European Privacy Policy

SCOPE OF DISCLOSURES

While we are based in the United States, our Services may be accessed by residents of the European Economic Area (“EEA”), Switzerland, and the United Kingdom (“UK”). The following European Privacy Notice applies to our processing of personal data of residents of the EEA, Switzerland, and the UK (“you”).

Elevar is the controller of the personal data we hold about you in connection with your use of the Services. This means we determine and are responsible for how your personal data is used.

Please note that this European Privacy Notice does not apply to personal data processed by our CRO partners during our Studies. Such processing of your personal data is done in accordance with the privacy notices of our CRO partners.

PERSONAL DATA DISCLOSURES

A. Personal Data We Collect and How We Use It

We collect, use and otherwise process personal data as set out in the “The Information We Collect and the Sources of Such Information” and “How We Use Your Information” sections of our Privacy Policy. If you choose not to provide such personal data, you may not be able to use the Sites, participate in the Studies, or otherwise engage in the Services.

B. Legal Basis of Processing

We will generally use and process your information on the basis of your explicit consent, our legitimate interests or legal obligations, and for scientific research purposes or for reasons in the public interest in conducting clinical trials and performing valuable scientific and medical research pursuant to Articles 6 and 9 of the General Data Protection Regulation (“GDPR”) and/or the UK GDPR.

C. Retention of Your Personal Data

We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.

The criteria used to determine the period for which personal data about you will be retained varies depending on the legal basis under which we process the personal data:

Legitimate Interests. Where we are processing personal data based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects.
Consent. Where we are processing personal data based on your consent, we generally will retain the information for the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain of your data erased (please see the Your Privacy Rights section below).
Contract. Where we are processing personal data based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
Legal Obligation. Where we are processing personal data based on a legal obligation, we generally will retain the information for the period of time necessary to fulfil the legal obligation.
Legal Claim. We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal data, as well as the potential risk of harm from unauthorized use or disclosure of your personal data.

D. Recipients of Personal Data

We may share your personal data with the recipients as set out in the “How We Share and Disclose Your Information” section of our Privacy Policy.

DATA STORAGE & TRANSFER

Your personal data may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations, including the United States. In the event of such a transfer, we ensure that: (i) the personal data is transferred to countries recognized as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission. If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of this European Privacy Notice.

YOUR PRIVACY RIGHTS

You have the right to make the following requests with respect to the personal data that we hold:

Access your personal data;
Delete, or request deletion or erasure of, your personal data without delay if the continued processing of that personal information is not justified;
Object to or restrict processing of your personal data;
Request portability of your personal data;
Object to automated decision making; and
Correct or update your personal data that is inaccurate or incomplete.

We may not be able to fulfill requests in all instances, and where we are unable to fulfill a request, we will provide an explanation as to why. In any case, we will respond to your request in accordance with the requirements of applicable law.

Right to Withdraw Consent

Where we rely on your consent for processing of your personal data, you also have the right to withdraw your consent to such processing, subject to certain limitations at law. Where applicable, you may withdraw your consent by contacting us at privacy@elevartherapeutics.com.

Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Submitting Requests

All communications, inquiries or requests surrounding your information rights or complaints under European Union General Data Protection Regulation (European commission Regulation 2016/679 or “GDPR”) can be addressed to the attention of our privacy team at privacy@elevartherapeutics.com or by postal mail to:

VeraSafe Internal Legal Department
100 M Street S.E., Suite 600
Washington, D.C. 20003
U.S.A.

We may need to verify your identity before processing your request, which may require us to obtain additional personal data from you. In certain circumstances, we may decline a request to exercise the rights described above.

Right to Lodge a Complaint

You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner’s Office and the Swiss Federal Data Protection and Information Commissioner.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_J9N59KKZLK	2 years	This cookie is installed by Google Analytics.