PRIVACY POLICY
Effective Date: June 14, 2021
This Privacy Policy (“Privacy Policy”) explains how Sorrento Therapeutics, Inc. and its affiliates and subsidiaries (collectively, “Sorrento,” “us,” “we,” or “our”) collects, uses, and shares your personal information in connection with the websites, applications, and portals we operate that link to this Privacy Policy (collectively, the “Site”), our social media pages, and our email communications (collectively, and together with the Site, the “Service”).
This Privacy Policy does not necessarily apply to personal information you may have provided or will provide to us in settings other than by or through the Site. Separate or additional privacy policies may apply to personal information that is otherwise collected by Sorrento, such as in connection with our clinical trials, patient laboratory services, or COVISTIX products. Sorrento reserves the right, at any time, to modify this Privacy Policy. If we make revisions that change the way we collect, use, or share personal information, we will post those changes in this Privacy Policy. You should review this Privacy Policy periodically so that you keep up to date on our most current policies and practices. We will note the effective date of the latest version of our Privacy Policy at the top of this Privacy Policy. Your continued use of the Service following posting of changes constitutes your acceptance of such changes.
COLLECTION OF PERSONAL INFORMATION
- Personal Information You Provide. We may collect the following personal information that you provide through our Service or otherwise:
- Contact information, such as name, email address, mailing address, phone number, and location.
- Professional information, such as job title, organization, NPI number, or area of expertise.
- Account information, such as the username and password you create if you access our client portal, along with any other registration data.
- Preferences, such as your marketing or communication preferences.
- Communications, including information associated with your inquiries to us and any feedback you provide when you communicate with us.
- Applicant information, such as your resume, CV, employment interests, and other information your may provide when applying for a job or opportunity with us or requesting information about employment opportunities through the Service.
- Other information that you choose to provide but is not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.
- Personal Information Collected Automatically. We, our service providers, and our business partners may automatically log information about you, your computer, or your mobile device and your activity over time on our Service and other sites and online services, such as:
- Online activity information, such as the website you visited before browsing to the Service, pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
- Device information, such as your computer or mobile device operating system type and version number, wireless carrier, manufacturer and model, browser type, screen resolution, IP address, unique identifiers, and general location information such as city, state, or geographic area.
- Cookies and Similar Technologies. Like many online services, we use cookies and similar technologies to facilitate some of our automatic data collection, including:
- Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising. For more information, please visit our Cookie Policy.
- Web beacons, also known as pixel tags or clear GIFs, which are typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.
- Personal Information Received from Third Parties. We may also receive personal information about you from third parties, such as our business partners, clients, vendors, subsidiaries and affiliates, data providers, marketing partners, and publicly-available sources, such as social media platforms.
- Referrals. Users of the Service may have the opportunity to refer colleagues or other contacts to us and share their contact information. Please do not provide us with someone’s contact information unless you have their permission to do so.
- Sensitive Personal Information. Unless we specifically request it, we ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Service, or otherwise to us.
USE OF PERSONAL INFORMATION
We may use your personal information for the following purposes and as otherwise described either in this Privacy Policy or at the time of collection.
- To Provide the Service. We may use your personal information to:
- provide and operate the Service and our business;
- monitor and improve your experience on the Service;
- create and maintain your account on our applications or portals;
- review and respond to your requests or inquiries;
- communicate with you about the Service and other related communications; and
- provide materials, products, and services you request.
- Research and Development. We may use your information for research and development purposes, including to improve the Service, understand and analyze the usage trends and preferences of our users, and develop new features, functionality, and services. As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.
- Direct Marketing. We may send you Sorrento-related or other direct marketing communications as permitted by law. You may opt-out of our marketing communications as described in the “Your Choices” section below.
- Interest-Based Advertising. We may work with third-party advertising companies and social media companies to help us advertise our business and to display ads on our Service and other sites. These companies may use cookies and similar technologies to collect information about you (including the device data and online activity data described above) over time across our Service and other sites and services or your interaction with our emails, and use that information to serve ads that they think will interest you. You can learn more about your choices for limiting interest-based advertising in the “Your Choices” section below.
- Recruitment and Processing Applications. In connection with our recruitment activities or your applications or inquiries regarding employment opportunities with Sorrento via the Service, we may use your personal information to evaluate applications, respond to inquiries, review credentials, contact references, conduct background checks and other security reviews, and otherwise use personal information for HR and employment-related purposes.
- To Comply with Laws and Regulations. We will use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
- For Compliance, Fraud Prevention, and Safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) maintain the safety, security, and integrity of our Service, products and services, business, databases and other technology assets; (b) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (c) audit our internal processes for compliance with legal and contractual requirements and internal policies; (d) enforce the terms and conditions that govern the Service; and (e) prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
- With Your Consent. In some cases we may specifically ask you for your consent to collect, use, or share your personal information, such as when required by law.
SHARING OF PERSONAL INFORMATION
We may share your personal information with the entities and individuals listed below or as otherwise described in this Privacy Policy or at the point of collection.
- Related Companies. We may share information collected about you with any member of our group of companies, including affiliates, our ultimate holding company, and its subsidiaries. For example, we will share your personal information with our related companies to provide our products and services to you, where other companies within our group perform components of the full service offering.
- Service Providers. We share personal information with third parties and individuals who perform functions on our behalf and help us run our business. For example, service providers help us perform website hosting, maintenance services, database management, web analytics, marketing, and other purposes.
- Advertising Partners. We may also share personal information collected about you with third parties who we partner with for advertising campaigns, contests, special offers or other events or activities in connection with our Service, or that collect information about your activity on the Service and other online services to help us advertise our products and service, and/or use hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms.
- Business Transferees. We may disclose personal information collected about you with third parties in connection with any business transaction (or potential transaction) involving a merger, sale of company shares or assets, financing, acquisition, consolidation, reorganization, divestiture, or dissolution of all or a portion of our business (including in connection with a bankruptcy or similar proceedings).
- Authorities, Law Enforcement, and Others. We may also disclose information collected about you to law enforcement, government authorities, and private parties, if disclosure is necessary to comply with any applicable law or regulation, in response to a subpoena, court order, governmental inquiry, or other legal process, or as we believe necessary for the compliance and protection purposes described in section titled “Use of Personal Information” above.
- Professional Advisors. We may share your personal information with persons, companies, or professional firms providing Sorrento with advice and consulting in accounting, administrative, legal, tax, financial, debt collection, and other matters.
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
Some Sorrento companies are headquartered in the United States, and we have service providers in the United States and other countries. Your personal information may be collected, used, and stored in the United States or other locations outside of your home country. Privacy laws in the locations where we handle your personal information may not be as protective as the privacy laws in your home country. By providing your personal information, where applicable law permits, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein or in any applicable terms of service.
European users may view the section below titled “Notice to European Users” for additional information regarding any transfers of your personal information.
SECURITY
No method of transmission over the internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from the risks presented by unauthorized access or acquisition, we cannot guarantee the security of your personal information.
OTHER WEBSITES AND SERVICES
The Service may contain links to other websites and online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or online services that are not associated with us. We do not control third party websites or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and online services you use.
YOUR CHOICES
In this section, we describe the rights and choices available to all users.
- Promotional Emails. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us as described below. You may continue to receive service-related and other non-marketing emails.
- Cookies. Please visit our Cookie Policy for more information.
- Advertising Choices. You can limit the use of your information for interest-based advertising by blocking third-party cookies in your browser settings, using browser plug-ins/extensions, and/or using your mobile device settings to limit the use of the advertising ID associated with your mobile device. You can also opt out of interest-based ads from companies participating in the following industry opt-out programs by visiting the linked websites: the Network Advertising Initiative (http://www.networkadvertising.org/managing/opt_out.asp), the European Interactive Digital Advertising Alliance (for European users – http://www.youronlinechoices.eu/), and the Digital Advertising Alliance (optout.aboutads.info). The opt-out preferences described here must be set on each device and/or browser for which you want them to apply. Please note that we also may work with companies that offer their own opt-out mechanisms or do not participate in the opt-out mechanisms described above, so even after opting-out, you may still receive some cookies and interest-based ads from other companies. If you opt-out of interest-based advertisements, you will still see advertisements online but they may be less relevant to you.
- Do Not Track. Some browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To learn more about “Do Not Track,” please visit http://www.allaboutdnt.com.
- Declining to Provide Information. We need to collect personal information to provide certain services. If you do not provide the information requested, we may not be able to provide those services.
NOTICE TO EUROPEAN USERS
The information provided in this section applies only to individuals in the European Union, the European Economic Area, and the United Kingdom (collectively, “Europe”).
Except as otherwise specified, references to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.
- Controller. Where relevant, the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation is the Sorrento entity providing the Site or Service.
- Legal Bases for Processing. The legal bases of our processing of your personal information as described in this Privacy Policy will depend on the type of personal information and the specific context in which we process it. However, the legal bases we typically rely on are set out in the table below. We rely on our legitimate interests as our legal basis only where those interests are not overridden by the impact on you (unless we have your consent or our processing is otherwise required or permitted by law). If you have questions about the legal basis of how we process your personal information, contact us at privacy@sorrentotherapeutics.com.
Processing Purpose (as described above in the “Use of Personal Information” section) | Legal Basis |
To Provide the Service | Processing is necessary to perform the contract governing our operation of the Service, or to take steps that you request prior to engaging our services. Where we cannot process your personal data as required to operate the Service on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the products or services you access and request. |
Research and Development | Processing is based on our legitimate interests in performing research and development as described in this Privacy Policy. |
Direct Marketing | Processing is based on your consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business and showing you tailored relevant content. |
Interest-Based Advertising | Processing is based on your consent where that consent is required by applicable law. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Service. |
To Process Applications | Processing is based on our legitimate interests in performing research and development as described in this Privacy Policy. |
To Comply with Laws and Regulations | Processing is necessary to comply with our legal obligations or based on our legitimate interests in recruitment and hiring. In some cases, processing may also be based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Service. |
For Compliance, Fraud Prevention, and Safety | Processing is necessary to comply with our legal obligations or based on our legitimate interests in protecting our or others’ rights, privacy, safety, or property. |
With Your Consent | Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Service. |
- Use for New Purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.
- Retention. We will retain your personal data for as long as necessary to fulfill the purpose of collection, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish and defend legal claims, for fraud prevention purposes, or as long as required to meet our legal obligations.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. - Your Rights. European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You may submit these requests by contacting us at privacy@sorrentotherapeutics.com or at the mailing address listed below. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
- Cross-Border Data Transfer. If we transfer your personal information to a country outside of Europe such that we are required to apply additional safeguards to your personal information under European data protection laws, we will do so. Please contact us for additional information about any such transfers or the specific safeguards applied.
CONTACTING US
If you have questions or concerns about our Privacy Policy or any other privacy or security issue, please email us at privacy@sorrentotherapeutics.com or write to us at the address below: Sorrento Therapeutics, Inc.
4955 Directors Place
San Diego, CA 92121
ATTN: Legal