Privacy policy - Elegant Study

Cookie	Expiry	Domain	Company
Cookie CookieConsent	Expiry Session	Domain https://elegantstudy.com/	Company Tann Westlake
Stores your cookie consent session for our site. It contains no information other than whether you have opted in or out for each cookie level.
Cookie pll_language	Expiry Session	Domain https://elegantstudy.com/	Company Polylang
Polyang uses a cookie: This cookie is used to determine the preferred language of the visitor and set the language accordingly on the website if or when they visit again.
Cookie wordpress_test_cookie	Expiry Session	Domain https://elegantstudy.com/	Company Wordpress
WordPress also sets wordpress_test_cookie cookie to check if the cookies are enabled on the browser to provide appropriate user experience to the users. This cookie is used on the front-end, even if you are not logged in.
Cookie prescreener-click-tracking	Expiry Session	Domain https://elegantstudy.com/	Company Tann Westlake
The prescreener-click-tracking cookie stores the Fathom tracking code, specific to the clinic you are on, to allow for clinic-specific event tracking when completing the pre-screener form. This allows for your pre-screener form submission to be sent to the correct clinic.

PRIVACY INFORMATION NOTICE

The Company Stemline Therapeutics, Inc (“Company”, or “we”) wishes to inform you that the processing of your personal data, performed by way of the website (“Website”) takes place in compliance with the applicable data protection laws (including but not limited to Regulation (EU) 2016/679 – hereinafter referred to as “GDPR”).

1. Data controller, Representative and DPO

In compliance with Regulation EU 2016/679 (GDPR) we inform you that the Controller is Stemline Therapeutics, Inc with offices at 750 Lexington Avenue, 11th Floor New York, NY 10022. (“Company” or “Controller”)

Nominated European Representative pursuant to article 27 of the GDPR is A. Menarini Industrie Farmaceutiche Riunite S.r.l, with registered office in Firenze, Via Sette santi,1

The Data Protection Officer (“DPO”) can be contacted at the following address: dpo@menarini.com

2. The data we process

The only data we process are those of the device you use to browse the website – we need to process said information to enable you to use the website itself.

In any event, even without your prior consent, the Controller may process your data to comply with legal obligations stemming from laws, regulations and EU Law, to exercise rights in legal proceedings, to pursue its own legitimate interests and in all cases provided by Articles 6 and 9 of the GDPR, where applicable.

Processing shall take place both using computers and on paper, and shall always entail the implementation of the security measures provided by current law.

3. Why and how we process your data

The Data are processed to view the website’s content and use the functionalities available thereon, pursuant to art. 6.1(b) GDPR (performance of a service for the benefit of the user).

Your data may in any case be processed, even without your consent, for the purpose of complying with laws, regulations, EU Law (art 6.1.(c) of the GDPR, to perform statistics on the Website’s usage and ensure its proper functioning (art. 6.1.(f) of the Regulation), to enforce the Code of Conduct of the Menarini Group and to establish or defend the legal claims in the interest of the Company.

Data shall be stored for as long as strictly necessary for the attainment of the purposes for which they were collected. In any event the criterion used to determine that period is based on compliance with the time limits set by law and with the principles of data minimisation, storage limitation and rational management of archives.

4. Browsing data

If you only visit the Website the processing of your data is limited to browsing data i.e., data whose transmission to the Website is necessary for the functioning of the computers which operate the Website and of the Internet communication protocols. This category includes, for example, IP addresses or computer domain used to visit the Website and other parameters pertaining to the operating system used to connect to the Website. The Company collects these and other data (such as, for example, number of visits and time spent on the Website) merely for statistical purposes and in anonymous form in order to monitor the functioning of the Website and improve its performance. Such data is not collected to be associated with other information regarding, or for the identification of, users; however, such information, by its very nature, may enable the Company to identify users through processing and association with data held by third parties. Browsing data are normally deleted following processing in anonymous form but can be stored and used by the Company to detect and identify perpetrators of any computer offences committed to the detriment of the Website or using the Website. Without prejudice to this possibility and to the provisions of the Cookie Policy the browsing data described above are stored only temporarily, in compliance with law.

5. Links to other websites

This Information Notice applies only to the Website as defined above. Even though the Website may contain links to other websites (known as third party websites), please be informed that the Company does not perform any access or control over cookies, web beacons or other user-tracking technologies that may be active on such third party websites, on the contents and materials published thereon, or on their methods of processing of your personal data; for this reason, the Company expressly declines any liability for such matters. You should therefore verify the privacy policies of such third party websites and collect information about their terms and conditions and about how they process your personal data.

6. Persons who have access to the Data

The Data are processed electronically and manually according to procedures and logics relating to the above-mentioned purposes and are accessible by the Controller’s staff authorised to process personal Data and their supervisors, and in particular to staff belonging to the following categories: technical, IT and administrative staff, internal audit and compliance staff, as well as other individuals who need to process the data to perform their job duties. The Data may be communicated and accessed by, also in countries outside the European Union (“Third Countries ”): (i) institutions, authorities, public bodies for their institutional purposes; (ii) professionals, independent consultants –individually or in partnerships- and other third parties and providers which supply to the Controller commercial, professional or technical services required to operate the Website (e.g., provision of IT and Cloud Computing services), in order to pursue the purposes specified above and to support the Company with the provision of the services you requested; (iii) third parties in the event of mergers, acquisitions, transfers of business -or branches thereof-, audits or other extraordinary operations; (iv) company supervisory bodies, based at the Controller’s address, in the pursuit of their activities (oversight over the enforcement of legal obligations, ethical standards, the Menarini Group’s Code of Conduct, etc.).

The mentioned recipients shall only receive the Data necessary for their respective functions and shall duly undertake to process them only for the purposes indicated above and in compliance with data protection laws. The Data can furthermore be communicated to the other legitimate recipients identified from time to time by the applicable laws. With the exception of the foregoing, the Data shall not be shared with third parties, whether legal or natural persons, who do not perform any function of a commercial, professional or technical nature for the Controller and shall not be disseminated. The individuals who receive the data shall process them, as the case may be, in the capacity as Controller, Processor or person authorised to process personal data, for the purposes indicated above and in compliance with data protection law.

Regarding any transfer of Data outside the EU, including in countries whose laws do not guarantee the same level of protection to personal data privacy as that afforded by EU Law, the Controller informs that the transfer shall in any event take place in accordance with the methods permitted by the GDPR, such as, for example, on the basis of the user’s consent, on the basis of the Standard Contractual Clauses approved by the European Commission, by selecting parties enrolled in international programmes for free movement of data or operating in countries considered safe by the European Commission.

7. Your Rights

By contacting the Controller at the addresses indicated above you can, at any time, exercise the rights pursuant to Articles 15-22 of the GDPR such as, for example, obtaining an updated list of the individuals who can access your data, obtain confirmation of the existence or otherwise of personal data which relates to you, verify their content, origin, correctness, location (also with reference to any Third Countries), request a copy, request their rectification and, in the cases provided by the GDPR, request the restriction of their processing, their erasure, oppose to direct contact activities (including limited to some mediums of communication). Likewise, you can always report observations on specific uses of the data regarding particular personal situations deemed incorrect or unjustified by the existing relationship to the DPO or submit complaints to the Data Protection Authority. You may withdraw your consent at any time – however that shall not impair the lawfulness of the processing carried out before consent withdrawal.

SUPPLEMENTAL PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

This Supplemental Privacy Notice for California Residents (the “California Notice”) is part of our Privacy Policy and is directed to you if you are a California resident. California residents have certain privacy rights under California privacy law. This California Notice applies to personal information we collect when we operate as a “business” as defined under California privacy law and describes your rights and how you may exercise them when we act as a business. If there is any term in this California Notice that conflicts with a term in our Privacy Policy, the term in this California Notice will control.

1. Information we collect as a business

We collect the following categories of personal information as defined under California privacy law:

Type of information	Examples	Collected by us
Identifiers	Name, postal address, e-mail address, IP address, phone number, and similar identifiers. See Section 1 of the Privacy Policy for details.	Yes
Information specified in California Consumer Records statute	Name, signature, postal address, telephone number, employment. See Section 1 of the Privacy Policy for details.	Yes
Protected classifications under California or federal law	Age, race, national origin, citizenship, religion or creed, marital status, gender, sexual orientation, health status. See Section 1 of the Privacy Policy for details.	No
Commercial information	Records of personal property, products, services purchased, or purchasing histories.	No
Biometric information	Genetic, physical, behavioral or biological characteristics, such as fingerprints, iris scans, voiceprints, health/exercise, or sleep data.	No
Internet and similar network activity	Browsing history, website analytics, app interactions. See Section 1 and Section 2 of the Privacy Policy for details.	Yes
Geolocation data	Physical locations and/or movements.	No
Sensory data	Audio, visual, or similar data related to physical characteristics.	No
Professional or employment-related information	Current employment or job history. See Section 1 of the Privacy Policy for details.	Yes
Non-public educational information	Educational records under federal law.	No
Inferences drawn from other personal information	Profiling of preferences, personal characteristics, behavior, attitudes, or aptitudes.	No

Personal information does not include: (i) information publicly available from government records, (ii) de-identified or aggregated information, or (iii) information addressed by certain state and federal data privacy laws.

2. Categories of sources of information we collect

We obtain the categories of information described in this California Notice from the same categories of sources as described in Section 1 and Section 2 of our Privacy Policy.

3. Purposes for which we use personal information

We collect and use the personal information as described in this California Notice for the same purposes identified in Section 1, Section 2, and Section 4 of our Privacy Policy.

4. Our disclosure of personal information

We may disclose the personal information described in this California Notice for any of the same purposes and to the same categories of persons and entities as identified in Section 5 of our Privacy Policy.

5. Your rights regarding your personal information

California privacy law gives certain rights to California residents (with some exceptions), regarding their personal information. We summarize below what those rights are and how you may exercise them. You do not need to have an account with us to exercise these rights.

California privacy law also gives California residents the right to opt out of (or for minors under 16, the ability to opt in to) sales of their personal information. However, we do not and will not sell your personal information. If, in the future, we decide to sell personal information, we will provide you with notice and the right to opt out of (or for minors, opt in to) such sales.

Right to Know About the Collection, Use, Disclosure, and Sale of Personal Information
- Upon providing us with a verified consumer request, you may ask us to disclose certain types of your personal information we have collected and used over the 12-month period prior to the date of your request. You may make this request only twice within any 12-month period. You may request and, unless an exception applies, we will provide:
  - The categories of personal information we collected about you;
  - The categories of sources of the personal information we collected about you;
  - The business or commercial purpose for collecting that personal information;
  - The categories of third parties with whom we shared that information;
  - The specific pieces of personal information we collected about you (except to the extent prohibited under California privacy law including, for example, disclosure of Social Security numbers or other government ID, health insurance or medical identification numbers, account passwords); or
  - If we disclosed your personal information for a business purpose, a list identifying the personal information we disclosed to each category of recipient.
Right to Request Deletion of Personal Information
- You have the right to submit a verified consumer request at any time that we delete any of your personal information collected and retained by us, unless an exception under California privacy law applies.
- If no exception applies, and if we have been able to verify your consumer request, we will delete, aggregate, or de-identify your personal information from our records in accordance with California privacy law. We will also direct third parties to whom we have disclosed your personal information to delete it, although we cannot guarantee that such third parties will comply with our direction.
- Please note that we may deny your deletion request based on certain provisions of California privacy law, including where it is necessary for us or our service providers to carry out certain business functions, comply with laws or to engage in other internal and lawful uses of the information within the context in which you provided it to us.

6. Making a verified consumer request to us

To make a request to exercise your rights under California privacy law described above, please submit a verifiable request to us by either:

Calling 1-844-635-4641
Emailing us at privacy@stemline.com, or
Completing and submitting the form available on our Website at https://stemline.com/contact/

A verifiable consumer request must be made by you or a person registered with the California Secretary of State whom you have authorized to make the request on your behalf. (A representative must be authorized by you in writing or have a valid power of attorney under California probate law.) You may also make a verifiable request to us on behalf of your minor child.

To be considered a proper verified request, your request must:

provide us with sufficient information allowing us to reasonably verify that you are the same person about whom we collected the personal information or the authorized representative, and
describe your request in reasonable detail so we can correctly understand, evaluate, and respond to the request.

We may ask you for additional information, if needed, in order to verify your request. If we do, we will use such additional information only to verify your identity (or the authority of the representative) and for security and fraud-prevention purposes.

We will also ask you to separately confirm, via calling 1-844-635-4641, emailing us at privacy@stemline.com, or using the web form available on our Website at https://stemline.com/contact/ to confirm any request to delete personal information.

7. Responding to your verifiable consumer request

We will use reasonable efforts to respond to your verifiable consumer request within 45 days of receiving it. In some cases, we may require more time (up to 90 days). If that is the case, we will communicate to you in writing (by postal mail or electronically, at your option) the reason and the length of anticipated delay. We will not be able to fulfill your request if we cannot verify your identity (or the authority of your representative) and confirm that the personal information subject to the request relates to you.

Disclosures we provide in response to a verified consumer request will cover only the 12-month period before we received the request. If your request involves the porting of your personal information, we will use a format that is reasonably designed to allow you to transmit the information to another entity. If we deny part or all of a verified consumer request, we will provide a reasonable explanation for the denial.

We do not charge fees for responding to verifiable consumer requests unless they are excessive, repetitive, or manifestly unfounded. If we determine that a fee is appropriate, we will provide you with an explanation and a cost estimate before we complete your request.

We will keep records of consumer requests and our responses as required under the California privacy law.

8. Non-discrimination

We will not discriminate against you for exercising any of your rights under California privacy law. This means that, except where permitted under California privacy law, if you make a request for disclosure or to delete your personal information, we will not (i) deny you goods or services, (ii) charge you different prices for goods or services (e.g., through penalties or withholding of otherwise available discounts), (iii) give you a different level of goods or services, or (iv) suggest to you that we will take any of the actions in (i) through (iii).

9. How to contact us to exercise your California rights

If you have questions about our Privacy Policy or this California Notice, please feel free to contact us at: privacy@stemline.com.

This California Notice was last updated on December 2, 2020.

Cookies