PRIVACY POLICY
Stemline Therapeutics, Inc. and its affiliates (“Stemline” or “we” or “our”) are committed to respecting and protecting your privacy. This Privacy Policy applies to our collection and use of Personal Information, as defined herein, through our websites (our “Websites”) and offline business-related interactions with you. Your use of our Websites and disclosure of Personal Information to us is subject to and constitutes acceptance of this Privacy Policy.
1. Collection of personal information
The types of Personal Information we may collect (directly from you or from third party sources) and our privacy practices depend on the nature of the relationship you have with Stemline and the requirements of applicable law. Below are some of the ways we collect information and how we use it.
Information we collect from or about, customers, visitors, and guests includes information that may be deemed personal information, such as title, name, address, phone number, email address, user name, and internet protocol (“IP”) address (collectively, “Personal Information”). We may also collect other information that is not considered Personal Information, such as demographic information you choose to provide to us, such as your business/company information, professional experiences, educational background, nationality, ethnic origin, gender, interests, preferences, and answers to a security question and password.
Additionally, if you participate in any of our programs or services, we may collect information regarding your medications, medical history, and other healthcare-related information, including, but not limited to, protected health information, from individuals or a third party. Any protected health information that is tied to an individual’s Personal Information will be treated as Personal Information, provided that any protected health information will be protected in accordance with the requirements of HIPAA.
Some of the ways that we may collect Personal Information includes:
- through surveys and during business/marketing events.
- when you use our website, we may provide you with opportunities to sign up to receive information or services and may ask for your contact information (e.g. name, home address, home phone number or personal email address), and other information (for healthcare professionals we may collect information about name, age gender, home address, home phone number, work address, work phone number, medical specialization, professional qualifications, license number and/or medical society membership number) so that we can send you information related to Stemline and its affiliates, that may be of interest to you;
- when you contact us or enroll in a program that we offer, we may obtain your contact information, and other personal information you may provide to us.
- if you report any adverse effects when using our products, we are required to collect certain Personal Information in order to comply with regulatory requirements.
It is not necessary to provide Personal Information in order to view our websites. However, to take advantage of certain features available on our websites, it may be necessary to provide Personal Information. If you do not want to provide us with Personal Information, you can choose to not use those features on our websites.
To the extent permitted by applicable data protection laws, we may also receive Personal Information from other sources, which could include commercially available sources, such as public databases and data aggregators. If applicable data protection law requires it, we will obtain your consent before using Personal Information for our business purposes.
2. Other ways we collect personal information
Through the use of cookies and similar technologies, the information below may be automatically collected when you visit our websites:
- your IP address, which is the number automatically assigned to your computer whenever you access the Internet and that can sometimes be used to derive your general geographic area.
- other unique identifiers, including mobile device identification numbers.
- your browser type and operating system.
- websites you visited before and after visiting our websites.
- pages you view and links you click on within our websites.
- information collected through cookies, web beacons, and other technologies.
- information about your interactions with e-mail messages, such as the links clicked on and whether the messages were received, opened, or forwarded; and
- standard server log information.
Cookies are small pieces of computer code that enable web servers to “identify” visitors each time someone uses our website. Cookies are used to tailor our website to you, measure, and research the effectiveness of our website’s features, provide offers and advertisements, and authenticate users for registered services. You have the ability to delete cookies from your hard drive at any time by clicking on the Privacy or History tab typically found on the Settings or Options menu in your internet browser. By using our websites without changing your cookie settings, you agree to our use of cookies. If you elect to block cookies, you may not be able to take full advantage of the content and features on our websites.
We may also use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on our websites and to develop content. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and processing of data generated by your use of our websites by going to http://tools.google.com/dlpage/gaoptout.
3. Where personal information is processed and stored
Although our websites are maintained in the United States, Personal Information may be transferred to and/or accessible to our affiliates, partners and service providers outside of your country or region, including countries that may not provide a similar or adequate level of protection as provided by your country or region. If you visit our websites from a country other than the United States, your communication with us will result in the transfer of information across international borders.
All Personal Information collected may be stored anywhere in the world, including, but not limited to, in the United States, in the cloud, on our servers, on the servers of our affiliates, or on the servers of our service providers.
Your use of our websites indicates your consent to the collection, storage, and processing of Personal Information in the United States and in any country to which we may transfer Personal Information in the course of our business operations.
4. Use of personal information
We respect your privacy and will only use Personal Information for limited purposes, including:
- to operate and improve our websites, products, information, and services.
- to understand you and your preferences so that we may enhance our websites, as well as our products and services.
- to process employment applications.
- to provide you with customer service, including responding to your comments and questions.
- to provide and deliver products, information, and services that you request.
- to send you related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
- to communicate with you about upcoming events, news, information, related to Stemline or our affiliate companies and our selected partners.
- to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity; and
- or as otherwise described to you at the point of collection or pursuant to your consent.
5. Disclosure of personal information
We are committed to maintaining your trust and will share Personal Information only under limited circumstances, such as:
- with our affiliate companies
- with service providers that perform certain functions or provide services on our behalf (such as to host our websites, fulfill orders, provide products and services, manage databases, perform analyses, provide customer service, or send communications);
- as part of a business transaction, including a sale of assets, merger, bankruptcy, business reorganization, or similar event.
- with third parties in order to protect the legal rights, safety, and security of our organization, affiliates, subsidiaries, partners, and the users of our websites, enforce our Terms of Use, respond to and resolve claims or complaints, prevent fraud or for risk management purposes, and comply with or respond to law enforcement or legal process or a request for cooperation by a government or other entity, whether or not legally required;
- with third parties for business purposes, subject to applicable data protection laws; and
- with other organizations, in order to provide aggregate information, such as demographic and usage statistics.
6. Updating personal information
If you decide that you do not want Personal Information to be used for the purposes described in this Privacy Policy, you may contact us at our mailing address or email address, set forth in Section 13 below, to request the removal of Personal Information from our database. You may also contact us to correct or update Personal Information.
7. California privacy rights
For California residents only. Pursuant to California’s “Shine the Light Act,” California residents are permitted to request and obtain information about what Personal Information is disclosed to third parties for the third party’s direct marketing purposes. We do not share information that we collect with third parties for the third party’s direct marketing purposes.
8. Data retention and storage
We retain Personal Information that we receive in accordance with this Privacy Policy for as long as you use our websites or as necessary to fulfill the purpose(s) for which Personal Information was collected, including to provide our products and services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
9. Security of personal information
We take commercially reasonable steps to protect Personal Information from unauthorized access, use, or disclosure. However, no method of security or transmission over the Internet or storage of information can be guaranteed to be 100% secure. As a result, while we strive to protect Personal Information, we cannot ensure or warrant the security of information you transmit to us, and you do so at your own risk.
10. Children’s online privacy
Our websites are directed to a general audience. We do not knowingly collect, use, maintain, process, or disclose Personal Information from persons we know to be under 13 years of age, without prior parental or guardian consent, except as permitted by the Children’s Online Privacy Protection Act (“COPPA”). If you are the parent or guardian of a child under the age of 13 who you believe may have provided Personal Information to us, please contact us and we will promptly delete such Personal Information from our database.
11. Links to other websites
Our websites may contain links to other websites or online services that are operated and maintained by third parties and that are not under our control or maintained by us. Such links do not constitute an endorsement by us of those other websites, the content displayed therein, or the persons or entities associated therewith. We provide these links to you only as a convenience, and any information you provide to those third parties will be used as described by the third parties in their own privacy policies.
12. Company communications
We may periodically send you e-mails to provide information about our products, relevant scientific or clinical developments, company events, and other related information. If applicable law requires it, we will obtain your consent before sending such emails. If you wish to stop receiving all communications or only certain types of communications from us, please contact us at privacy@MenariniStemline.com.
13. Updates to privacy policy
We reserve the right to update this Privacy Policy from time to time. If we decide to change this Privacy Policy, we will post those changes on our websites. You are encouraged to review this Privacy Policy regularly for any changes. Your continued use of our websites will be subject to the then-current Privacy Policy. This Privacy Policy was last updated on April 23, 2019.
If you have questions regarding this Privacy Policy, please contact us at: Stemline Therapeutics, Inc., 750 Lexington Avenue, 11th Floor, New York, NY 10022 or e-mail us at privacy@MenariniStemline.com.
PRIVACY POLICY FOR PEOPLE WHO ARE IN EUROPE PURSUANT TO ARTICLE 13 OF REGULATION EU 2016/679 (GDPR)
The Site is intended for worldwide users, including persons who are in Europe. This document (“Privacy Policy”) is addressed to people who are in Europe and provides information on how the personal data collected by the Company through this website (“Website”) are processed, and constitutes “an information notice to the data subjects” under the terms of art. 13 of the GDPR.
1. Data controller, representative and DPO
In compliance with Regulation EU 2016/679 (GDPR) we inform you that the Controller is Stemline Therapeutics, Inc with offices at 750 Lexington Avenue, 11th Floor New York, NY 10022. (“Company” or “Controller”)
Nominated European Representative pursuant to article 27 of the GDPR is A. Menarini Industrie Farmaceutiche Riunite S.r.l, with registered office in Firenze, Via Sette santi,1
The Data Protection Officer (“DPO”) can be contacted at the following address: dpo@menarini.com
2. The data we process
The following data can be processed:
- When you register to the reserved area, we may ask for your contact information (e.g. name, home address, home phone number or personal email address), and other information (for healthcare professionals we may collect information about name, age gender, home address, home phone number, work address, work phone number, medical specialization, professional qualifications, license number and/or medical society membership number)
- As you navigate around the Site, certain information can be passively collected (that is, gathered without your actively providing the information), including your IP address, which is the number automatically assigned to your computer whenever you access the Internet and that can sometimes be used to derive your general geographic area; other unique identifiers, including mobile device identification numbers; your browser type and operating system;
3. Why and how we process your personal data
With your consent, the Company may process your ordinary personal data to enable you to benefit from the available services and functionalities and optimise their performance, to perform statistics on its usage, to manage your registration to any restricted-access areas and initiatives which may be present on the Website pursuant to Article 6.1.a of the GDPR. The Company may also process your personal data to fulfil obligations stemming from laws, regulations, and European Union law: the legal basis for the processing for this purpose is Article 6.1. (c) of the GDPR.
Furthermore, with your optional consent, your ordinary personal data may also be used to fulfil your requests, and depending on your choices:
- fulfil your request to be visited by our representatives.
- for institutional communications (including newsletters) or promotional activities (marketing) i.e., sending advertising material and/or commercial communications pertaining to the Company’s services to the contact details indicated using traditional methods and/or contact methods (i.e. paper-based mail, telephone calls with operator etc.) or automatic means (i.e. communications via Internet, fax, e -mail, text messaging, apps for mobile devices such as smartphones and tablets, social network accounts e.g. Facebook or Twitter, etc.). The legal basis for the processing for this purpose is Article 6.1. (a) of the GDPR.
Finally, the Company may process your ordinary and sensitive personal data to protect its rights in legal proceedings (Articles 6.1.(f) and 9.2.(f) of the GDPR).
All your data are processed using automatic and electronic instruments suitable to ensure full security and confidentiality.
4. Necessary processing and optional processing
The forms to be completed on this website require you to confer personal data which are strictly necessary to handle your requests. Such Data are marked with an asterisk [*]. If you do not wish provide such data, we will not be able to handle your request.
Conversely, forms may also provide for the possibility to provide personal data which are not strictly necessary to handle your requests: providing such data is optional – failure to do so has no consequence.
5. Browsing data
If you only visit the Website (i.e., without sending communications or using any of the available services/functions), the processing of your data is limited to browsing data i.e., data whose transmission to the Website is necessary for the functioning of the computers which operate the Website and of the Internet communication protocols. This category includes, for example, IP addresses or computer domain used to visit the Website and other parameters pertaining to the operating system used to connect to the Website. The Company collects these and other data (such as, for example, number of visits and time spent on the Website) merely for statistical purposes and in anonymous form in order to monitor the functioning of the Website and improve its performance. Such data is not collected to be associated with other information regarding, or for the identification of, users; however, such information, by its very nature, may enable the Company to identify users through processing and association with data held by third parties. Browsing data are normally deleted following processing in anonymous form but can be stored and used by the Company to detect and identify perpetrators of any computer offences committed to the detriment of the Website or using the Website. Without prejudice to this possibility. The browsing data described above are stored only temporarily, in compliance with law.
6. Links to other websites
This Privacy Policy applies only to the Website as defined above. Even though the Website may contain links to other websites (known as third party websites), please be informed that the Company does not perform any access or control over cookies, web beacons or other user-tracking technologies that may be active on such third party websites, on the contents and materials published thereon, or on their methods of processing of your personal data; for this reason, the Company expressly declines any liability for such matters. You should therefore verify the privacy policies of such third-party websites and collect information about their terms and conditions and about how they process your personal data.
7. How we store data and for how long
In compliance with Article 5.1.(c) of the GDPR, the computers and programmes used by the Company are set up in such a way to reduce the use of personal and identifying data to a minimum. Such data are processed only to the extent required to achieve the purposes indicated in this Policy, and will be stored for as long as strictly necessary for achievement of the specific purposes pursued – in any event, the criterion used to determine the storage period is based on compliance with time limits permitted by law and the principles of data minimisation, storage limitation or rational management of our records.
8. Persons who have access to the data
Persons belonging to the following categories are authorised to process the user’s data: technical and administrative staff, IT staff, medical sales representatives, product managers, internal audit and compliance staff, as well as other staff members who require processing the data for performance of their job duties.
Although our websites are maintained in the United States, your data may be transferred to and/or accessible to our affiliates, partners and service providers outside of your country or region, including countries that may not provide a similar or adequate level of protection as provided by your country or region. By visiting our websites from a country other than the United States, or when you provide your consent, you agree to the transfer of information to countries outside of your country of residence, including to the United States, where we are based.
Additionally, the Data can be communicated, also in Third Countries, to: (i) institutions, authorities, public bodies for their institutional purposes; (ii) professionals, independent consultants –working individually or in partnerships- and other third parties and providers which supply to the Company commercial, professional or technical services required to operate the Website (e.g., provision of IT and Cloud Computing services) for the purposes specified above and to support the Company with the provision of the services you requested ; (iii) third parties in the event of mergers, acquisitions, transfers of business -or branches thereof-, audits or other extraordinary operations; (iv) company supervisory bodies in the pursuit of their activities (oversight over the enforcement of legal obligations, ethical standards, etc.). The mentioned recipients shall only receive the Data necessary for their respective functions and shall duly undertake to process them only for the purposes indicated above and in compliance with data protection laws. The Data can furthermore be communicated to the other legitimate recipients identified from time to time by the applicable laws. With the exception of the foregoing, the Data shall not be shared with third parties, whether legal or natural persons, who do not perform any function of a commercial, professional or technical nature for the Controller and shall not be disseminated. The parties who receive the Data shall perform processing as Data Controller, Processor or persons authorised to process personal data, as the case may be, for the purposes indicated above and in compliance with the applicable data protection law.
9. Your rights
You may at any time exercise the rights afforded by Articles 15-22 of the GDPR, including the right to obtain confirmation of the existence of personal data which relate to you, check its content, origin, correctness, location (also with reference to any Third Countries), request a copy, request correction and in cases provided by law, restriction of processing, deletion, oppose to direct contact activities, oppose to direct marketing (also limited to particular means of communication. Likewise, you may always withdraw consent and/or make observations on specific issues regarding processing operations of your personal data which you regard as incorrect or unjustified by your relationship with the Company, or lodge a complaint with the Data Protection Authority.
You may contact the Controller (contact-us or contact mail address) and/or DPO at the addresses displayed above to make any requests regarding personal data processing by the Company, to exercise your legal rights and to obtain an updated list of the parties who have access to your data.
SUPPLEMENTAL PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
This Supplemental Privacy Notice for California Residents (the “California Notice”) is part of our Privacy Policy and is directed to you if you are a California resident. California residents have certain privacy rights under California privacy law. This California Notice applies to personal information we collect when we operate as a “business” as defined under California privacy law and describes your rights and how you may exercise them when we act as a business. If there is any term in this California Notice that conflicts with a term in our Privacy Policy, the term in this California Notice will control.
1. Information we collect as a business
We collect the following categories of personal information as defined under California privacy law:
Type of information | Examples | Collected by us |
---|---|---|
Identifiers | Name, postal address, e-mail address, IP address, phone number, and similar identifiers. See Section 1 of the Privacy Policy for details. | Yes |
Information specified in California Consumer Records statute | Name, signature, postal address, telephone number, employment. See Section 1 of the Privacy Policy for details. | Yes |
Protected classifications under California or federal law | Age, race, national origin, citizenship, religion or creed, marital status, gender, sexual orientation, health status. See Section 1 of the Privacy Policy for details. | No |
Commercial information | Records of personal property, products, services purchased, or purchasing histories. | No |
Biometric information | Genetic, physical, behavioral or biological characteristics, such as fingerprints, iris scans, voiceprints, health/exercise, or sleep data. | No |
Internet and similar network activity | Browsing history, website analytics, app interactions. See Section 1 and Section 2 of the Privacy Policy for details. | Yes |
Geolocation data | Physical locations and/or movements. | No |
Sensory data | Audio, visual, or similar data related to physical characteristics. | No |
Professional or employment-related information | Current employment or job history. See Section 1 of the Privacy Policy for details. | Yes |
Non-public educational information | Educational records under federal law. | No |
Inferences drawn from other personal information | Profiling of preferences, personal characteristics, behavior, attitudes, or aptitudes. | No |
Personal information does not include: (i) information publicly available from government records, (ii) de-identified or aggregated information, or (iii) information addressed by certain state and federal data privacy laws.
2. Categories of sources of information we collect
We obtain the categories of information described in this California Notice from the same categories of sources as described in Section 1 and Section 2 of our Privacy Policy.
3. Purposes for which we use personal information
We collect and use the personal information as described in this California Notice for the same purposes identified in Section 1, Section 2, and Section 4 of our Privacy Policy.
4. Our disclosure of personal information
We may disclose the personal information described in this California Notice for any of the same purposes and to the same categories of persons and entities as identified in Section 5 of our Privacy Policy.
5. Your rights regarding your personal information
California privacy law gives certain rights to California residents (with some exceptions), regarding their personal information. We summarize below what those rights are and how you may exercise them. You do not need to have an account with us to exercise these rights.
California privacy law also gives California residents the right to opt out of (or for minors under 16, the ability to opt in to) sales of their personal information. However, we do not and will not sell your personal information. If, in the future, we decide to sell personal information, we will provide you with notice and the right to opt out of (or for minors, opt in to) such sales.
- Right to Know About the Collection, Use, Disclosure, and Sale of Personal Information
- Upon providing us with a verified consumer request, you may ask us to disclose certain types of your personal information we have collected and used over the 12-month period prior to the date of your request. You may make this request only twice within any 12-month period. You may request and, unless an exception applies, we will provide:
- The categories of personal information we collected about you;
- The categories of sources of the personal information we collected about you;
- The business or commercial purpose for collecting that personal information;
- The categories of third parties with whom we shared that information;
- The specific pieces of personal information we collected about you (except to the extent prohibited under California privacy law including, for example, disclosure of Social Security numbers or other government ID, health insurance or medical identification numbers, account passwords); or
- If we disclosed your personal information for a business purpose, a list identifying the personal information we disclosed to each category of recipient.
- Upon providing us with a verified consumer request, you may ask us to disclose certain types of your personal information we have collected and used over the 12-month period prior to the date of your request. You may make this request only twice within any 12-month period. You may request and, unless an exception applies, we will provide:
- Right to Request Deletion of Personal Information
- You have the right to submit a verified consumer request at any time that we delete any of your personal information collected and retained by us, unless an exception under California privacy law applies.
- If no exception applies, and if we have been able to verify your consumer request, we will delete, aggregate, or de-identify your personal information from our records in accordance with California privacy law. We will also direct third parties to whom we have disclosed your personal information to delete it, although we cannot guarantee that such third parties will comply with our direction.
- Please note that we may deny your deletion request based on certain provisions of California privacy law, including where it is necessary for us or our service providers to carry out certain business functions, comply with laws or to engage in other internal and lawful uses of the information within the context in which you provided it to us.
6. Making a verified consumer request to us
To make a request to exercise your rights under California privacy law described above, please submit a verifiable request to us by either:
- Calling 1-844-635-4641
- Emailing us at privacy@stemline.com, or
- Completing and submitting the form available on our Website at https://stemline.com/contact/
A verifiable consumer request must be made by you or a person registered with the California Secretary of State whom you have authorized to make the request on your behalf. (A representative must be authorized by you in writing or have a valid power of attorney under California probate law.) You may also make a verifiable request to us on behalf of your minor child.
To be considered a proper verified request, your request must:
- provide us with sufficient information allowing us to reasonably verify that you are the same person about whom we collected the personal information or the authorized representative, and
- describe your request in reasonable detail so we can correctly understand, evaluate, and respond to the request.
We may ask you for additional information, if needed, in order to verify your request. If we do, we will use such additional information only to verify your identity (or the authority of the representative) and for security and fraud-prevention purposes.
We will also ask you to separately confirm, via calling 1-844-635-4641, emailing us at privacy@stemline.com, or using the web form available on our Website at https://stemline.com/contact/ to confirm any request to delete personal information.
7. Responding to your verifiable consumer request
We will use reasonable efforts to respond to your verifiable consumer request within 45 days of receiving it. In some cases, we may require more time (up to 90 days). If that is the case, we will communicate to you in writing (by postal mail or electronically, at your option) the reason and the length of anticipated delay. We will not be able to fulfill your request if we cannot verify your identity (or the authority of your representative) and confirm that the personal information subject to the request relates to you.
Disclosures we provide in response to a verified consumer request will cover only the 12-month period before we received the request. If your request involves the porting of your personal information, we will use a format that is reasonably designed to allow you to transmit the information to another entity. If we deny part or all of a verified consumer request, we will provide a reasonable explanation for the denial.
We do not charge fees for responding to verifiable consumer requests unless they are excessive, repetitive, or manifestly unfounded. If we determine that a fee is appropriate, we will provide you with an explanation and a cost estimate before we complete your request.
We will keep records of consumer requests and our responses as required under the California privacy law.
8. Non-discrimination
We will not discriminate against you for exercising any of your rights under California privacy law. This means that, except where permitted under California privacy law, if you make a request for disclosure or to delete your personal information, we will not (i) deny you goods or services, (ii) charge you different prices for goods or services (e.g., through penalties or withholding of otherwise available discounts), (iii) give you a different level of goods or services, or (iv) suggest to you that we will take any of the actions in (i) through (iii).
9. How to contact us to exercise your California rights
If you have questions about our Privacy Policy or this California Notice, please feel free to contact us at: privacy@stemline.com.
This California Notice was last updated on December 2, 2020.
By selecting the button below you acknowledge you are leaving the ELEGANT Study website and continuing to another website not covered under the ELEGANT Study’s website privacy policy.
Proceed to website