service Providers
Third-Party Advertisers
|
YES, SHARED |
|
Sensitive Personal Information. |
Personal Information including your Social Security number, driver’s license number, state identification card number, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; racial or ethnic origin, religious or philosophical beliefs, or union membership status. |
YES |
YES
Within Our Family of Companies
Service Providers
|
NO |
c) Individual Consumer Rights
- Right of Access - The right for a consumer to access (a) the categories and specific pieces of personal information we collect, use, disclose, sell, or share about you, (b) the categories of sources from which we collected your personal information, (c) our purposes for collecting or selling your personal information, (d) the categories of your personal information (if any) that we have either sold, shared, or disclosed for a business purpose, (e) the categories of third parties with which we have sold or shared personal information, (f) or some combination of similar information.
- Right of Correction - The right for a consumer to request that incorrect or outdated Personal Information be corrected.
- Right of Deletion - The right for a consumer to request that we delete the Personal Information we have collected from or maintain about them.
- Right of Restriction - The right for a consumer to limit our use and disclosure of their Personal Information.
- Right of Portability - The right for a consumer to request their Personal Information be disclosed in a common file format.
- Right to Opt-Out of Sales - The right for a consumer to opt out of our sale(s) or sharing (if any) of your Personal Information.
- Right Against Discrimination - The right for a consumer not to receive discriminatory treatment for the exercise of the privacy rights conferred by applicable laws.
- Right Against Automated Decision-Making: The right for a consumer not to have a decision made about them based solely on an automated process without human input.
d) How to Exercise Your Consumer Rights
Based on your state of residence, you may have some or all of the rights included above in the “INDIVIDUAL CONSUMER RIGHTS” Section of this Privacy Policy. Consumers must submit their privacy requests by emailing us at us.privacy@chiesi.com or by contacting us at 1-866-271-8587. Only you, or someone legally authorized to act on your behalf, may make a privacy request. We will verify and respond to your request consistent with data protection laws. We may need to verify your identity before completing your privacy request. We may request additional personal information from you, such as your home address, email address and government issued ID, to protect against fraudulent requests.
e) Authorized Agent Requests
You may authorize someone to make a privacy request on your behalf (an authorized agent). Authorized agents will need to demonstrate that you’ve authorized them to act on your behalf.
In California, authorized agents must be registered with the California Secretary of State to conduct business in California or must demonstrate they have power of attorney pursuant to applicable probate law. We retain the right to request confirmation directly from you confirming that the agent is authorized to make such a request, or to request additional information to confirm the agent’s identity. An authorized agent is prohibited from using a consumer’s personal information, or any information collected from or about the consumer, for any purpose other than to fulfill the consumer’s requests, for verification, or for fraud prevention.
f) Appeals
If you are a resident of the above listed U.S. States, you may have the right to appeal Chiesi’s refusal to act on a submitted privacy request. To submit an appeal, please email us.privacy@chiesi.com.
g) Data Retention
We will keep your Personal Information for as long as we are permitted based on the purpose(s) for which it was obtained. We decide how long we need Personal Information on a case-by-case basis, and we may consider the following criteria to determine an appropriate retention period: (a) the length of time we have an ongoing relationship with you and provide a website, information, product, or service to you; (b) whether there is a legal obligation to which we are subject; or (c) whether retention is advisable in light of our legal position.
If we determine your Personal Information is no longer necessary using the factors above, we will generally destroy or anonymize that information.
h) CCPA Regulations §999.317(g)(2) Metrics Requirement
During the previous twelve (12) months, Chiesi received the following number of requests from residents of California:
|
Request Type |
Received |
Complied with in |
Denied |
Median Number of Days |
|
Requests to know |
0 |
0 |
0 |
N/A |
|
Requests to delete |
0 |
0 |
0 |
N/A |
|
Requests to opt-out |
0 |
0 |
0 |
N/A |
10) COOKIES, PIXELS, ANALYTICS, SOCIAL NETWORK ICONS, AND INTERNET-BASED ADVERTISERS INFORMATION
Chiesi may use cookies, pixel tags, social media widgets, and internet-based advertisers to automatically collect information.
a) Cookies. A “cookie” is a small piece of information sent by a Web server to a Web browser that enables the server to collect information from the browser. Cookies are stored on your device’s hard drive.
Most cookies collected through our Websites are “session cookies” that are automatically deleted when the user closes their browser at the end of a session. However, some cookies collected through our Websites are “persistent cookies” and may be stored on the user’s computer for a specified length of time, even after the browser is closed at the end of a session.
Under data protection laws, you may decline certain cookies. For example, non-essential cookies. If you do so, however, you may be required to re-enter your previously submitted information each time you visit our Websites, and some Website features may not function properly.
Data collected by cookies is largely used to monitor our Websites and improve their usability. However, we can also use cookies to identify your IP address when you visit our Websites to keep track of your browsing patterns and to build a demographic profile.
b) Pixels. A pixel is a piece of code embedded on our Websites that collect information about how you engage with a given web page. Pixels allow us to determine web pages you’ve accessed or advertisements you’ve interacted with. Specifically, some of our Websites also include a Facebook pixel which helps track engagement from Facebook ads, optimize ads based on collected data, build targeted audiences for future ads, and remarket to qualified leads – people who have already taken some kind of action on our Websites.
c) Social Media Icons. We use Social Media icons (“Icons”) of the following online social networks (collectively, the “Social Networks”) on certain webpages of our Websites to provide certain online content and features:
- Facebook.com, operated by Meta Platforms, Inc.
- Instagram.com, operated by Meta Platforms, Inc.
- X.com, operated by X Corp.
- Google.com, operated by Google LLC
- Youtube.com, operated by YouTube LLC
These Icons are labeled with the corresponding Social Network.
When you visit a webpage on our Websites containing a particular Icon your browser establishes a direct connection with the server of the corresponding Social Network. As a result, the Social Network will receive a notification that your browser has accessed that webpage of our Websites on which the Icon appears. In addition, if you interact with that Icon, such as by clicking Facebook’s “Like” button, the corresponding Social Network will receive information about your interaction. If you have logged into your account associated with that Social Network, the Social Network will be able to associate the above information with your account.
Please refer to the privacy policies of the above-listed Social Networks to learn more about the ways in which and purposes for which they collect, use, disclose and process your Personal Information, as well as your choices and rights with respect to their processing of your Personal Information.
d) Analytics and Internet-Based Advertisers. We may use Google Analytics, which uses cookies and similar technologies to collect and analyze information about your use of our Websites and report on activities and trends. This service may also collect information regarding your use of other Websites, apps and online resources. You can learn about Google’s practices by going to http://www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout/
11) WHAT IF YOU DO NOT WANT TO PROVIDE YOUR PERSONAL INFORMATION?
You can always choose not to share your Personal Information with us when prompted to share. If you object to the processing of your Personal Information, or if you have provided your consent to the processing and later choose to withdraw it, we will respect your choice in accordance with our legal obligations. This could mean that we may be unable to perform the actions necessary to achieve the purposes set forth above, or you may be unable to make use of the services and products that require the processing of your Personal Information.
12) CHILDRENS' PRIVACY
We may update this Privacy Policy from time to time to reflect changes to our information processing practices. When we change this Privacy Policy in a material way, we will update the effective date at the beginning of the document. We will also provide you with notice of changes and obtain your consent to any such changes where and as required by applicable law. We encourage you to review this Privacy Policy periodically for the latest information on our information processing practices.
13) UPDATES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes to our information processing practices. When we change this Privacy Policy in a material way, we will update the effective date at the beginning of the document. We will also provide you with notice of changes and obtain your consent to any such changes where and as required by applicable law. We encourage you to review this Privacy Policy periodically for the latest information on our information processing practices.
14) CONTACT US
If you have questions about the processing of your Personal Information or Chiesi data privacy policies or would like to be connected with our privacy team, please contact us at 1-888-203-1064 or at us.privacy@chiesi.com or write to us at the following address:
Chiesi USA, Inc.
175 Regency Woods Place Suite 600
Cary, NC 27518
Attn: Legal Department
CA Notice at Collection
Chiesi USA, Inc. California Consumer Privacy Act (“CCPA”) Notice at Collection
Effective: March 4, 2024
Last Reviewed: March 4, 2024
This California Consumer Privacy Act (“CCPA”) Notice at Collection is provided by Chiesi USA, Inc.
Under the CCPA, Personal Information is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.
Below is an explanation of (1) the Categories of Personal Information that Chiesi USA, Inc. (“we”) collects, uses and discloses about California residents and (2) the business purposes for which we collect, use, and disclose the same.
For more information regarding Chiesi USA, Inc.’s privacy practices, please see our Privacy Policy at https://www.chiesiusa.com/privacy.
A. CATEGORIES OF PERSONAL INFORMATION THAT WE COLLECT AND DISCLOSE
Listed below are the categories of Personal Information about California residents that we collect and disclose for a business purpose.
In particular, we have collected the following categories of Personal Information from our consumers within the last twelve (12) months:
|
Category |
Examples |
Collected? |
Disclosed for a Business Purpose? |
Sold or Shared? |
|
A. Identifiers. |
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, National Provider Identifier (NPI), medicare provider number, driver's license number, passport number, or other similar identifiers. |
YES |
YES
Within Our Family of Companies
Service Providers
Legal Compliance |
YES |
|
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). |
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. |
YES |
YES
Within Our Family of Companies
Service Providers
Legal Compliance |
YES |
|
C. Protected classification characteristics under California or federal law. |
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
YES |
YES
Within Our Family of Companies
Service Providers
|
NO |
|
D. Commercial information. |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
YES |
YES
Within Our Family of Companies
Service Providers
|
NO |
|
E. Biometric information. |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
YES |
YES
Within Our Family of Companies
Service Providers
Legal Compliance
|
NO |
|
F. Internet or other similar network activity. |
Website navigation, browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. |
YES |
YES
Service Providers |
YES |
|
G. Geolocation data. |
Physical location or movements. |
YES |
YES
Within Our Family of Companies
Service Providers
Legal Compliance |
YES |
|
H. Audio/Visual. |
Audio, electronic, or visual recordings, or similar information. |
NO (Except in instances where explicit consent is granted.) |
NO
|
NO |
|
I. Professional or employment-related information. |
Current or past job history or performance evaluations. |
YES |
YES
Within Our Family of Companies
Service Providers
Legal Compliance
|
YES |
|
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
YES |
YES Within Our Family of Companies
|
NO |
|
K. Inferences drawn from other Personal Information. |
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
YES |
YES
Within Our Family of Companies
Service Providers |
YES |
|
L. Sensitive Personal Information |
Personal Information including your Social Security number, driver’s license number, state identification card number, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; racial or ethnic origin, religious or philosophical beliefs, or union membership status |
YES |
YES
Within Our Family of Companies
Service Providers
|
NO |
B. WHY DO WE COLLECT YOUR PERSONAL INFORMATION AND HOW DO WE USE IT?
We may collect and use your Personal Information for the following purposes, as permitted by applicable law:
- To facilitate the reason you provided the information and/or as described to you when collecting your Personal Information.
- To operate our business.
- To deliver services, products, and information.
- To maintain and improve our website.
- To create, maintain, customize, and secure your account with us.
- To communicate with you and complete, process, and fulfill your requests, payments, and transactions.
- To perform and enforce contracts with you or with third parties.
- To tailor marketing programs and campaigns, conduct market research analysis and surveys.
- Legal Compliance and Interests. To perform activities necessary to ensure compliance with applicable national, state, provincial and other applicable laws, including to comply with regulatory monitoring and reporting obligations such as those related to adverse events, product complaints, patient safety and financial disclosures, to respond to requests from government authorities, and to protect the legal interests of yours, ours or third parties, such as to protect against fraud.
- Mergers and Acquisitions. In the event that some or all of our assets are acquired by or merged with a third-party entity or in connection with a proposed or actual merger, acquisition, sale, or other change of control, we may use or transfer some or all of the Personal Information that we have collected about you to determine whether to proceed with the transaction and execute the transaction if we decide to do so. We will use your Personal Information as permitted by applicable law and take any steps required by law in connection with these activities.
C. DATA RETENTION
We will keep your Personal Information for as long as we are permitted based on the purpose(s) for which it was obtained. We decide how long we need Personal Information on a case-by-case basis, and we may consider the following criteria to determine an appropriate retention period: (a) the length of time we have an ongoing relationship with you and provide a website, information, product, or service to you; (b) whether there is a legal obligation to which we are subject; or (c) whether retention is advisable in light of our legal position.
If we determine your Personal Information is no longer necessary using the factors above, we will generally destroy or anonymize that information.
California Notice of Financial Incentive
California Notice of Financial Incentive
Chiesi USA, Inc. ("Chiesi," "we," "our" or "us") may offer compensation to consumers related to the collection, retention, or processing of Personal Information that may be deemed a "financial incentive" or "price or service difference" under the California Consumer Privacy Act of 2018 ("CCPA") as amended by the California Privacy Rights Act of 2020 ("CPRA"). These offerings may involve collecting, processing, or retaining certain categories of Personal Information from consumers who participate. As used herein, "you," or "your" means a "consumer" as defined by the CCPA. The categories of Personal Information we collect, process, or retain are as follows:
- Identifying data such as name, surname, initials, e-mail address, and any additional data voluntarily shared by you in connection with your participation in our initiatives or surveys.
- Pictures, photographs, audio and/or video recordings, and digital images shared in connection with our initiatives.
Chiesi also may collect, process, or retain the following categories of Sensitive Personal Information:
- Health data including your diagnosis, treatment, symptoms, and your experience with the disease in connection with your participation in our initiatives or surveys.
Programs where Chiesi may offer compensation to you related to the collection, retention, or processing of your Personal Information may include:
Participation in our surveys: We may offer opportunities to participate in surveys. In exchange for participation, you may be offered a financial incentive, such as compensation. As part of these surveys, we may collect the categories of Personal Information or Sensitive Personal Information mentioned above. Participation in surveys is governed by the applicable terms and conditions for the survey, which will describe any financial incentives associated with that survey and how to participate; these terms will be presented to you at the time you receive the survey. You can terminate participation at any time as will be explained in the survey terms. Our good faith estimate of the value of your Personal Information is the value of the benefit we offer to you. We have calculated such value by using the expense related to the benefit.
Providing your personal story for use in our initiatives: We may offer opportunities to provide your personal story for use in our initiatives. Provision of your personal story is governed by the patient story agreement, which will describe any financial incentives and how to participate; these terms will be presented to you at the time you receive the agreement. You can terminate participation at any time as will be explained in the patient story agreement. Our good faith estimate of the value of your Personal Information is the value of the benefit we offer to you. We have calculated such value by using the expense related to the benefit.
Providing your name, image, and likeness for use in our initiatives: We may offer opportunities to provide your name, image, and likeness for use in our initiatives. Provision of your name, image, and likeness is governed by the name, image, and likeness agreement, which will describe any financial incentives and how to participate; these terms will be presented to you at the time you receive the agreement. You can terminate participation at any time as will be explained in the patient story agreement. Our good faith estimate of the value of your Personal Information is the value of the benefit we offer to you. We have calculated such value by using the expense related to the benefit.
By participating in any of the above Programs, you agree that the benefits are reasonably related to the value of the Personal Information collected and retained.
Participation in our Programs is always optional, and you can terminate Program participation at any time by contacting those listed in any survey or agreement you receive. You can also contact us at us.privacy@chiesi.com.
