Privacy Policy
Stemline Therapeutics, Inc. and its affiliates (“Stemline” or “we” or “our”) are committed to respecting and protecting your privacy. This Privacy Policy applies to our collection and use of Personal Information, as defined herein, through our websites (our “Websites”) and offline business-related interactions with you. Your use of our Websites and disclosure of Personal Information to us is subject to and constitutes acceptance of this Privacy Policy.
- Collection of Personal Information
The types of Personal Information we may collect (directly from you or from third party sources) and our privacy practices depend on the nature of the relationship you have with Stemline and the requirements of applicable law. Below are some of the ways we collect information and how we use it.
Information we collect from or about, customers, visitors, and guests includes information that may be deemed personal information, such as title, name, address, phone number, email address, user name, and internet protocol (“IP”) address (collectively, “Personal Information”). We may also collect other information that is not considered Personal Information, such as demographic information you choose to provide to us, such as your business/company information, professional experiences, educational background, nationality, ethnic origin, gender, interests, preferences, and answers to a security question and password.
Additionally, if you participate in any of our programs or services, we may collect information regarding your medications, medical history, and other healthcare-related information, including, but not limited to, protected health information, from individuals or a third party. Any protected health information that is tied to an individual’s Personal Information will be treated as Personal Information, provided that any protected health information will be protected in accordance with the requirements of HIPAA.
Some of the ways that we may collect Personal Information includes:
- through surveys and during business/marketing events.
- when you use our website, we may provide you with opportunities to sign up to receive information or services and may ask for your contact information (e.g. name, home address, home phone number or personal email address), and other information (for healthcare professionals we may collect information about name, age gender, home address, home phone number, work address, work phone number, medical specialization, professional qualifications, license number and/or medical society membership number) so that we can send you information related to Stemline and its affiliates, that may be of interest to you;
- when you contact us or enroll in a program that we offer, we may obtain your contact information, and other personal information you may provide to us.
- if you report any adverse effects when using our products, we are required to collect certain Personal Information in order to comply with regulatory requirements.
It is not necessary to provide Personal Information in order to view our websites. However, to take advantage of certain features available on our websites, it may be necessary to provide Personal Information. If you do not want to provide us with Personal Information, you can choose to not use those features on our websites.
To the extent permitted by applicable data protection laws, we may also receive Personal Information from other sources, which could include commercially available sources, such as public databases and data aggregators. If applicable data protection law requires it, we will obtain your consent before using Personal Information for our business purposes.
- Other Ways We Collect Personal Information
Through the use of cookies and similar technologies, the information below may be automatically collected when you visit our websites:
- your IP address, which is the number automatically assigned to your computer whenever you access the Internet and that can sometimes be used to derive your general geographic area.
- other unique identifiers, including mobile device identification numbers.
- your browser type and operating system.
- websites you visited before and after visiting our websites.
- pages you view and links you click on within our websites.
- information collected through cookies, web beacons, and other technologies.
- information about your interactions with e-mail messages, such as the links clicked on and whether the messages were received, opened, or forwarded; and
- standard server log information.
Cookies are small pieces of computer code that enable web servers to “identify” visitors each time someone uses our website. Cookies are used to tailor our website to you, measure, and research the effectiveness of our website’s features, provide offers and advertisements, and authenticate users for registered services. You have the ability to delete cookies from your hard drive at any time by clicking on the Privacy or History tab typically found on the Settings or Options menu in your internet browser. By using our websites without changing your cookie settings, you agree to our use of cookies. If you elect to block cookies, you may not be able to take full advantage of the content and features on our websites.
We may also use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on our websites and to develop content. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and processing of data generated by your use of our websites by going to http://tools.google.com/dlpage/gaoptout.
- Where Personal Information Is Processed and Stored
Although our websites are maintained in the United States, Personal Information may be transferred to and/or accessible to our affiliates, partners and service providers outside of your country or region, including countries that may not provide a similar or adequate level of protection as provided by your country or region. If you visit our websites from a country other than the United States, your communication with us will result in the transfer of information across international borders.
All Personal Information collected may be stored anywhere in the world, including, but not limited to, in the United States, in the cloud, on our servers, on the servers of our affiliates, or on the servers of our service providers.
Your use of our websites indicates your consent to the collection, storage, and processing of Personal Information in the United States and in any country to which we may transfer Personal Information in the course of our business operations.
- Use of Personal Information
We respect your privacy and will only use Personal Information for limited purposes, including:
- to operate and improve our websites, products, information, and services.
- to understand you and your preferences so that we may enhance our websites, as well as our products and services.
- to process employment applications.
- to provide you with customer service, including responding to your comments and questions.
- to provide and deliver products, information, and services that you request.
- to send you related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
- to communicate with you about upcoming events, news, information, related to Stemline or our affiliate companies and our selected partners.
- to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity; and
- or as otherwise described to you at the point of collection or pursuant to your consent.
- Disclosure of Personal Information
We are committed to maintaining your trust and will share Personal Information only under limited circumstances, such as:
- with our affiliate companies
- with service providers that perform certain functions or provide services on our behalf (such as to host our websites, fulfill orders, provide products and services, manage databases, perform analyses, provide customer service, or send communications);
- as part of a business transaction, including a sale of assets, merger, bankruptcy, business reorganization, or similar event.
- with third parties in order to protect the legal rights, safety, and security of our organization, affiliates, subsidiaries, partners, and the users of our websites, enforce our Terms of Use, respond to and resolve claims or complaints, prevent fraud or for risk management purposes, and comply with or respond to law enforcement or legal process or a request for cooperation by a government or other entity, whether or not legally required;
- with third parties for business purposes, subject to applicable data protection laws; and
- with other organizations, in order to provide aggregate information, such as demographic and usage statistics.
- Updating Personal Information
If you decide that you do not want Personal Information to be used for the purposes described in this Privacy Policy, you may contact us at our mailing address or email address, set forth in Section 13 below, to request the removal of Personal Information from our database. You may also contact us to correct or update Personal Information.
- California Privacy Rights
For California residents only. Pursuant to California’s “Shine the Light Act,” California residents are permitted to request and obtain information about what Personal Information is disclosed to third parties for the third party’s direct marketing purposes. We do not share information that we collect with third parties for the third party’s direct marketing purposes.
- Data Retention and Storage
We retain Personal Information that we receive in accordance with this Privacy Policy for as long as you use our websites or as necessary to fulfill the purpose(s) for which Personal Information was collected, including to provide our products and services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
- Security of Personal Information
We take commercially reasonable steps to protect Personal Information from unauthorized access, use, or disclosure. However, no method of security or transmission over the Internet or storage of information can be guaranteed to be 100% secure. As a result, while we strive to protect Personal Information, we cannot ensure or warrant the security of information you transmit to us, and you do so at your own risk.
- Children’s Online Privacy
Our websites are directed to a general audience. We do not knowingly collect, use, maintain, process, or disclose Personal Information from persons we know to be under 13 years of age, without prior parental or guardian consent, except as permitted by the Children’s Online Privacy Protection Act (“COPPA”). If you are the parent or guardian of a child under the age of 13 who you believe may have provided Personal Information to us, please contact us and we will promptly delete such Personal Information from our database.
- Links to Other Websites
Our websites may contain links to other websites or online services that are operated and maintained by third parties and that are not under our control or maintained by us. Such links do not constitute an endorsement by us of those other websites, the content displayed therein, or the persons or entities associated therewith. We provide these links to you only as a convenience, and any information you provide to those third parties will be used as described by the third parties in their own privacy policies.
- Company Communications
We may periodically send you e-mails to provide information about our products, relevant scientific or clinical developments, company events, and other related information. If applicable law requires it, we will obtain your consent before sending such emails. If you wish to stop receiving all communications or only certain types of communications from us, please contact us at privacy@MenariniStemline.com.
- Updates to Privacy Policy
We reserve the right to update this Privacy Policy from time to time. If we decide to change this Privacy Policy, we will post those changes on our websites. You are encouraged to review this Privacy Policy regularly for any changes. Your continued use of our websites will be subject to the then-current Privacy Policy. This Privacy Policy was last updated on April 23, 2019.
If you have questions regarding this Privacy Policy, please contact us at: Stemline Therapeutics, Inc., 750 Lexington Avenue, 11th Floor, New York, NY 10022 or e-mail us at privacy@MenariniStemline.com.
Privacy policy for people who are in Europe pursuant to article 13 of Regulation EU 2016/679 (GDPR)
The Site is intended for worldwide users, including persons who are in Europe. This document (“Privacy Policy”) is addressed to people who are in Europe and provides information on how the personal data collected by the Company through this website (“Website”) are processed, and constitutes “an information notice to the data subjects” under the terms of art. 13 of the GDPR.
- Data controller, Representative and DPO
In compliance with Regulation EU 2016/679 (GDPR) we inform you that the Controller is Stemline Therapeutics, Inc with offices at 750 Lexington Avenue, 11th Floor New York, NY 10022. (“Company” or “Controller”)
Nominated European Representative pursuant to article 27 of the GDPR is A. Menarini Industrie Farmaceutiche Riunite S.r.l, with registered office in Firenze, Via Sette santi,1
The Data Protection Officer (“DPO”) can be contacted at the following address: dpo@menarini.com
- The Data we process
The following data can be processed:
- When you register to the reserved area, we may ask for your contact information (e.g. name, home address, home phone number or personal email address), and other information (for healthcare professionals we may collect information about name, age gender, home address, home phone number, work address, work phone number, medical specialization, professional qualifications, license number and/or medical society membership number)
- As you navigate around the Site, certain information can be passively collected (that is, gathered without your actively providing the information), including your IP address, which is the number automatically assigned to your computer whenever you access the Internet and that can sometimes be used to derive your general geographic area; other unique identifiers, including mobile device identification numbers; your browser type and operating system;
- Why and how we process your personal data
With your consent, the Company may process your ordinary personal data to enable you to benefit from the available services and functionalities and optimise their performance, to perform statistics on its usage, to manage your registration to any restricted-access areas and initiatives which may be present on the Website pursuant to Article 6.1.a of the GDPR. The Company may also process your personal data to fulfil obligations stemming from laws, regulations, and European Union law: the legal basis for the processing for this purpose is Article 6.1. (c) of the GDPR
Furthermore, with your optional consent, your ordinary personal data may also be used
to fulfil your requests, and depending on your choices:
- fulfil your request to be visited by our representatives.
- for institutional communications (including newsletters) or promotional activities (marketing) i.e., sending advertising material and/or commercial communications pertaining to the Company’s services to the contact details indicated using traditional methods and/or contact methods (i.e. paper-based mail, telephone calls with operator etc.) or automatic means (i.e. communications via Internet, fax, e -mail, text messaging, apps for mobile devices such as smartphones and tablets, social network accounts e.g. Facebook or Twitter, etc.). The legal basis for the processing for this purpose is Article 6.1. (a) of the GDPR.
Finally, the Company may process your ordinary and sensitive personal data to protect its rights in legal proceedings (Articles 6.1.(f) and 9.2.(f) of the GDPR).
All your data are processed using automatic and electronic instruments suitable to ensure full security and confidentiality
- Necessary processing and optional processing
The forms to be completed on this website require you to confer personal data which are strictly necessary to handle your requests. Such Data are marked with an asterisk [*]. If you do not wish provide such data, we will not be able to handle your request.
Conversely, forms may also provide for the possibility to provide personal data which are not strictly necessary to handle your requests: providing such data is optional – failure to do so has no consequence.
- Browsing data
If you only visit the Website (i.e., without sending communications or using any of the available services/functions), the processing of your data is limited to browsing data i.e., data whose transmission to the Website is necessary for the functioning of the computers which operate the Website and of the Internet communication protocols. This category includes, for example, IP addresses or computer domain used to visit the Website and other parameters pertaining to the operating system used to connect to the Website. The Company collects these and other data (such as, for example, number of visits and time spent on the Website) merely for statistical purposes and in anonymous form in order to monitor the functioning of the Website and improve its performance. Such data is not collected to be associated with other information regarding, or for the identification of, users; however, such information, by its very nature, may enable the Company to identify users through processing and association with data held by third parties. Browsing data are normally deleted following processing in anonymous form but can be stored and used by the Company to detect and identify perpetrators of any computer offences committed to the detriment of the Website or using the Website. Without prejudice to this possibility. The browsing data described above are stored only temporarily, in compliance with law.
- Links to other websites
This Privacy Policy applies only to the Website as defined above. Even though the Website may contain links to other websites (known as third party websites), please be informed that the Company does not perform any access or control over cookies, web beacons or other user-tracking technologies that may be active on such third party websites, on the contents and materials published thereon, or on their methods of processing of your personal data; for this reason, the Company expressly declines any liability for such matters. You should therefore verify the privacy policies of such third-party websites and collect information about their terms and conditions and about how they process your personal data.
- How we store data and for how long
In compliance with Article 5.1.(c) of the GDPR, the computers and programmes used by the Company are set up in such a way to reduce the use of personal and identifying data to a minimum. Such data are processed only to the extent required to achieve the purposes indicated in this Policy, and will be stored for as long as strictly necessary for achievement of the specific purposes pursued – in any event, the criterion used to determine the storage period is based on compliance with time limits permitted by law and the principles of data minimisation, storage limitation or rational management of our records.
- Persons who have access to the data
Persons belonging to the following categories are authorised to process the user’s data: technical and administrative staff, IT staff, medical sales representatives, product managers, internal audit and compliance staff, as well as other staff members who require processing the data for performance of their job duties.
Although our websites are maintained in the United States, your data may be transferred to and/or accessible to our affiliates, partners and service providers outside of your country or region, including countries that may not provide a similar or adequate level of protection as provided by your country or region. By visiting our websites from a country other than the United States, or when you provide your consent, you agree to the transfer of information to countries outside of your country of residence, including to the United States, where we are based.
Additionally, the Data can be communicated, also in Third Countries, to: (i) institutions, authorities, public bodies for their institutional purposes; (ii) professionals, independent consultants –working individually or in partnerships- and other third parties and providers which supply to the Company commercial, professional or technical services required to operate the Website (e.g., provision of IT and Cloud Computing services) for the purposes specified above and to support the Company with the provision of the services you requested ; (iii) third parties in the event of mergers, acquisitions, transfers of business -or branches thereof-, audits or other extraordinary operations; (iv) company supervisory bodies in the pursuit of their activities (oversight over the enforcement of legal obligations, ethical standards, etc.). The mentioned recipients shall only receive the Data necessary for their respective functions and shall duly undertake to process them only for the purposes indicated above and in compliance with data protection laws. The Data can furthermore be communicated to the other legitimate recipients identified from time to time by the applicable laws. With the exception of the foregoing, the Data shall not be shared with third parties, whether legal or natural persons, who do not perform any function of a commercial, professional or technical nature for the Controller and shall not be disseminated. The parties who receive the Data shall perform processing as Data Controller, Processor or persons authorised to process personal data, as the case may be, for the purposes indicated above and in compliance with the applicable data protection law.
- Your Rights
You may at any time exercise the rights afforded by Articles 15-22 of the GDPR, including the right to obtain confirmation of the existence of personal data which relate to you, check its content, origin, correctness, location (also with reference to any Third Countries), request a copy, request correction and in cases provided by law, restriction of processing, deletion, oppose to direct contact activities, oppose to direct marketing (also limited to particular means of communication. Likewise, you may always withdraw consent and/or make observations on specific issues regarding processing operations of your personal data which you regard as incorrect or unjustified by your relationship with the Company, or lodge a complaint with the Data Protection Authority.
You may contact the Controller (contact-us or contact mail address) and/or DPO at the addresses displayed above to make any requests regarding personal data processing by the Company, to exercise your legal rights and to obtain an updated list of the parties who have access to your data.