PRIVACY POLICY

INTRODUCTION

Thank you for visiting the Taiho Oncology, Inc. website. Taiho Oncology, Inc. and its parent company, subsidiaries, and affiliates (collectively, “Taiho,” “we,” or “us”) operate a variety of websites designed to provide you with information and services, including but not limited to health resources, corporate news, patient assistance programs, and product information. Some of Taiho’s websites also enable healthcare professionals to receive product information and samples. Whether you are a patient, healthcare provider, investor, customer, or job applicant, respect for the privacy of your personal data is very important to us. This Privacy Policy describes how we collect, use, protect, and disclose the personal data that you share with us. We encourage you to read this Privacy Policy in its entirety before submitting any information. By using this website, and submitting or requesting information, you acknowledge that you understand, and agree with, the provisions of this Privacy Policy.

If you are a California resident, the Supplemental Notice provided below applies to both your online and offline interactions with us.

WHAT INFORMATION DO WE GATHER?

You can use many of our websites without telling us who you are or providing us with any personal data. Depending on which website you visit, you may not be able to receive certain information unless you agree to provide us with personal data. For example, we may collect information from physicians and other healthcare providers who register on our websites in order to verify their licensure status and identity. The type of information collected from you will be based on the specific program that you register for, as indicated at the time of your registration. The personal data that we may ask you to provide may include your first and last name, your mailing address, your age, birth date, email address, and information about your medical conditions. Taiho limits the collection and processing of personal data to what is necessary to fulfill the purposes for which it is to be used. We will also offer you the option to opt out of further participation of a program or to unsubscribe from receiving further communications from Taiho if you later decide that you no longer want to participate in that program or receive additional information from us.

We may provide opportunities to contact us to ask questions or provide comments, ideas, and/or suggestions. When you communicate with us and request a response, we may ask you for additional information such as your name, email address, and contact information. If we collect this type of information, we will notify you as to why we are asking for it and how this information will be used. It is completely up to you whether or not you want to provide it.

USE OF COOKIES AND OTHER TAGS

Where permitted by law, we automatically collect certain data that may or may not be considered your personal data through the standard operation of Taiho’s Internet service or through the use of “cookies” or “Internet tags” and other similar techniques. This type of information allows Taiho to evaluate customer interest in its websites and perform other market research activities. Cookies are small text files a website can use to recognize repeated usage, facilitate the user's access to and use of the site, and allow a site to track usage behavior and compile aggregate data that will allow content improvement and targeted advertising. If you do not want information to be collected through the use of cookies, you may set such preference through user-enabled settings in most devices or browsers; however, some cookies may be necessary to provide you with certain features available on Taiho’s websites and although you may turn them off when you visit Taiho websites, you might find functionality of the website impaired. Taiho also may collect and store the name of the domain and host from which you access the Internet, the Internet protocol (IP) address of the computer you are using, the browser software you use and your operating system, the date and time you access our website, and the Internet address of the website from which you linked directly to our website.

DATA INTEGRITY AND SECURITY

Taiho takes reasonable steps to ensure that personal data collected are reliable for their intended use, accurate, complete, and current. We use appropriate technical, administrative, and physical safeguards to protect data that pertain to you from loss, unauthorized access and disclosure, misuse, or alteration. In addition, we take steps to ensure that our safeguards take into account new known threats. However, no organization can guarantee the absolute security of personal data. You should keep in mind that Internet transmissions, particularly email transmissions, are never 100% secure or error-free. Accordingly, we caution you to guard your own computer and password against unauthorized access by others.

SHARING YOUR INFORMATION WITH THIRD PARTIES

Except in situations we have described in this Privacy Policy or after we have obtained your opt-in consent to do so, Taiho will not share your personal data with other entities for their own separate use. When you provide personal data to Taiho, it will be accessible to some of Taiho’s business partners, such as entities we retain to fulfill requests for information, answer telephone calls, or provide assistance to us on specific programs or projects. In addition, Taiho may enter into business relationships with other entities. In those cases, the other entities may also have access to your personal data. Taiho requires those entities to whom it discloses personal data to protect personal data using substantially similar standards that are used by Taiho. We also require that they do not use your personal data for any separate use that is not specifically authorized by Taiho. There may also be instances where Taiho may be required to share your information with other entities who have not been retained by Taiho, such as with health authorities to report possible adverse drug experiences, during inspections or audits, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, or as ordered or directed by courts or other governmental agencies. Many entities receiving personal data under these conditions have privacy requirements that apply to their handling of your information.

SHARING YOUR INFORMATION WITHIN THE TAIHO GROUP OF COMPANIES

The information that you provide to Taiho may sometimes be shared with other departments within Taiho, as well as Taiho subsidiaries and affiliates within the Taiho global group. This may mean that your personal data may be transferred outside the U.S. to Taiho affiliates or companies in other countries. Other departments within the Taiho group, and other Taiho companies that may receive your information, will abide by substantially similar privacy requirements relating to your personal data.

CORRECTING, ACCESSING AND EXERCISING CHOICE REGARDING YOUR INFORMATION

We encourage you to update the information you provide to us, such as providing us with a new mailing or email address, a name change, or a change in the medical conditions that you have notified us about. This will help us continue to provide information to you that best meets your needs. Taiho complies with laws and regulations applicable to the right to amend your data in our files. These rights are limited in some ways.

We offer individuals to choose (opt-out) whether their personal data is (a) to be disclosed to another entity or (b) to be used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual. Individuals are provided with clear and conspicuous, readily available, and affordable mechanisms to exercise choice. For sensitive information (i.e. personal data specifying medical or health conditions, racial or ethnic origin; etc.), individuals are given affirmative or explicit (opt in) choice if the information is to be disclosed to another entity or used for a purpose other than those for which it was originally collected or subsequently authorized by the individual through the exercise of opt in choice. EU individuals have a right of access to information we hold about you.

In addition, to protect your data from unauthorized access or alteration by other entities, all requests to update or access your information will be subject to verification of your identity. Please submit request to privacyofficer@taihooncology.com or by postal mail at the contact information listed below. We will respond to your request to access within 30 days.

CHILDREN'S ONLINE PRIVACY

Taiho’s websites are not directed at children. The services offered on our websites are designed for individuals who are 18 years of age or older. If your child has submitted personal data and you would like to request that such information be removed, please contact privacyofficer@taihooncology.com. For more information about protecting the privacy of children online in the United States under the Children's Online Privacy Protection Act, please see http://www.ftc.gov/ogc/coppa1.htm(last accessed March 2020).

LINKS AND EXTERNAL WEBSITES

Many of Taiho’s websites contain links or references to external websites as a convenience to you. This Privacy Policy does not cover the practices of those websites. Accessing those sources requires that you leave Taiho’s websites. Taiho does not control the content of these external websites and is not responsible for the privacy practices of those websites. Please review the privacy policies on each website that you visit.

PRIVACY SHIELD NOTICE FOR USERS IN THE EUROPEAN UNION

Taiho complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and the United Kingdom to the United States. Taiho has certified to the Department of Commerce that it adheres to the Privacy Shield Principles, including security requirements for the protection of your personal data. With respect to onward transfers of your personal data to agents under Privacy Shield, Taiho takes responsibility for its agents’ compliance with the Privacy Shield Principles when they process your personal data on our behalf. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. In compliance with the Privacy Shield Principles, Taiho commits to resolve complaints about our collection or use of your personal data. Individuals in the European Union with inquiries or complaints regarding our policies related to the Privacy Shield should first contact Taiho at privacyofficer@taihooncology.com. Taiho has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS at https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS alternative resolution services are provided at no cost to you. Under certain limited conditions, individuals may invoke binding arbitration as a last resort before the Privacy Shield Panel. The FTC has jurisdiction over Taiho’s compliance with the Privacy Shield.

DATA RETENTION

Taiho retains personal data we collect during clinical studies that we process on behalf of our customers for as long as needed to provide Service to our customers, subject to our compliance with this Policy. We may further retain and use this personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

UPDATES TO PRIVACY POLICY

The foregoing terms are effective as of May 15th, 2020. Taiho may update this Privacy Policy from time to time based on, among other things, changes in applicable laws, development of new websites, and advances in technology. Taiho reserves the right to modify, add, or remove portions of this Privacy Policy at any time at our sole discretion. If we decide to materially revise this Privacy Policy, we will post the revised Privacy Policy at this site. We encourage you to review the Privacy Policy each time you visit our site. This Privacy Policy is not intended to and does not create any contractual or other legal rights in or on behalf of any party.

HOW TO CONTACT US

If you have any questions about our Privacy Policy, its implementation, the accuracy of your personal data, or the use of the information collected, please contact us at:

Taiho Oncology, Inc
Privacy Officer
101 Carnegie Drive, Suite 101
Princeton, New Jersey 08540
Phone: (609) 285-5214
Toll Free: 1-844-688-2446
privacyofficer@taihooncology.com.

Supplemental Notice for California Consumers

[Last Updated 05/15/2020]

This Supplemental Notice for California Consumers (“Supplemental Notice”) provides information required under the California Consumer Privacy Act of 2018, as amended (“CCPA”) and describes California residents’ right to know, right to delete, and right to object to the sale of Personal Information that Taiho Oncology, Inc. (“we,” “us,” or “our”) collected about them through online and offline activities. Any terms defined in the CCPA have the same meaning when used in this Supplemental Notice.

This Supplemental Notice applies only to information collected about California residents. This Supplemental Notice is broader in scope than our Privacy Policy because our Privacy Policy applies only to information collected through websites we operate.

Definitions Specific to this Policy

The CCPA includes definitions for terms specific to this Supplemental Notice that do not apply to Taiho’s privacy policy, including the following terms:

“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Information does not include publicly available information obtained from government records; deidentified or aggregated consumer information that are protected by technical safeguards and business processes against being reconstructed to identify you; or certain information governed by or collected from certain activities governed by other federal or California state laws. In this Supplemental Notice, we use the following Categories of Personal Information to describe the Personal Information we collect, use, and share about consumers:

Biometric Information: Biometric information, including an individual’s physiological, biological, or behavioral characteristics (including DNA) to the extent it can be used to establish individual identity. Biometric information consists of, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template (such as a faceprint, a minutiae template, or a voiceprint) can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.
Commercial Information: Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Education Information: An individual’s education information, including academic information and records.
Electronic and Sensory Data: Audio, electronic, visual, thermal, olfactory, or similar information (e.g., a recording of a customer service call or profile photograph).
Financial Information: Financial information, including bank account number, credit or debit card number, or other financial information.
Identifiers: Identifiers, such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
Inferences: Inferences drawn from any of the information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. (e.g., predications about an individual’s preferences or tendencies).
Health Insurance Information: Health insurance information, including an individual’s insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in the individual’s application and claims history.
Geolocation Data: An individual’s precise geolocation data.
Medical Information: Medical information, including any information in possession of or derived from a healthcare provider, healthcare service plan, pharmaceutical company, or contractor regarding an individual’s medical history, mental or physical condition, or treatment.
Network Activity Data: Internet or other electronic network activity information, such as browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement.
Professional Information: An individual’s professional or employment-related information.
Protected Characteristics: Characteristics of protected classifications under California or federal law, such as race, gender, physical or mental disability, and religion.
Written Signature: An individual’s written signature.

Sale” or “sell” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a Third Party for monetary or other valuable consideration.

Service Provider” means certain for-profit legal entities that process information on behalf of us and to which we disclose your Personal Information for a defined business purpose pursuant to a written contract that prohibits this Service Provider from retaining, using, or disclosing your Personal Information for any purpose other than for the specific purpose of performing the services specified in the contract.

Third Party” means another business, other than a Service Provider, that collects your Personal Information.

The Personal Information We Collect and Share

The types of Personal Information we collect, disclose, and sell depends on your relationship and interaction with Taiho. Please review the Consumer Type below that applies to your relationship or interaction with Taiho to learn about the Categories of Personal Information we have collected about you in the preceding 12 months, the sources from which the personal information is collected, the purposes for collecting personal information, and the categories of Third Parties to whom we disclose each Category of Personal Information. If you interact with Taiho in more than one way, please review each Consumer Type below that applies to you in order to learn about the Personal Information we collect and how we use and share it in connection with each particular relationship.

Patients, Caregivers, Health Care Providers, Website Visitors

Categories of Personal Information ->Third Parties to Whom We Disclose Personal Information


Biometric Information; Commercial Information; Inferences: -> Contracted vendors


Education Information:-> Government agencies


Electronic and Sensory Data; Geolocation Data: ->We do not disclose this information


Financial Information; Identifiers; Health Insurance Information; Medical Information; Network Activity Data; Professional Information; Protected Characteristics; Written Signature: ->Contracted vendors; Government agencies


Others

We collect the following categories of your Personal Information and do not disclose this information to any third parties:

  • Biometric Information;
  • Commercial Information;
  • Education Information;
  • Electronic and Sensory Data;
  • Financial Information;
  • Identifiers;
  • Inferences;
  • Health Insurance Information;
  • Geolocation Data;
  • Medical Information;
  • Network Activity Data;
  • Professional Information;
  • Protected Characteristics;
  • Written Signature

For all consumers, we collect the categories of your Personal Information indicated above for the following purposes:

  • To perform insurance benefits verification and verify eligibility for patient assistance program and/or referral of a prescription to in-network specialty pharmacies;
  • To allow patients to opt in to receive support;
  • To perform services;
  • To track and analyze usage and volume for statistical purposes;
  • To fulfill written prescription;
  • To track utilization and side effect;
  • To provide patients with future information about live events;
  • To conduct research and understand patient population and outcomes that may be related to protected characteristics;
  • To maintain a safe and secure Internet environment for the company and employees by monitoring malicious cyber behavior;
  • To conduct outcome research studies;
  • To comply with legal or regulatory requirements such as the U.S. Food and Drug Administration’s reporting requirements;
  • To complete medical information request;
  • To deliver publications and reports to a wider audience.

We collect data about you from the following sources:

  • Directly from the consumer;
  • From health care providers;
  • From insurance companies;
  • From background check agencies.

We will not collect a category of Personal Information not listed above or use any Personal Information collected in any of the above categories for a business purpose materially different than those listed above without first providing you with additional notice.

Your Right to Submit Requests

If you are a California resident, you have the following rights under the CCPA with respect to your Personal Information:

  • Right to Notice. Before or at the time we collect Personal Information from you, you have the right to receive notice of the Personal Information to be collected and the purposes for which we use it.
  • Right to Know. You also have the right to request that we disclose to you the Categories of Personal Information we have collected about you in the preceding 12 months, along with the categories of sources from which the personal information was collected, the purpose for collecting or selling the personal information, the categories of Third Parties with whom we shared the personal information, and the categories of Third Parties with whom we sold the personal information. You may make such a request up to twice in a 12-month span.
  • Right of Access. You have the right to request that we disclose or provide you with access to the specific pieces of Personal Information we have collected about you in the preceding 12 months.
  • Right to Deletion. You have the right to request that we delete the Personal Information we collect from you. However, in certain situations we are not required to delete your Personal Information, such as when the information is necessary in order to complete the transaction for which the Personal Information was collected, to provide a good or service requested by you, to comply with a legal obligation, to engage in research, to secure our websites or other online services, or to otherwise use your Personal Information internally in a lawful manner that is compatible with the context in which you provided the information.

You can exercise your rights by calling 1-844-688-2446. Please note that there are circumstances in which we may not be able to comply with your request pursuant to the CCPA, including when we cannot verify your request and/or when there is a conflict with our own obligations to comply with other legal or regulatory requirements. We will notify you following submission of your request if this is the case.

Verification Process

We value the security and confidentiality of your Personal Information. Therefore, if you elect to exercise your right to know, access or delete your information you must first submit proof of your identity for these requests to be processed as a verifiable consumer request. We may not be able to comply with your request if we are unable to confirm your identity or to connect the information you submit in your request with personal information in our possession. In addition, you may designate an authorized agent to make a request on your behalf subject to proof of identity and authorization.

Non-Discrimination

We will not discriminate against you if you exercise any of the rights provided by the CCPA set forth in this Supplemental Notice. Please note that a legitimate denial of a request for information, deletion, or to opt-out is not discriminatory, nor is charging a fee for excessive or repetitive consumer requests as permitted by the CCPA.

Personal Information of Minors – Opting In

We do not have actual knowledge that we sell the Personal Information of minors who are at least 13 years old and less than 16 years old.

Disclosure about Direct Marketing

California Civil Code Section § 1798.83 permits California residents to annually request certain information regarding our disclosure of personal information to other entities for their direct marketing purposes in the preceding calendar year. Taiho does not distribute your Personal Information to other entities for its own direct marketing purposes.

Contact Us

If you would like additional information regarding our Supplemental Notice, please email us at privacyofficer@taihooncology.com. California residents who are unable to review or access this Supplemental Notice due to a disability may contact us to access this Supplemental Notice in an alternative format.

Changes to Our Supplemental Notice

Taiho reserves the right to amend this Supplemental Notice at our discretion and at any time. When we make material changes to this Supplemental Notice, we will notify you by posting an updated Supplemental Notice on our website with the effective date.