1. General
This Privacy Policy describes how Exeltis USA, Inc. as part of Exeltis Pharmaceuticals Holding, S.L. and all its subsidiaries located in Spain, EU or third countries (hereinafter, jointly referred to as “Exeltis,” “we,” “us” or “our”) processes the information collected from you (“you” or “User”) when registering or navigating through the website https://slynd.com (hereinafter, the “Website”), owned by Insud Pharma, S.L.U.
Please read carefully this Privacy Policy as it contains important information concerning the personal data of Users and how we use it. Exeltis and all its subsidiaries located in Spain, EU or other countries are globally known as Insud Pharma Group (hereinafter, “Insud Pharma Group”). Please find additional information about Insud Pharma Group here.
Exeltis dedicates all its efforts to respect the privacy and security of the Users and undertakes to use personal data in accordance with applicable data protection law.
2. Categories of personal data and purposes of the processing
Users may use some functionalities of the Website without having to provide Exeltis any personal data. However, for certain functions, Users shall provide personal data in order to register for certain services, receive newsletters or other information of interest. In addition to the information you provide directly to Exeltis, we collect certain information automatically from you when you visit our Website and from sources like advertising or marketing networks, data analytics providers, social media networks, data brokers, and other service providers or third parties.
Personal data collected through the Website will be duly incorporated in databases under the responsibility of Exeltis which will be registered in Exeltis’ record of processing activities.
We also inform the Users that fields requested in forms marked with an asterisk, or as otherwise noted, are mandatory. In this sense, if the requested information is not provided, we will not be able to carry out the service.
Below, we have specified the categories of personal data we collect and the purposes for which we use such data. We also provide examples of how long we will keep the personal data, as further described in section 8, and our legal basis for processing the personal data, as further described in section 11.
A. Users communications and customer service
This category includes any personal data provided by the User during their communications with Exeltis, for example in communications with our customer service providers through our Website (including in chat form) for the purpose of addressing your inquiries, incidents or claims. This usually includes identifiers like name and contact information. In this sense, if the User has made any request or suggestion through our contact forms, we will process the personal data in order to answer it.
The legal basis for the processing of these personal data is consent when the Users provide their data through the contact forms.
B. Contact with nurse professionals
The Website enables Users to contact our nurses in order to provide you further information, solve any doubts or any questions regarding the use of Slynd. To do so, Users may contact our nurses through the contact channels enabled on the Website for this purpose.
Our nurse team is duly qualified and provide these services in accordance with the requirements of the applicable regulations. In no case shall the information provided by nurses as a medical diagnosis or recommendations for making medical decisions about User’s health. For an individual diagnosis and advice, Users shall contact their personal healthcare professionals.
The legal basis for the processing of this personal data is the consent of the Users when they provide their data through the contact channels provided.
C. Pharmacovigilance
The information provided by the User spontaneously or through contact channels for the processing and reporting of any adverse effect or reaction will be processed by Exeltis and Insud Pharma Group in order to comply with pharmacovigilance legal requirements, follow up with possible adverse reactions and solve any query that may be raised by Users.
If necessary, your personal data may be shared with the competent health authorities, companies which hold a marketing authorization of the product or other entities of the Insud Pharma Group.
The legal basis for the processing of this personal data is the consent given by Users when providing their personal data spontaneously or submitting the forms provided for these purposes, as well as for compliance with legal obligations regarding drug safety and pharmacovigilance.
D. Health information
We collect information about you that may relate to or indicate your health or health status. This includes information about your interest in and use of our prescription products, and any supporting information (for example, demographic information, other medications). We collect this primarily through our nurse professionals and pharmacovigilance activities, noted above, as well as our patient savings or equivalent programs. We also collect this information when you interact with and view content on our Website, as described further below.
E. Newsletter and commercial communications
If you subscribe to any of our notification or messaging services, we will use the email address provided by the User to provide the service. If the User has subscribed to any product, service or functionality, we may also communicate with the User to inform him or her of other similar products or candidatures that may be of interest.
If the User no longer wishes to receive e-mails, he or she may unsubscribe at any time by using the opt-out feature enabled in each e-mail message or by contacting us at dataprotection@insudpharma.com.
The legal basis for this processing is consent, when the User checks the box implemented in the specific form. Likewise, Exeltis, based on its legitimate interest, may send the Users or customers information about products and services. We will delete your email address once you have opted-out, unless it is also used for any other purposes listed in this Privacy Policy.
F. Marketing
Information about Users online searches (clicks and views), settings on our Website, requests for information and / or their contact history, and information about Users’ product and service preferences and interests may be subject to processing by Exeltis. This information allows us to use different means to manage the relations with our customers and commercialize our products and services through e-mail or online advertising which may include customizing the content of the Website and offers in order to suit User preferences.
You may at any time object to this processing (for more information on how to do this, please read sections 6 and 9).
We use this personal data based on our legitimate interest in order to improve our products and services.
G. Social media information
This includes Users’ account names, handles, biographies, and other details made available on social media networks.
H. Information about the use of our Website
Exeltis collects information automatically obtained by the Website related to the identification of the User’s computer equipment, use and navigation habits.
Said information includes data regarding language, pages or sections of the Website, keywords, date, time, amount of time the User expends in certain types of webpages, which section of the page he has visited, and similar information related to the use of the Website. This also includes items like IP address, device and browser identifiers and approximate geolocation. Exeltis may collect this information in visual form when you visit the Website, including video snippets of your activity on the Website, as well as by using cookies and similar tracking technologies. To obtain additional information please visit our Cookies Policy.
We use this personal data based on our legitimate interest in order to improve our products and services.
Exeltis may combine your personal data with other information provided by the User or collected from the Website as above mentioned. In those cases, all combined information will be processed as personal data during the period the information remains combined.
I. Services maintenance and optimization
Users’ personal data will also be used for the maintenance and analysis of our Website, solve any problem, improve availability and protect the Website against fraud (for example, in case of repeated log attempts or non-compliance with our terms and conditions, by persons under the legal age). Analytics also allow us to check whether the online services we offer work effectively in order to improve them whenever possible.
The use of User’s personal data for these purposes is necessary based on our legitimate interest and will be retained for the expiration periods detailed in our Cookies Policy.
J. Comply with our legal obligation
We may need to process your personal data to comply with legal obligations binding or accepted by us. Likewise, we may need to provide information to and as required by local law enforcement agencies, other government authorities, or otherwise required by law or to protect the rights and safety of our property, company, employees and customers.
3. How we use personal data
In addition to the examples provided above, we may use your personal data in the following ways:
- To provide, operate, maintain and protect our Website;
- To provide and facilitate our products and services, including the patient savings and related discount, reimbursement, education or support programs;
- To analyze and improve our Website, including developing new products, functionalities or services;
- To communicate with you, respond to your inquiries, fulfil your orders and to send you information by email, postal mail, telephone, text message, notifications or other means about our products and services;
- To promote, conduct or distribute educational or promotional content or events, including events that may be in person, and to support our marketing and advertising activities, including delivering personalized advertising;
- To enhance and help us better understand your browsing experience, needs and preferences and provide consistent, personalized services and experiences across our Website;
- To protect the security or integrity of the Website, including to perform security analyses to verify that the Website are working properly and have not been compromised based on our legitimate interests;
- To protect us, our users and the public, and comply with applicable law, regulation or legal process, including to validate user information for fraud and risk detection purposes, resolve disputes and protect the rights of users and third parties, respond to claims and legal process (such as subpoenas and court orders), fulfill our reporting obligations, monitor and enforce compliance with our contracts and otherwise detect, prevent or stop any activity that may be illegal, unethical or legally actionable; and
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by us about Users is among the assets transferred.
4. How we disclose personal data
Sometimes it is necessary to disclose your personal data with other Exeltis subsidiaries, companies of the Insud Pharma Group, service providers or third parties in order to guarantee the correct provision of the Website. We may share such information with the following:
- Insud Pharma Group companies due to the use of shared computer systems, which may be located in the European Economic Area (EEA) or in third countries.
- Business partners who offer products or services jointly with Exeltis.
- Service providers, to the extent necessary for the provision of a service.
- Companies involved in advertising, including social media networks.
- Law enforcement, government agencies, or parties in a legal proceeding.
- Third parties in the context of a merger or similar business transaction.
Such entities may be located in the United States, other countries in the European Economic Area or anywhere else in the world. When we keep personal data outside the EEA, we guarantee an adequate level of protection of the transferred data. To this purpose, we require service providers to take appropriate measures to protect the confidentiality and security of personal data.
Exeltis may disclose User’s personal data to any public administration, when required by law and compelled to do so by such authorities. All data communications will always be carried out in compliance with the applicable data protection law.
5. Security
Exeltis cares to ensure the security and confidentiality of Users’ personal data. Therefore, we have implemented several security measures and technical means to prevent the loss, misuse or access to the personal data without the User permission in accordance with the national data protection laws and the GDPR.
Nevertheless, it is also the User responsibility to control his or her personal information, therefore Exeltis asks and encourages all Users to be careful sharing information and content. Exeltis shall not control the content and information the User chooses to share with other Users and, therefore, Exeltis is not responsible for the consequences of the Users own actions.
Exeltis pledges (i) to act rapidly and in a responsible manner in the event the Users personal data security is deemed at risk, and (ii) to report it in accordance with our legal obligations.
In case of a personal data breach, Exeltis undertakes to notify the relevant data protection authority without undue delay after becoming aware of such breach, in accordance with applicable law. Likewise, when the personal data breach is likely to result in a high risk to the rights and freedoms of Users, Exeltis will communicate the personal data breach and the measures taken to mitigate the risks and adverse effects to Users, or as otherwise required by law.
6. Cookies
We and our third-party vendors use cookies, pixel tags, or other tracking technologies to collect much of the information referred to in this Privacy Policy. Cookies are small text files containing small amounts of information that are downloaded and can be stored on your user device, for example, your computer, smartphone or tablet. These tracking technologies are sometimes necessary to remember your account settings, language and country, but they also allow us to track and analyse Users behaviour on our Website and to display personalised advertisements on our Website or on third party websites. These tracking technologies gather information and personal data over time and across different websites about you. Where necessary, you will be asked to consent to the use of these tracking technologies. To obtain additional information on how cookies are used on the Website and its deactivation please visit the Cookies Policy.
Please note that our Website does not currently recognize “Do Not Track” signals. However, our Website may recognize certain opt-out preference signals, such as the Global Privacy Control, in which case, the we will process these signals as requests to opt out of targeted advertising and requests to not “sell” your personal data according to applicable state law. You may set such a signal through your browser or browser extension.
7. Minors
We will never knowingly request personal data from anyone under the age of 18. The Website is not targeted to or intended for use by children. Accordingly, we do not have actual knowledge that we sell or share the personal data of consumers under the age of 16 years old. However, if we learn that we have received personal data from a child under the age of 18 without appropriate parental consent, we will delete that information from our database.
8. Data retention
We retain personal data for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the Website to you (for example, for as long as you are participating in our patient savings program);
- Whether there is a legal obligation to which we are subject (for example, we are required to keep records of your transactions for a certain period of time); or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).
9. Users rights concerning data protection
At any time, Users may request to exercise the below data protection rights, pursuant to applicable law. These rights may differ depending on your place of residency, including the European Union, the United Kingdom, California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia, and Vermont. Please note that the below data protection rights are subject to exceptions, such as bringing defence against legal claims.
- Right to Confirm Processing, Access, and/or Obtain a Copy (referred to in some places as a Data Subject Access Request): If you ask us, we will confirm whether we are processing your personal data. Additionally, upon request, we will provide you with a copy of all personal data you are lawfully entitled to receive, potentially including specific pieces of information, along with certain other details.
- Right to Amend: If you believe your personal data is inaccurate or incomplete, you may request that we correct it.
- Right to Delete: You may request that we delete your personal data, but should note that this right is limited and subject to certain exceptions as prescribed by applicable law.
- Right of Portability: You may request that we move, copy, or transfer the electronic personal data that we hold about you to another organization.
- Right to Revoke Consent and/or Opt Out of Certain Processing Activities: You may ask us to restrict or stop the processing of your personal data. This includes general requests and requests in specific contexts, such as if we process personal data that is considered “sensitive” under applicable U.S. state laws or engage in certain automated decision-making activities.
- Right to Opt Out of Targeted Advertising: Targeted advertising is the practice of serving you tailored advertisements based your personal data gathered over time and across other businesses, websites, applications, or services. Some jurisdictions may refer to this as “sharing.” You have the right to opt out of this practice.
- Right to Opt Out of Sales: Because we engage in targeted advertising, we may “sell” your personal data according to some state privacy laws. The information that we use for targeted advertising includes information that may indicate your interest in or use of our prescription products. You may request that we not “sell” your personal data.
- Right to Non-Discrimination: We will not discriminate against you for exercising Data Subject Rights, but we may charge a reasonable fee as permitted by law in fulfilling these rights, such as if you request multiple copies of your personal data.
- Right to Appeal: If we deny your request to exercise a Data Subject Right, you may have the right to appeal the decision with us. If you would like to appeal a prior decision, please be sure to include information about your prior request so that we may locate our earlier determination.
- Right to Lodge a Complaint: You may submit a complaint to the competent supervisory authority in the country or state in which you live if you have any concerns about our processing of your personal data.
For the exercise of any of the abovementioned rights, the User, or their authorized agent, may contact Exeltis by email, addressing the request to dataprotection@insudpharma.com, indicating as reference: “EXERCISE OF RIGHTS” and identifying the right to be exercised. In order to process your request, we may ask you to verify your identity by confirming your name, e-mail address, phone number, or other identifiable information that we have in our records, such as most recent interaction with us, if applicable.
10. Additional Disclosures for California Residents
If you reside in California, please read this section for additional disclosures about how we collect, use, and disclose information about you under the California Consumer Privacy Act (or “CCPA”) (California Civil Code Section 1798.100 et seq.).
- Categories of Personal Information Collected: In the previous 12 months, we have collected the personal information listed in the section “Categories of personal data and purposes of processing” above. This information falls into the following categories under the CCPA: identifiers; categories of personal information described in Cal. Civ. Code 1798.80(e); commercial information; geolocation information; audio, electronic, or visual information; internet or electronic network activity information; inferences drawn from the above categories. Additionally, we collect the following “sensitive” personal information: information concerning your health and contents of messages that you send to our customer service providers and nurse team.
- Sensitive Personal Information Uses or Disclosures: We use or disclose “sensitive” personal information for purposes other than those specified by the CCPA. You may limit such use and disclosure.
- Business or Commercial Purpose for Collecting and Selling Information: We collect personal information for the business and commercial purposes described in “Categories of personal data and purposes of processing” and “How we use personal data” above.
- Categories of Sources of Personal Information: We collect personal information from and about you as described in “Categories of personal data and purposes of processing” above.
- Categories of Third Parties with Whom We Disclose Information: We may disclose your personal information with third parties as described in “How we disclose personal data” above.
- Categories of Personal Information Disclosed: In the preceding 12 months, we have disclosed the categories of personal information listed in “Categories of personal data and purposes of processing” for the reasons described in “How we use personal data” above.
- Sale or Share of Personal Information: Because we engage in the practice of cross context behavioral advertising, also known as online targeted advertising, we may “sell” and/or “share” your personal information as those terms are defined by the CCPA. In the preceding 12 months, we may have “sold” or “shared” identifiers, commercial information, health information and internet or electronic network activity information with data analytics, advertising networks, and/or social media networks.
11. Additional Information for Residents of the European Economic Area and the United Kingdom
For personal data subject to the GDPR, we will not collect or process that information unless we have a lawful basis to do so under the GDPR. The principal lawful bases that we rely on include:
- Legitimate interests: We process your personal data in connection with meeting our legitimate business objectives (such as those listed above) or those of a third party. We balance those interests against any risks to your rights from our data processing activities and do not pursue any data processing where the potential harm to your rights outweighs our legitimate interests.
- Performance of a contract: We process personal data to the extent necessary to perform our obligations under a contract with you or your organization, or if requested by you or your organization to enter into a contract with us.
- Legal obligation: We may need to process personal data to comply with a law or legal process to which we are subject.
- Consent: If we rely on consent as a lawful basis for processing your personal data we will obtain your consent before processing your personal data for one or more specific purposes. You are free to withdraw your consent at any time.
12. Privacy policy updates
Exeltis reserves the right, in our sole discretion, to modify or replace this Privacy Policy. Your continued use of the Website after any such changes constitutes your acceptance of the new Privacy Policy.
Please review this Privacy Policy every so often in order to acknowledge any possible modifications. If you do not accept this Privacy Policy, partially or as a whole, or any subsequent modification, please discontinue any use of the Website immediately.
13. Contact
If you have any further questions about the use of your personal data or about our Privacy Policy, you can contact Insud Pharma’s Group Data Protection Officer by email through dataprotection@insudpharma.com.
Effective Date: July the 10th, 2024