Privacy Policy

Privacy Policy


PALETTE LIFE SCIENCES, INC. PRIVACY NOTICE

 

LAST UPDATED:  November 1, 2019

This Privacy Notice is intended to describe how Palette Life Sciences, Inc., (“Palette”) collects, uses, and shares Personal Data that you submit to us and that we collect through our website www.mysolesta.com (the “Site”).  The Site provides a venue to obtain information about Palette’s Solesta Product and our company, allow patients to search for local physicians, and allow healthcare physicians to receive training on Solesta and contact Palette (collectively, the “Services”). 

INFORMATION WE COLLECT

For purposes of this Privacy Notice, “Personal Data” means any information relating to an identified or identifiable natural person.  As described in detail below, we may collect certain Personal Data from or about you in connection with your use of, or your submissions to, the Site. 

We may collect Personal Data as follows:

  • When you communicate with us, sign up for materials, and interact with the Site.  We may collect Personal Data, such as your name, address, phone number, email address, fax number, medical information and business contact information, when you communicate with us or submit information to us, including through the Request a Visit Form, Solesta Reimbursement Form or contact us feature.  We may also collect Personal Data when you interact with our Site our utilize Site features, and when you sign up to receive newsletters, updates, or other information.  

  • When we collect data from third parties or publicly-available sources.  We may obtain certain data about you from third-party sources to help us provide and improve the services.  We may combine your Personal Data with data we obtain from our services, other users, or third parties to enhance your experience and improve the services. 

  • When we leverage and/or collect cookies, device IDs, Location, data from the environment, and other tracking technologies.  We may collect certain Personal Data using cookies and other technologies, such as web beacons, device IDs, geolocation, HTML5 local storage, Flash cookies, and IP addresses. We specifically use browser cookies for different purposes, including cookies that are strictly necessary for functionality and cookies that are used for personalization and performance/analytics. When you visit the Site, we may also automatically collect certain data about your device, including information about your web browser, IP address, and time zone. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site.  Our “Use of Cookies and Similar Technologies” section contains more information and options to control or opt-out of certain data collection or uses.

You are not required to provide all Personal Data identified in this Privacy Notice in order to use the Site; however, if you do not provide the Personal Data requested, we may be unable to provide some or all of the Services to you.

USE OF COOKIES AND SIMILAR TECHNOLOGIES

The Site uses cookies and similar technologies to improve user experience, for performance and analytics, and to improve our content, products, and services.  We also use cookies and similar technologies for purposes of marketing and advertising.  

A “cookie” is a small text file that a web server stores in browser software.  A browser sends cookies to a server when the browser makes a connection to the server (for example, when requesting a web page from the same domain that created the cookie). The purpose of cookies is to remember the browser over time and distinguish one browser instance (or user) from all others.  Some cookies and other technologies may serve to track Personal Data previously entered by a web user on our site. Most browsers allow you to control cookies, including whether or not to accept them, and how to remove them.   Cookies can remember login information, preferences, and similar information.  

Cookies, as well as other tracking technologies, such as HTML5 local storage, and Local Shared Objects (such as “Flash” cookies), and similar mechanisms, may record information such as a unique identifier, information you enter in a form, IP address, and other categories of data. 

We may also use web beacons or “pixels,” and in certain circumstances may collect IP address, screen resolution and browser software and operating system types, clickstream patterns, dates and times that our site is accessed, and other categories of data.

If you want to block the use and saving of cookies from the Site on to the computers’ hard drive, you should take the necessary steps within your web browser’s settings to block all cookies from the Site and its external serving vendors, or use the cookie control system, if available upon first visit.  Please note that if you choose to erase or block your cookies, certain parts of our Site may not function correctly. For information on how to disable cookies, refer to your browser’s documentation.

Our Site may use the following technologies to implement cookies and pixels:

  • Google Analytics.  In order to ensure that the content from the Solesta website remains up to date, user-oriented and comprehensive, this website employs Google Analytics, a web-analysis tool from Google Inc. ("Google") that enables us to optimize our Services for you. Google Analytics uses cookies that track your preferences during your visit to our websites. This allows us to simplify navigation, for example, thereby helping us to make the site more user-friendly. The information that is generated in this process (including the IP address) is anonymized, making personal identification impossible. An evaluation for reporting purposes is carried out only after the anonymization process. The data, generated by this Cookie are usually transferred and stored on a server in the USA. As a user of our websites, you always have the option of disabling cookies in your browser settings. Most browsers allow cookies as a default setting. Should you change this setting, this may disrupt certain functions of our websites. Furthermore, you can prevent Google's acquisition and processing of the information that is generated by the cookie and concerns your activity on the website (including your IP address) by downloading and installing a browser plug-in. In this process, your IP-Address is in a first step reduced to Countries in the European Union or other Countries in the European Economic Community. The actual link to the tool is: http://tools.google.com/dlpage/gaoptout?hl=us. Further information on the terms of use and the privacy options of Google are available on:
    http://www.google.com/analytics/terms/us.html

  • Google AdWords. As an AdWords customer, the Solesta website moreover uses Google conversion tracking by Google on some pages. This means that Google AdWords places a cookie on your computer (“conversion cookie”) if you have accessed our webpage via a Google ad. These cookies become invalid after 30 days. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognize that someone has clicked on an ad and been directed to our page as a result thereof. Each AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information collected with the help of the conversion cookie allows us to prepare conversion statistics to optimize our services. AdWords customers know, for instance, the total number of customers who have clicked on their ad and been redirected to a page with a conversion tracking tag. But they do not receive any information by which users can be personally identified. If you do not want to participate in the tracking, you can prevent the placement of the necessary cookie – for instance through a browser setting that deactivates the automatic placement of cookies in general. “You can also deactivate conversion tracking cookies by setting your browser to block cookies from the domain googleadservices.com”.

  • Google Remarketing. Moreover, the Solesta website uses Google’s Remarketing technology on some pages. With this technology, users who have already visited our web pages and online services and shown in interest in what we have to offer are shown targeted advertising on other websites of the Google Partner network. The ads are displayed through the use of cookies, by means of which the user’s behavior during his or her visit to the website is analyzed and then used for targeted product recommendations and interest-based advertising. 


If you do not wish to receive any interest-based advertising, you can deactivate Google’s use of cookies for these purposes by going to https://www.google.com/settings/ads. Alternatively, users can deactivate cookies from third-party providers by going to the network advertising initiative’s deactivation page (link: http://www.networkadvertising.org/managing/opt_out.asp).

  • Facebook Pixel. The Solesta website uses the “Facebook pixel” provided by the social network Facebook (“Facebook”). As a result, so-called tracking pixels are integrated into our web pages . When you visit our web pages, the tracking pixel will create a direct link between your browser and the Facebook server. Thus, Facebook will receive the information from your browser that our web page was accessed from your device. If you are a Facebook user, Facebook can therefore associate your visit to our pages with your user account. Please note that we as the provider of these web pages are not notified of the content of the data transmitted or of the use thereof by Facebook. We can merely specify the segments of Facebook users (based on criteria such as age, interests) on whose pages we would like our ads to be displayed. Moreover, when this pixel is called up later on from your browser, Facebook can then determine whether an ad on Facebook was successful, for instance whether it has led to an online purchase. We receive from Facebook merely statistical data on this, without any references to a specific individual. This allows us to collect information about the effectiveness of the Facebook ads for statistical and market research purposes. 
    For more information concerning this topic, please see Facebook’s privacy policy at https://www.facebook.com/about/privacy/. Please click here (link: https://www.facebook.com/settings?tab=ads) if you do not wish to have your data collected via the Facebook pixel.

Please note that Google and Facebook have their own privacy policies which are independent from ours. We do not accept any responsibility or liability for these policies and procedures. Before using our website, please inform yourself about Google’s privacy policy (Link: http://www.google.com/privacy.html) and Facebook’s data policy (Link: https://www.facebook.com/about/privacy/).

HOW WE USE THE INFORMATION WE COLLECT 

We may use Personal Data for a variety of different purposes as set out in further detail below.  Subject to applicable law, the purposes for which we use and process Personal Data, and the legal basis for such processing, are set forth below.

  • For our legitimate Interests. To operate our business and provide the Services, other than in performing our contractual obligations to you, for our “legitimate interests” for the purposes of applicable law, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.  Legitimate interests may include:

    • To maintain the Site and provide the Services, including for technical support;

    • To communicate with you regarding the Services, including to provide you important notices regarding changes to our Terms of Use;

    • To address and respond to your requests, inquiries, and complaints;

    • To develop, provide, and improve the Site and Services, including to better tailor the features, performance, security and support of our Services and the Site, and for statistical and analytics purposes; 

    • For our direct marketing purposes;

    • For fraud, loss, and other crime prevention purposes;

    • To assist in the investigation of suspected illegal or wrongful activity, and to protect and defend our rights and property, or the rights or safety of third parties; 

    • To enforce our Terms of Use, this Privacy Notice, or agreements with third parties; 

    • To comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process; or

    • Subject to applicable contractual or legal restrictions, in connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction. 

  • For the performance of a contract. To perform our contractual obligations to you, including to fulfil your request for Services, to contact you in relation to any issues with our Services, where we need to provide your Personal Data to our service providers, or to take steps in response to information or inquiries you may submit prior to entering into a contract or partnership with us.

  • To comply with legal obligations.  To comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process.

  • To protect data subjects’ vital interests.  To protect the vital interests of you or of another person.

In some cases where we are not already authorized to process the Personal Data under applicable law, we may ask for your consent to process your Personal Data:

  • Special Categories of Personal Data.  We generally do not collect or require special categories of Personal Data (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health information, biometric data, or sexual orientation) in order to access our Site or utilize the Services.  In the event we may need to collect such information to provide a specific service to you, we will obtain your consent as required by law. In certain circumstances, subject to applicable law, we may process or otherwise disclose special categories of Personal Data without consent, such as to protect the vital interests of you or of another person.

  • Cookies.  We may also request consent for some cookies in accordance with our cookie policy above. 

HOW WE MAY DISCLOSE INFORMATION

We may disclose Personal Data as described in this Privacy Notice, including:

  • Affiliates.  We may disclose some or all of your Personal Data to our subsidiaries, joint ventures, and other companies under our common control (collectively, "Affiliates"), for the purposes described in this Privacy Notice.  Where we share Personal Data with our Affiliates, we will require our Affiliates to honor this Privacy Notice.

  • Service Providers.  We may disclose Personal Data to business partners, distributors, service providers, marketing partners, and vendors in order to maintain the Site and provide, improve, and personalize the Services.  We may also share Personal Data for other technical and processing functions, such as sending e-mails on our behalf, technical support, or otherwise operating the Site, for analytics, and for marketing purposes. Such third parties may have access to Personal Data only as needed to perform their functions for us, and they may not use Personal Data for other purposes.

  • Pursuant to Legal Process and Protection of Rights.  We may also disclose Personal Data to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or other lawful request for information we receive, or as otherwise pursuant to legal process. We may also use and disclose Personal Data to establish or exercise our legal rights, to enforce our Terms of Use, this Privacy Notice, or agreements with third parties, to assert and defend against legal claims, or if we believe such disclosure is necessary to investigate, prevent, or take other action regarding actual or suspected illegal or fraudulent activities or potential threats to the physical safety or well-being of any person.

  • Corporate Transactions.  Subject to applicable law, Palette reserves the right to sell or transfer Personal Data in the event that Palette is acquired by or merged with another company or in connection with the potential sale or transfer of some or all of the business assets of the Site or Palette, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction.  If the sale occurs, the purchaser will be entitled to use and disclose the Personal Data collected by us, and the purchaser will assume the rights and obligations regarding Personal Data as described and limited in this Privacy Notice.

DE-IDENTIFIED OR ANONYMOUS DATA

We may create de-identified or anonymous data from Personal Data by removing data components (such as your name, email address, or linkable tracking ID) that makes the data personally identifiable to you or through obfuscation or through other means.  Our use of anonymized data is not subject to this Privacy Notice.

DO-NOT-TRACK

Do-Not-Track is a public-private initiative that has developed a “flag” or signal that an Internet user may activate in the user’s browser software to notify websites that the user does not wish to be “tracked” by third-parties as defined by the initiative. The online community has not agreed on what actions, if any, should be taken by the websites that receive the “do not track” signal, and therefore Do-Not-Track is not yet standardized. Please note that the Site does not alter its behavior or use practices when we receive a Do Not Track signal from your browser.

INFORMATION FROM CHILDREN UNDER 13 YEARS OF AGE 

We do not knowingly collect information from minors under the age of 13 years.  If you become aware that an individual under 13 years of age has provided us with Personal Data without parental consent, please contact us at websupport@palettelifesciences.com.  If we become aware that an individual under 13 years has provided us with Personal Data, we will take steps to remove the data as permitted by law.

LINKS TO OTHER SITES

Our Site may contain links or otherwise provide access to another website, mobile application, or Internet location (collectively “Third-Party Sites”).  We provide these links merely for your convenience. Palette has no control over, does not review, and is not responsible for Third-Party Sites, their content, or any goods or services available through the Third-Party Sites. Our Privacy Notice does not apply to Third-Party Sites.  We encourage you to read the privacy policies of any Third-Party Site with which you choose to interact.

EUROPEAN UNION DATA SUBJECT RIGHTS

Scope. This section applies if you are an EU User (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway).

Data Controller. Palette is the data controller for Personal Data provided to us through your interactions with the Site. To find out our contact details, please see the “Contact Us” section below, which also provides the contact details of our EU Representative pursuant to Article 27 of the General Data Protection Regulation   

Your Rights. Subject to applicable EU law, you may have the following rights in relation to your Personal Data that we hold about you that is collected through your use of our Site depending upon the EU member state in which you reside:

  • Right of Access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of all Personal Data you are lawfully entitled to receive along with certain other details. If you require additional copies, we may need to charge a reasonable fee.

  • Right to Rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.

  • Right to Erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent, where applicable. If we shared your data with others, we will tell them about the erasure where possible. We have no current plans to share your Personal Data. But, should we ever share your Personal Data, if you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.

  • Right to Restrict Processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly. 

  • Right to Data Portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by us by automated means.  We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.

  • Right to Object: You may ask us at any time to stop processing your Personal Data, and we will do so:

    • If we are relying on a legitimate interest to process your Personal Data -- unless we demonstrate compelling legitimate grounds for the processing; or

    • If we are processing your Personal Data for direct marketing.

  • Right to Withdraw Consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.

  • Rights in Relation to Automated Decision-making: You have the right to be free from decisions based solely on automated processing of your Personal Data, (including profiling) unless this is necessary in relation to a contract between you and us or you provide your explicit consent to this use.

  • Right to Lodge a Complaint with the Data Protection Authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.

Please see the “Contact Us” section below for information on how to contact us to exercise your rights. 

Legitimate Interest. “Legitimate interest” means our interest in conducting our business, managing and delivering the best experiences on the Site to you. This Privacy Policy describes when we process your Personal Data for our legitimate interests, what these interests are and your rights. We will not use your Personal Data for activities where the impact on you overrides our interests, unless we have your consent or those activities are otherwise required or permitted to by law. 

WITHDRAWING YOUR CONSENT 

In most cases, we need to process certain of your Personal Data in order to fulfil our contractual obligations to you and for our legitimate interests.  Where the basis of processing is legitimate interests, you have a right to object to the processing of your Personal Data. Please note that, subject to applicable law, we may continue to process your Personal Data even where you object if there are compelling legitimate grounds for processing that override your interests and rights, or where processing is necessary to establish, exercise, or defend legal claims.

Where consent is the basis of processing, you may at any time withdraw the consent you provided for the processing of your Personal Data for the purposes set forth in this Privacy Notice by contacting us at websupport@palettelifesciences.com, provided that we are not required by applicable law or professional standards to retain such information. 

If you would like to stop receiving newsletters or other marketing or promotional messages, notifications, or updates, you may do so by following the unsubscribe instructions that appear in these e-mail communications.  Alternatively, you may contact us at websupport@palettelifesciences.com to opt-out of direct marketing. Please be advised that you may not be able to opt-out of receiving certain service or transactional messages from us, including legal notices and certain communications related to the provision of the Services.

Please note that if you do not provide consent, if you withdraw your consent or object to processing, or if you choose not to provide certain Personal Data, we may be unable to provide you some or all of the Services.

TRANSFER OF DATA

Please note that if you are visiting the Site from outside of the United States, your information may be transferred to, stored, and/or processed in this country.  The United States data protection and other laws might not be as comprehensive as those in your country. If you are located outside of the United States, the transfer of Personal Data is necessary to provide you with the requested information and Services and/or to perform any requested transaction. By using any portion of the Site, you acknowledge and consent to the transfer of your information to our facilities in the United States. 

DATA RETENTION

We will retain your Personal Data for as long as is necessary to provide the Services, or for such longer period as may be required or permitted by applicable law.  We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.  

SECURITY

Palette uses technical and organizational security measures designed to secure and protect Personal Data.  Please note, however, we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.

CALIFORNIA PRIVACY RIGHTS

Under Section 1798.83 of the California Civil Code, residents of California have the right to request free of change, from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information (as defined by California law) the business shares with third parties for those third parties' direct marketing purposes, and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To exercise your rights, you may make one request each year by emailing us at websupport@palettelifesciences.com with "Request for California Privacy Information" in the subject line and in the body of your message. Be sure to provide in the request sufficient information to properly identify you and/or the members of your family.

UPDATES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time.  The most recent version of the Privacy Notice is reflected by the version date located at the top of this Privacy Notice. We encourage you to review this Privacy Notice often to stay informed of how we may process your information.

CONTACT US

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at websupport@palettelifesciences.com or by mail at the following address: 

Palette Life Sciences, Inc. 

27 E Cota Street

Floor 4

Santa Barbara, Santa Barbara County 93101

You have the right to complain to data protection authorities located in your jurisdiction. The contact details for certain data protections agencies in the US and EU are provided here for reference only:

US: 1-844-350-9656

EU- France: 0 800 000 013

EU- Germany: 0 800 1813 334

EU- Italy: 800 785 440

EU- Spain: 900 993 304

EU- UK: 080 823 4628