Privacy Notice

Last Updated: December 2022 

1. Introduction and Scope of Privacy Notice

Defender Pharmaceuticals (“Defender”, “us”, “we”, “our”) knows that you care how information about you is used and shared, and we appreciate your trust that we will respect your privacy, and do so carefully and sensibly. 

This Privacy Notice informs you how and why we use your “Personal Data” (i.e., information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person or household) when you visit the “defenderpharma.com” website (”Website”) and informs you of your privacy rights in relation to your Personal Data.  

In particular, this Privacy Notice applies to Personal Data collected about you and Defender via the Website including, through forms on the Website and electronic correspondence between you and the Website. 

This Privacy Notice does not apply to Personal Data collected: 

    • by us (or our vendors), offline or through any other means including, should you enroll in a clinical study. In such cases, we will provide you with a further privacy notice addressing the processing of your Personal Data in this context;
    • through any of our other websites (including those specific to our clinical studies); or
    • by any third party, including through any application or content (including advertising) that may link to or be available from the Website.

 

By accessing the Website, you agree to our collection and use of Personal Data as described in this Privacy Notice and our Terms of Use. Contact details 

Controller of your Personal Data: 

Defender Pharmaceuticals 12935 North Outer Forty Drive, St. Louis, MO 63141 USA 

Attn : Privacy Officer 

mwanda@defenderpharma.com 

If you have any questions about this Privacy Notice, including any requests to exercise your privacy rights (as set out in Section 14.0 below) please in the first instance contact our DPO using the contact details set out above. 

2. Changes to the Privacy Notice and your duty to inform us of changes 

We reserve the right to modify this Privacy Notice at any time, so please review it frequently. If we make changes that materially affect our use of Personal Data or your privacy rights, we will announce the changes on our Website or, if appropriate, by email. 

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us. 

3. The Personal Data we collect about you 

We may collect, use, store, transfer and otherwise process different categories of Personal Data about you as set out below. 

  • Personal Identifier Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender. 
  • Contact Data includes email address and telephone numbers. 
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Website. 
  • Usage Data includes information about how you use our Website.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Special Categories of Personal Data: these are details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. 

4. If you fail to provide Personal Data 

Where we need to collect Personal Data by law, or under the terms of a contract we have with you and you fail to provide that Personal Data when requested, we may not be able to comply with our legal obligations, provide you with a service or perform the contract we have or are trying to enter into with you. In such case, we may have to terminate our relationship with you. 

5 . We use different methods to collect Personal Data from and about you including through: 

5.1 Direct interactions. You may give us your Personal Identifier Data, Contact Data and  Financial Data by filling in forms or by corresponding with us through the Website. This includes Personal Data you provide when you: 

inquire about our business; 

  • submit an inquiry via the Inquiry Form;  
  • sign up for email alerts; 
  • give us some feedback; or 
  • otherwise contact or interact with us. 

5.2 Automated interactions. As you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies, and other similar technologies. For information about our use of cookies, please see our Cookies Policy. 

5.3 Third parties (or publicly available sources). We may receive categories of Personal Data about you from various third parties and public sources as set out below: 

      • Technical Data from analytics providers such as Google; advertising networks and search information providers. 
      • Personal Identifier Data and Contact Data from publicly availably sources such as Companies House and the Electoral Register. 

6. Purposes for which we will use your Personal Data 

We have set out below, a description of the ways we use your Personal Data, and which of the legal bases we rely on to do so. 

Purpose/Activity Category of Personal Data Lawful basis for processing  

To manage our relationship with 

you which will include: 

(a) Notifying you about changes to our terms or privacy policy 

(b) Responding to your inquiry 

(a) Personal Identifier Data 

(b) Contact Data 

(c) Usage Data 

(d) Marketing and Communications Data 

(a) Performance of a contract with you (i.e., our Website terms) 

 

(b) Necessary to comply with a legal obligation 

(b) Necessary for our legitimate interests 

  • to keep our records updated; and 
  • to study how customers and clients use our products/services; 
To administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) 

(a) Personal Identifier Data 

(b) Contact Data 

(c) Technical Data 

(d) Usage Data 

(a) Necessary for our legitimate interests 

  • for running our business, 
  • provision of administration and IT services, network security, 
  • to prevent fraud and 
  • in the context of a business reorganization or group restructuring exercise. 

(b) Necessary to comply with a legal obligation 

To deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you 

(a) Personal Identifier Data 

(b) Contact Data 

(c) Usage Data 

(d) Marketing and Communications Data 

(e) Technical Data 

Necessary for our legitimate interests 

  • to grow our business and 
  • to inform our marketing strategy. 
To use data analytics to improve our Website, marketing, customer relationships and experiences 

(a) Technical Data 

(b) Usage Data 

Necessary for our legitimate interests 

  • to keep our Website updated and relevant; 
  • to develop our business; and, 
  • to inform our marketing strategy. 
To make suggestions and recommendations to you about goods or services that may be of interest to you 

(a) Personal Identifier Data 

(b) Contact Data 

(c) Technical Data 

(d) Usage Data 

(a) Necessary for our legitimate interests 

  • to develop our products/services; and, 
  • to grow our business. 
  1. If applicable law requires that we receive your consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your consent. If you wish to stop receiving marketing or market research communications from us you can unsubscribe via the link at the bottom of the relevant marketing e-mail or contact us using the contact details set out above. 

 

7. Disclosures of your Personal Data 

We may have to share your Personal Data with the parties set out below for the purposes set out in the table above. 

  • Internal Third Parties: other companies or departments in Defender where they e.g., provide IT and system administration services and undertake leadership reporting 
  • External Third Parties: service providers acting as processors e.g., who provide IT and system administration services 
  • Other Third Parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this Privacy Notice. 
  • Professional advisers: including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting and payroll services. 
  • HM Revenue & Customs, Regulators and other authorities who require reporting of processing activities in certain circumstances. 

We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law.  

We do not sell Personal Data collected through the Website. 

8. International transfers 

We are located in the US and Personal Data collected via the Website is hosted in the US. As such, if you are located outside of the US, your Personal Data collected via the Website will be transferred to the US at all times in accordance with data protection laws. 

Where we transfer your Personal Data to other recipients as identified in Section 10.0 above, we will only do so where such transfer is in compliance with applicable data protection laws, including, where required, implementing standard contractual clauses with the recipient, relying on the recipient’s Binding Corporate Rules, or by relying on a derogation such as, where the transfer is necessary for performance or a contract or the establishment or defense of legal claims. You can request further information in relation to international transfers (including a copy of any standard contractual clauses) by using the contact details set out above.  

9. Data security 

We are committed to protecting the security and privacy of your Personal Data. We maintain reasonable and appropriate technical, organizational, administrative and physical security procedures and practices designed to protect the security, confidentiality, and integrity of Personal Data.  While we are committed to safeguarding your Personal Data through our information security program, even the most stringent security program may not always be able to prevent all security breaches. 

10. Data retention 

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

11. Your privacy rights 

Under certain circumstances and depending upon the jurisdiction, country or state in which you are located, you may have rights under applicable data protection laws to: 

      • Request access to your Personal Data. 
      • Request correction of your Personal Data. 
      • Request erasure of your Personal Data. 
      • Object to the processing of your Personal Data. 
      • Request the processing of your Personal Data is restricted.
      • Request the transfer of your Personal Data to a third party; and. 
      • Withdraw consent to the processing of your Personal Data. 

If you wish to exercise any of the rights set out above, please contact our Privacy Officer. If you are located in the EEA/UK you also have the right to make a complaint to the competent supervisory authority. 

12. Additional disclosures for California residents 

The California Consumer Privacy Act of 2018 (the “CCPA”) grants California residents certain rights with respect to their Personal Data, including, as described below, the right to know about, and delete, their Personal Data.  These rights are subject to certain limitations, however, such as that they do not all apply to certain types of Personal Data, including information collected as part of a clinical trials that are subject to the U.S. Common Rule or other specific clinical practice guidelines that may apply to our work. Where exceptions to the CCPA apply to a request you submit, we will provide you with an explanation. Please click [here] for information about CCPA disclosures and rights.  

Collection of Personal Data  

In the 12 months preceding the date of this Privacy Notice, we may have collected the following categories of Personal Data (some of which may not be subject to CCPA), which we intend to continue to collect:  

  • Personal Identifiers, such as full name, zip code, email address, and telephone number, and internal protocol (IP) address. 
  • Protected Class Information such as age (over 40), date of birth, and gender.
  • Internet or Other Electronic Activity Data includes your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Website, and how you use our Website.

We collect Personal Data from you when you fill out forms and informational requests on our Website or when you contact us, and automatically, when you interact with our Website.   

Use of Personal Data 

We use the Personal Data we collect to provide you with the information you request, to evaluate your requests to participate in research studies and clinical trials.  We also use Personal Data about your use of our Website to monitor or improve our Website; for internal business analysis; to prevent fraud, activities that violate our Terms of Service or that are illegal; and to protect our rights and the rights and safety of our users or others. 

Disclosure of Personal Data For Business Purposes in the Past 12 Months 

The following chart describes the categories of Personal Data (some of which may not be subject to CCPA) that we disclosed to third parties for a business purpose in the 12 months prior to the date of this Notice:   

Categories of Consumers’ Personal Data Categories of Third Parties With Which We Shared Personal Data for a Business Purpose 
Personal identifiers: name, zip code, email address, telephone number, and IP address. Service providers that provide IT and hosting services in respect of this Website and clinical study recruitment services.  Study research sites for study and trial qualification purposes.  
Protected Class Information:  age (over 40), date of birth, and gender. Service providers that provide IT and hosting services in respect of this Website and clinical study recruitment services.  Study research sites for study and trial qualification purposes. 
Health information. Service providers that provide IT and hosting services in respect of this Website and clinical study recruitment services.  Study research sites for study and trial qualification purposes. 
Internet or Other Electronic Activity Data: your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Website, and how you use our Website. Service providers that provide IT and hosting services in respect of this Website and clinical study recruitment services.   

Additional Information About How We May Share Personal Data 

We may also share your Personal Data as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We may also share your Personal Data with third parties to help detect and protect against fraud or data security vulnerabilities.  And we may transfer your Personal Data to a third party in the event of a sale, merger, reorganization of our entity or other restructuring.  

We do not and have not sold any Personal Data to third parties. We do not sell the Personal Data of minors under age 16. 

Rights Related to Your Personal Data 

Right to request disclosure of information we collect or share about you.  You can submit a request to us for the following data regarding the Personal Data we have collected about you in the 12 months prior to our receipt of your request (a “request to know”): 

      • The categories of Personal Data we have collected. 
      • The categories of sources from which we collected the Personal Data. 
      • The business or commercial purposes for which we collected the Personal Data. 
      • The categories of third parties with which we shared the Personal Data.
      • The categories of Personal Data we disclosed for a business purpose, and for each category identified, the categories of third parties to whom we disclosed that particular category of Personal Data. 
      • The specific pieces of Personal Data we collected. 

Right to request the deletion of Personal Data we have collected from you.  Upon request, we will delete the Personal Data we have collected about you, except for situations where specific information is necessary for us to provide you with a product or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. 

The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us. 

How can you make a request to exercise your rights? To submit requests to know or delete, please contact our Privacy Officer at [toll-free number] or mwanda@defenderpharma.com. 

How we will handle a request to exercise your rights. For requests to know or delete, we will first acknowledge receipt of the request within 10 business days of receipt of your request.  We will provide a substantive response to your request within 45 days from receipt of your request, although we may be allowed to take longer to process your request under certain circumstances.  If we expect your request is going to take us longer than normal to fulfill, we’ll let you know. 

When you make a request to know or delete your Personal Data, we will take steps to verify your identity.  These steps may include asking you for Personal Data, such as your name, address, or other information we maintain about you.  If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request.  We will notify you to explain the basis of the denial. 

You are also entitled to submit a request for Personal Data that could be associated with a household as defined in the CCPA.  To submit a request to know or delete household Personal Data, such requests must be jointly made by each member of the household, and we will individually verify all of the members of the household using the verification criteria explained above, and separately verify that each household member making the request currently resides in the household.  If we are unable to verify the identity of each household member with the degree of certainty required, we will not be able to respond to the request.  We will notify you to explain the basis of our denial. 

You may also designate an authorized agent to submit requests on your behalf.  If you do so, you will be required to verify your identity by providing us with certain Personal Data as described above.  Additionally, we will also require that you provide the agent with written and signed permission to act on your behalf, and we will separately confirm with you that you provided the agent with permission to submit the request.  We will deny the request if the agent is unable to meet submit proof to us that you have authorized them to act on your behalf or if any of the above verification criteria are not met. 

We are committed to honoring your rights.  If you exercise any of the CCPA rights explained in this Privacy Policy, we will continue to treat you fairly. 

Shine the Light 

California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California residents asking about the business’ practices related to the disclosure of certain types of Personal Data to third parties for the third parties’ direct marketing purposes.  We do not disclose Personal Data to such entities, for such purposes. 

Do Not Track 

“Do Not Track” signals are options available on your browser to tell operators of websites that you do not wish to have your online activity tracked. We do not engage in the collection of personally identifiable information about your online activities over time and across third-party websites or online services, nor do we allow other parties to do so through our Website.  Accordingly, we do not process or comply with automated browser signals regarding tracking mechanisms, which may include “do not track” instructions. 

13. Children’s Personal Data 

We will not knowingly collect, use or disclose Personal Data from minors under the age of 18, without obtaining prior consent from a person with parental responsibility.  We do not sell the Personal Data of minors under age 16. 

14. Third party websites 

The Website displays social media buttons.  When you click on any of those buttons, your Personal Data may be transferred to these companies and they may also set cookies or other tracking technologies on your browser.  The privacy policies and terms of use of each of those companies govern the collection and use of your Personal Data when you click on their buttons on our Website. 

Our Website may also contain links to other websites that we do not operate and for which this Privacy Notice does not apply.  We encourage you to read the privacy policies of all of the destination websites you visit. 

15. Accessibility 

We are committed to making our website accessible to everyone. We have built our website in a manner to work with assistive technologies using the Worldwide Web Consortium’s Website Content Accessibility Guidelines (WCAG 2.1). We continuously evaluate our website to maintain and expand its accessibility for all visitors. 

If you have difficulty using or accessing any element of this website or have other questions regarding other reasonable modifications or auxiliary aids, please contact us at mwanda@defenderpharma.com.  

16. Contact Information 

If you have any questions about this Privacy Notice or our data protection policies, please contact us at mwanda@defenderpharma.com.