This Privacy Notice describes the privacy practices of Celsius Therapeutics, Inc. (“Celsius”, “we”, “us” or “our”), including how we collect, use, share and otherwise process personal data, and explains the rights and choices available to individuals with respect to their information.
Celsius may provide additional privacy notices to individuals at the time we collect their data. For example, we often provide a specific privacy notice to participants in research studies or clinical trials (collectively, “Research”) during the consent process that describes our privacy practices in connection with conducting Research. This Privacy Notice does not apply to the collection of personal data in connection with such participants.
Celsius, with its address at 399 Binney Street, Cambridge MA 02139 USA, is the controller of your personal data collected in connection with this Privacy Notice.
Celsius is committed to ensure that your privacy is protected and will only process your personal data in conformity with applicable privacy laws, including, without limitation, the General Data Protection Regulation (“GDPR”). Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this Privacy Notice.
2. How we collect your personal data
We collect personal data about the following types of individuals: physicians and other health care professionals, clinical trial investigators, Research participants, researchers, contractors, consultants, job applicants, volunteers, and other individuals who interact directly with Celsius or its business partners, including users of our website.
Personal data includes any information relating to an identified or identifiable person. This may include, but is not limited to, your name, address, email address, phone number, location data and IP address. An IP address means “internet protocol address” which is a unique string of numbers separated by periods that identifies each computer using the IP address to communicate over a network.
We collect personal data that you provide to us in the following ways:
- Communications with us directly: we collect personal data when you provide it to us directly, such as via postal, telephone and/or email communications.
- Communications via our website: we collect personal data when you provide it to us through communications via our website, such as via the “Contact Us” form, by providing your full name, email, company, and any other details of your inquiry. At your request, we may use information you provide in your communications to contact you with information regarding Research, to evaluate your eligibility for the Research and, as appropriate, to invite you to participate in Research. If you wish to stop receiving email messages from us, please see the “Privacy Preferences” section below.
- Careers: we may collect personal data from you when you apply for a vacancy with us, such as your name and curriculum vitae. Please note that this Privacy Notice will only apply to job applicants. This Privacy Notice does not apply to employees and contractors.
- Business Partners: If you are a business partner or service provider, such as a health care professional partnering with Celsius on Research, or otherwise providing services to Celsius, we may collect your contact information, professional credentials, educational and professional history, institutional affiliations, background checks, performance reviews, and information needed for the purposes of compensation. We use this information to communicate with you, to staff, administer and facilitate Research, to comply with regulatory monitoring and reporting obligations and to identify and engage with thought leaders and external experts.
- Automated technologies and/or interactions: as you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see the section below “About cookies” for further details.
Personal data may also be obtained from the following third party sources:
- Business Partners and Service Providers: we collect information about individuals from our business partners and service providers, including healthcare professionals, contract research organizations, market research providers, industry and patient groups and associations, and recruiters. The information may include contact information, demographic information, health and medical information, educational and professional history, institutional affiliations, background checks and performance reviews. We use this information to administer and facilitate Research, coordinate events and programs, conduct market research and to identify potential employment candidates.
- Publicly Available Sources: we may collect information about individuals from publicly available sources, such as public comments on Celsius and its operations on social media platforms (for example, LinkedIn, Twitter, and Instagram) or publicly available research. This information enables us to conduct market research about the company and industry trends, analyze public interactions with Celsius, identify experts and improve our programs, events, and other offerings.
3. How we use your personal data
To the extent we collect personal data from you, as described in this Privacy Notice, we use such information for the purposes, and rely on the legal bases, listed below. Note, that in certain circumstances detailed below, we will process your personal data on more than one legal basis depending on the specific purpose for which we are using your personal data.
|To enable us to carry out our obligations arising from any contracts and to provide you with the information you request from us.||Performance of a contract or our legitimate interests.|
|To enable us to respond to an inquiry or other request you make when you contact us via our website or directly.||Performance of a contract or our legitimate interests.|
|Communicating with you to provide technical or administrative support.||Legitimate interests.|
|Conducting, managing and growing our business.||Legitimate interests.|
|Defining and managing appropriate patient engagement activities, and patient support programs.||Legal obligation; or legitimate interests.|
|To notify you about changes to our service.||Performance of a contract or our legitimate interests.|
|To protect the security of and managing access to our premises, IT and communication systems, online platforms, website and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities.||Performance of a contract or our legitimate interests.|
|To comply with our legal and regulatory obligations and requests, including reporting to and/or being audited or investigated by national and international regulatory bodies.||Legal obligation; or legitimate interests.|
|To comply with court orders and to exercise and/or defend our legal rights.||Legal obligation or legitimate interests.|
|To understand how you visit our website and how you interact with us to enrich your user experience.||Legitimate interests.|
|For our recruitment, when you apply for a job role with us. We may use information collected throughout the recruitment process to review our equal opportunities profile in accordance with applicable legislation.||To take steps to enter into a contract with you, legal obligation or legitimate interests.|
4. About cookies
A cookie is a small data file that is placed on your computer by your web browser when you visit the website. It is a tool that stores information about website visits, recognizes you and your preferences each time you visit our website, and ensures website functionality and generally improving your experience of the website.
We use the following categories of cookies on this website:
- Analytics cookies: these are analytics cookies that allow us to collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. This helps us to improve the way the website works and allows us to test different ideas on the site.
These cookies are dropped after you have consented via the cookie banner on our website.
(b) Opting out of cookies
You can withdraw your consent at any time, for example by deleting the cookies. If you do not accept all cookies or withdraw your consent, you may still browse the website.
You may also configure the settings of your browser to activate, disable or delete cookies. Detailed instructions are provided by your browser. If you disable or delete cookies, however, you may have to manually adjust some preferences every time you visit the website and some functionalities may not work.
(c) Third party cookies
You can block the cookie’s collection of data regarding your use of this website (including your IP address) as well as the processing of this data by Google, by downloading and installing the browser add-on found under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
As an alternative to the browser add-on, you can go to https://tools.google.com/dlpage/gaoptout in order to opt out from being tracked by Google Analytics within this website in the future. An opt-out cookie will be stored on your device, which means that you will have to click this link again if you delete your cookies.
5. Your rights
Depending on where you are located, you may have the right to: (a) request access to your personal data we hold about you; (b) request we correct any inaccurate personal data we hold about you; (c) request we delete any personal data we hold about you; (d) restrict the processing of personal data we hold about you; (e) object to the processing of personal data we hold about you; and/or (f) receive any personal data we hold about you in a structured and commonly used machine-readable format or have such personal data transmitted to another company.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing information requested to you. We will process any request in line with any local laws and our policies and procedures. If you are located in the United Kingdom or the European Economic Area (“EEA”), you have the right to lodge a complaint about how we process your personal data with the supervisory authority in your country (i.e., supervisory authority, https://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm).
Please note if you refuse to provide certain data or ask for us to delete your personal data, we will no longer be able to provide certain services to you. There may be occasions where we are unable to delete or update your personal data for legal obligations or for compelling legitimate interest.
If you wish to exercise any of your rights, please contact us using the information provided in the “Questions and Complaints” section below.
6. How we share your personal data
We may share your personal data with the following categories of recipients:
- Third party service providers, to perform business functions on behalf of Celsius such as IT providers for the management of web-based services, recruitment management, legal services, auditing and any other companies providing support services as required.
- Courts, law enforcement authorities, regulators, government officials, or other parties where it is reasonably necessary for the establishment, exercise or defense of a legal or equitable claim.
- We may pass your information on to third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock.
We will never sell or rent your personal data to third parties.
Your personal data will not be transferred to third parties without taking appropriate protection to help ensure your personal data is kept confidential at all times.
7. International transfers
Information collected through our website or otherwise sent to us electronically is maintained in the United States. Please note that our service providers may also be based in the United States. The countries to which we transfer personal data may not have the same data protection laws as the country in which you initially provided the information.
If you are located in the EEA or the United Kingdom, and if required by applicable data protection laws, we will implement appropriate mechanisms to safeguard the transfer the personal data (including, for example, implementation of the European Commission standard contractual clauses). If you require further details please contact us at https://celsiustx.com/contact-us/.
8. Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over these other websites. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites; and such sites are not governed by this Privacy Notice. You should exercise caution and look at the privacy notice applicable to the websites concerned.
9. Data retention
We will only retain your personal data for as long as is necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We have implemented appropriate technical and organizational security measures to help protect your personal data against a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, personal data transmitted, stored or otherwise processed and to safeguard against access by unauthorized persons.
11. Children’s privacy
The website is not intended for, or directed to, children under the age of 13. We do not knowingly receive personal data from children under the age of 13. If you are under the age of 13, do not provide us with any personal data either directly, through any website forms, or by any other means. If you become aware that your child has provided us with personal data, please contact us at https://celsiustx.com/contact-us/.
12. Do Not Track
Some internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
13. Changes to this Privacy Notice
We may update our Privacy Notice from time to time. We will notify you of any changes by posting the new Privacy Notice on this page.
You are advised to review this Privacy Notice periodically for any changes. Changes to this Privacy Notice are effective when they are posted on this page.
14. Contact us
If you have questions, comments or requests about this Privacy Notice or your personal data, you may contact us at, including data protection officer:
Celsius Therapeutics, Inc.
399 Binney Street
Cambridge, MA 02139 USA
We have appointed Data Protection Representative Limited (DataRep), with its address at DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom as our EU and United Kingdom data protection representative who you may contact if you are based in the EEA or the United Kingdom, as follows:
- United Kingdom: DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom.
- EEA: DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom
Effective Date: August 1st, 2022