This Privacy Notice explains the practices that Equillium, Inc. (“Equillium”, “we”, “us”, “our”) follows in connection with the personal data that we collect through this website, when individuals contact us directly or through our clinical trial research.
We may change this Privacy Notice at any time by posting the revised Privacy Notice on this site and indicating the effective date of the revised Privacy Notice.
WHAT IS PERSONAL DATA?
In the context of the work that Equillium performs, personal data refers to any information that relates to an identified or identifiable individual such as a name, email, mailing address, phone number, professional background, or any information related to an individual’s health for the purpose of clinical trial research.
PERSONAL DATA COLLECTION
We collect personal data provided directly by individuals during direct communication with Equillium through email, web forms or by phone. For the purpose of direct communication, we collect name, email address and the reason for the communication.
We collect resumes and cover letters from individuals that apply for a job at Equillium in the United States and other regions such as the European Union.
For the purpose of our research, we do not collect personal data directly. Personal data is collected through the partners (“CRO”, “Site”) that manage the clinical trials that we sponsor. They collect the personal data of the participants of the clinical trial (“Patient”, “Subject”) or as a Site investigator, employee or contractor involved in the clinical trial.
The personal data of Site investigators, employees or contractors is collected through the Clinical Research Organization (“CRO”) that we partner with.
PERSONAL DATA PROCESSING
When an individual contacts Equillium, we store name, email address and message for the purpose of replying to the request for contact.
Resumes are reviewed to determine if the individual’s qualifications match the role they are applying for. Equillium will contact the individual if they are a viable candidate.
The Patient or Subject data that we obtain and process from the Site is pseudonymized and managed through an identifier that we cannot link back to the Patient or Subject.
We process the clinical trial Patient or Subject data to analyze the outcomes of the trial, how the Patient or Subject is responding to treatment and to track and document any safety-related events.
The investigator, employee or contractor data that we obtain from the CRO is used to verify the individual’s qualifications, satisfy documentation requirements for the purpose of the clinical trial and to verify their financial disclosures to avoid any conflict of interest.
LEGAL BASIS FOR PROCESSING
Equillium has identified the legal basis for the processing of personal data in order to comply with different privacy and data protection regulations around the world and specifically to comply with the General Data Protection Regulation (“GDPR”) in the EU.
Equillium will not process (i.e. which includes to collect, store, disclose, share, or otherwise disseminate) personal data unless we have a legal justification to do so. Equillium will only process personal data if:
- We or the CRO we partner with, have obtained explicit consent from the Patients or Subjects participating in the clinical trial prior to the processing of personal data;
- If we need an individual’s personal data to perform a contractual obligation to which they are a party to or where they have requested us to complete a contractual request, such as with a consulting or employment agreement.
- If we need to process personal data to fulfill our legal and regulatory obligations;
- If we have a legitimate interest that will not put the individual’s fundamental rights and freedoms at risk. Such legitimate interests include monitoring activity on our website to improve the functionality of such website, identification and investigation of fraud, and participation in judicial proceedings to defend or pursue a legal claim or to prosecute illegal acts.
PERSONAL DATA DISCLOSURE
Equillium will only disclose personal data without the individual’s consent to the following parties under specific circumstances:
- To Equillium personnel, if required, to fulfill an individual’s request or review qualifications for a job the individual has applied to;
- To service providers that support our systems or support the activities of the clinical trial, including the Sites and the CRO that hold personal data about Patients or Subjects and Site investigators, employees or contractors;
- To law enforcement, regulatory bodies or courts, when we are required to do so under applicable laws and regulations;
- In connection with the sale or reorganization of all or part of our business, as permitted by applicable law.
PERSONAL DATA SECURITY
Equillium is committed to protecting the personal data we collect, process and disclose about individuals. We maintain appropriate safeguards and take reasonable steps to protect personal data, ensure that we limit its use and that we disclose it only to the parties that have a legitimate reason to have access to it.
We ensure that all the parties that we disclose personal data to, internal and external to Equillium, have contractual obligations to protect the security and the confidentiality of the personal data we require to manage.
We collect information about your website visit such as your IP address, what pages you visited and what sections of our website were of most interest to you.
If you do not want your web activity to be tracked, our cookie manager provides you with choices as to what cookies you may opt out of.
You may find the cookie manager when you first load our website or by clicking on the cookie icon on the bottom right hand side of your screen.
PERSONAL DATA TRANSFERS
Personal data will be transferred to systems that reside in the US. The data will always be protected and in some cases pseudonymized to ensure that the risks to your privacy are minimized.
We have implemented Standard Contractual Clauses with the parties that reside in the EU and that require to transfer personal data to Equillium in the US.
PERSONAL DATA RETENTION
Equillium will not retain individuals’ contact information after their request has been fulfilled.
Equillium will retain resumes for a period up to 1 year if the candidate’s application for the role is not successful in the case an opportunity in the future is more suitable to the individual’s expertise.
Equillium and the Sites that we partner with for the purpose of clinical trials will retain the Patients and Subjects personal data for as long as necessary for the purpose of research. In the case of the clinical trials we will retain the personal data for a minimum 10 years after the study ends in order to comply with applicable legal and regulatory obligations.
RIGHTS ABOUT PERSONAL DATA
Subject to any exceptions provided by law, individuals have the right to request access to, update or deletion of their personal data.
Individuals also have the right to request restriction of or object to the processing of their personal data. Lastly, they have the right to request to have their data transferred to another organization in a commonly used format.
On each particular case we will inform the individual of the consequences of their request and if there are any exemptions to honoring these requests based on legal, contractual or regulatory requirements or constraints.
During a clinical trial the right to access, update or delete pseudonymized personal data may be limited as permitted by law. Specifically, we need to process clinical trial related personal data in specific ways in order to maintain the reliability and accuracy of the research. This is done for reasons of public interest in public health as well as for archiving purposes in the public interest, scientific or historical research or statistical purposes.
HOW TO EXERCISE PERSONAL DATA RIGHTS
To submit any request to exercise personal data rights individuals may contact us via email at email@example.com.
PERSONAL DATA BREACH NOTIFICATION
Equillium has implemented procedures to manage any suspected personal data breach, and we will make every effort to notify individuals and any required regulator about the breach where we are legally required to do so.
Should we learn of a personal data breach that affects any individual that has had contact with Equillium, we will notify them to explain how the breach may affect them and to provide any advice on how to protect themselves. We will use the email address that we have on file or we will also post a notice on our website for any individuals whose contact information is not available but may be impacted by the breach.
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Equillium has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by:
EU INDIVIDUALS – RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
If Equillium has collected, processed or disclosed the personal data of an individual who resides in the EU and the individual wants to lodge a complaint with a Supervisory Authority (“Data Protection Authority”) they may do so in the Member State where they reside, where they work or where they may have experienced an issue with the processing of their personal data.
CALIFORNIA RESIDENTS NOTICE
Equillium does not collect, process, disclose or sell your personal data for marketing purposes or for Equillium’s business benefit.
The personal data collected, processed and disclosed for the purpose of clinical trials is not subject to the California Consumer Privacy Act. However, we welcome your contact requests by reaching out to firstname.lastname@example.org if you wish to verify if Equillium holds any personal data about you outside of the scope of clinical trials.
If there are any questions regarding the personal data that Equillium or any of our partners collect, process or disclose or if there is any feedback regarding this Privacy Notice, individuals may contact us at email@example.com.