PRIVACY POLICY

Stemline Therapeutics, Inc. (“Stemline” or “we” or “our”) is committed to respecting and protecting your privacy. This Privacy Policy applies to our collection and use of Personal Information, as defined herein, through our websites (our “Websites”) and offline business-related interactions with you. Your use of our Websites and disclosure of Personal Information to us is subject to and constitutes acceptance of this Privacy Policy.

1. Collection of Personal Information

The types of Personal Information we may collect (directly from you or from third party sources) and our privacy practices depend on the nature of the relationship you have with Stemline and the requirements of applicable law. Below are some of the ways we collect information and how we use it.

Information we collect from or about current, prospective, and former employees, customers, visitors, and guests includes information that may be deemed personal information, such as title, name, address, phone number, email address, user name, government identification (driver’s license, passport) and internet protocol (“IP”) address (collectively, “Personal Information”). We may also collect other information that is not considered Personal Information, such as demographic information you choose to provide to us, such as your business/company information, professional experiences, educational background, nationality, ethnic origin, gender, interests, preferences, and answers to a security question and password.

Additionally, if you participate in any of our programs or services, we may collect information regarding your medications, medical history, and other healthcare-related information, including, but not limited to, protected health information, from individuals or a third party. Any protected health information that is tied to an individual’s Personal Information will be treated as Personal Information, provided that any protected health information will be protected in accordance with the requirements of HIPAA.

Some of the ways that we may collect Personal Information includes:

through surveys and during business/marketing events;
when you use our websites, we may provide you with opportunities to sign up to receive information or services and may ask for your contact information (e.g. name, home address, home phone number or personal email address), so that we can send you information about our products, services, and specific health conditions, with your consent;
when you contact us or enroll in a program that we offer, we may obtain your contact information, details of your health condition, and prescribing information relating to our products;
where healthcare providers who provide you care (either directly or in consultation with your healthcare provider) provide information to us about your health condition and treatment, as well as prescribing information relating to our products used in your treatment;
if you have had any adverse effects when using our products, we are required to collect certain Personal Information in order to comply with regulatory requirements;
where your healthcare professional has obtained your consent to disclose your health condition, diagnosis, and treatment to us; and
as part of marketing activities to healthcare professionals, we may collect various information from healthcare professionals, including their first name, last name, age, gender, home address, home phone number, medical specialization, professional qualifications, license number, and scientific society membership number.
It is not necessary to provide Personal Information in order to view our websites. However, in order to take advantage of certain features available on our websites, it may be necessary to provide Personal Information. If you do not want to provide us with Personal Information, you can choose to not use those features on our websites.

To the extent permitted by applicable data protection laws, we may also receive Personal Information from other sources, which could include commercially available sources, such as public databases and data aggregators. If applicable data protection law requires it, we will obtain your consent before using Personal Information for our business purposes.

2. Other Ways We Collect Personal Information

Through the use of cookies and similar technologies, the information below may be automatically collected when you visit our websites:

  • your IP address, which is the number automatically assigned to your computer whenever you access the Internet and that can sometimes be used to derive your general geographic area;
  • other unique identifiers, including mobile device identification numbers;
  • your browser type and operating system;
  • websites you visited before and after visiting our websites;
  • pages you view and links you click on within our websites;
  • information collected through cookies, web beacons, and other technologies;
  • information about your interactions with e-mail messages, such as the links clicked on and whether the messages were received, opened, or forwarded; and standard server log information.

Cookies are small piece of computer code that enable web servers to “identify” visitors each time someone uses our website. Cookies are used to tailor our website to you, measure and research the effectiveness of our website’s features, provide offers and advertisements, and authenticate users for registered services. You have the ability to delete cookies from your hard drive at any time by clicking on the Privacy or History tab typically found on the Settings or Options menu in your internet browser. By using our websites without changing your cookie settings, you agree to our use of cookies. If you elect to block cookies, you may not be able to take full advantage of the content and features on our websites.
We may also use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on our websites and to develop content. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and processing of data generated by your use of our websites by going to http://tools.google.com/dlpage/gaoptout.

3. Where Personal Information Is Processed and Stored

Although our websites are maintained in the United States, Personal Information may be transferred to and/or accessible to our partners and service providers outside of your country or region, including countries that may not provide a similar or adequate level of protection as provided by your country or region. If you visit our websites from a country other than the United States, your communication with us will result in the transfer of information across international borders.

All Personal Information collected may be stored anywhere in the world, including, but not limited to, in the United States, in the cloud, on our servers, on the servers of our affiliates, or on the servers of our service providers.

Your use of our websites indicates your consent to the collection, storage, and processing of Personal Information in the United States and in any country to which we may transfer Personal Information in the course of our business operations.

4. Use of Personal Information

We respect your privacy and will only use Personal Information for limited purposes, including:

  • to operate and improve our websites, products, information, and services;
  • to understand you and your preferences so that we may enhance our websites, as well as our products and services;
  • to process employment applications;
  • to provide you with customer service, including responding to your comments and questions;
  • to provide and deliver products, information, and services that you request;
  • to send you related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
  • to communicate with you about upcoming events and news about products, information, and services offered by us and our selected partners;
  • to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity; and
  • or as otherwise described to you at the point of collection or pursuant to your consent.

5. Disclosure of Personal Information

We are committed to maintaining your trust and will share Personal Information only under limited circumstances, such as:

  • with service providers that perform certain functions or provide services on our behalf (such as to host our websites, fulfill orders, provide products and services, manage databases, perform analyses, provide customer service, or send communications);
  • as part of a business transaction, including a sale of assets, merger, bankruptcy, business reorganization, or similar event;
  • with third parties in order to protect the legal rights, safety, and security of our organization, affiliates, subsidiaries, partners, and the users of our websites, enforce our Terms of Use, respond to and resolve claims or complaints, prevent fraud or for risk management purposes, and comply with or respond to law enforcement or legal process or a request for cooperation by a government or other entity, whether or not legally required;
  • with third parties for business purposes, subject to applicable data protection laws; and
  • with other organizations, in order to provide aggregate information, such as demographic and usage statistics.

6. Your European Privacy Rights

For European residents only. Under European data protection law, you may have certain data subject rights that may be subject to limitations and/or restrictions. These rights may include the right to:

  • access Personal Information;
  • obtain rectification of Personal Information without undue delay where that personal data is inaccurate or incomplete;
  • request that Personal Information held about you is deleted;
  • obtain the restriction of the processing undertaken by us on Personal Information in certain circumstances, such as where the accuracy of Personal Information is contested by you;
  • object to processing based on legitimate interests and direct marketing; and
  • portability of Personal Information, which allows you to move, copy, or transfer Personal Information from one organization to another, where technically feasible.

Notwithstanding the foregoing, although we make good faith efforts to provide you with access to Personal Information, there may be circumstances under which we are unable to provide access, including, but not limited to, where:

  • Personal Information contains legal privilege;
  • access would compromise others’ privacy or other legitimate rights;
  • the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question; or
  • it is commercially proprietary.

If we determine that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a point of contact for further inquiries.

Where we have obtained your consent for the processing of Personal Information, you have the right to withdraw your consent at any time. This will not affect the lawfulness of the processing that we carried out prior to the withdrawal.

For purposes of European data protection laws, Stemline is the data controller, the company responsible for controlling the processing of Personal Information covered by this Privacy Policy.

To exercise these data subject rights or withdraw consent, you should submit a written request to privacy@stemline.com. You also have the right to file a complaint about the processing of Personal Information to your local data protection authority.

7. Updating Personal Information

If you decide that you do not want Personal Information to be used for the purposes described in this Privacy Policy, you may contact us at our mailing address or email address, set forth in Section 14 below, to request the removal of Personal Information from our database. You may also contact us to correct or update Personal Information.

8. California Privacy Rights

For California residents only. Pursuant to California’s “Shine the Light Act,” California residents are permitted to request and obtain information about what Personal Information is disclosed to third parties for the third party’s direct marketing purposes. We do not share information that we collect with third parties for the third party’s direct marketing purposes.

9. Data Retention and Storage

We retain Personal Information that we receive in accordance with this Privacy Policy for as long as you use our websites or as necessary to fulfill the purpose(s) for which Personal Information was collected, including to provide our products and services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

10. Security of Personal Information

We take commercially reasonable steps to protect Personal Information from unauthorized access, use, or disclosure. However, no method of security or transmission over the Internet or storage of information can be guaranteed to be 100% secure. As a result, while we strive to protect Personal Information, we cannot ensure or warrant the security of information you transmit to us, and you do so at your own risk.

11. Children’s Online Privacy

Our websites are directed to a general audience. We do not knowingly collect, use, maintain, process, or disclose Personal Information from persons we know to be under 13 years of age, without prior parental or guardian consent, except as permitted by the Children’s Online Privacy Protection Act (“COPPA”). If you are the parent or guardian of a child under the age of 13 who you believe may have provided Personal Information to us, please contact us and we will promptly delete such Personal Information from our database.

12. Links to Other Websites

Our websites may contain links to other websites or online services that are operated and maintained by third parties and that are not under our control or maintained by us. Such links do not constitute an endorsement by us of those other websites, the content displayed therein, or the persons or entities associated therewith. We provide these links to you only as a convenience, and any information you provide to those third parties will be used as described by the third parties in their own privacy policies.

13. Company Communications

We may periodically send you e-mails to provide information about our products, relevant scientific or clinical developments, company events, and other related information. If applicable law requires it, we will obtain your consent before sending such emails. If you wish to stop receiving all communications or only certain types of communications from us, please contact us at privacy@stemline.com.

14. Updates to Privacy Policy

We reserve the right to update this Privacy Policy from time to time. If we decide to change this Privacy Policy, we will post those changes on our websites. You are encouraged to review this Privacy Policy regularly for any changes. Your continued use of our websites will be subject to the then-current Privacy Policy. This Privacy Policy was last updated on April 23, 2019.

If you have questions regarding this Privacy Policy, please contact us at: Stemline Therapeutics, Inc., 750 Lexington Avenue, 11th Floor, New York, NY 10022 or e-mail us at privacy@stemline.com.