Privacy Shield Framework
Tricida has self-certified to the EU-US and Swiss-US Privacy Shield program, which you can read about here.
Effective Date: June 23, 2020
2.2 Along those lines, Tricida is the “Controller” of the personal data it collects, which means we are the entity that decides how to collect, process, and use personal data.
3.1 Not all data is “personal data” under the law, but much of it is. Because we take privacy and the security of data seriously, we’ve taken the approach that the broadest definition of personal data is best, because it allows us to explain what we collect more simply. And so, for Tricida’s purposes, personal data is:
3.2 These are the categories of personal data that we collect:
3.3 As explained below, we may combine different kinds of personal data or combine the personal data you’ve given us with non-personal data. If the combined data can identify you, we’ll treat it like personal information, even though some parts of the combined data can’t identify you.
3.4 We do not collect any “Special Categories” of Personal Data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data, or information about criminal convictions or offenses.
3.5 We also don’t collect any health information about a particular patient. That means we do not collect, and any user of this Site or the Neph+ app should not provide, any patient-level data including data that would be considered Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) or the Health Information Technology for Economic and Clinical Health Act (“HITECH”).
We collect personal data in a variety of ways, depending on how you interact with us, including:
4.1 Direct interactions.
You may give us your Basic, Device, Usage, Technical, Profile, or Feedback and Marketing Data, by interacting with us, as when you:
4.3 From third parties or publicly available sources. We may receive personal data about you from various third parties and public sources. That includes our third-party vendors for monitoring activity on our Site, including user interaction and fraud prevention (Google and Conductor).
What are Cookies?
Cookies and other online tracking technologies are small bits of data or code that are used to identify your devices when you use and interact with our websites and other services. They are often used for remembering your preferences, to identify you when you log into a site, or to give us the ability to recognize you when you interact with us or our Site.
We can only place cookies for lawful reasons, and we do. For now, the only reasons we place them are
1) To help our site work properly
2) To identify you when you visit our site
3) To make your interaction with the site easier, or
4) To track activity on our sites.
Using information collected from cookies: where we want to use the information that cookies and similar technologies collect, we either need your consent or a legitimate interest.
What Cookies Do We Use and Why?
Essential Cookies and Similar Technologies
Analytics Cookies and Similar Technologies
These collect information about your use of our Site and enable us to improve the way they work. For example, analytics cookies show us which are the most frequently visited pages on our Site. They help us record how you interact with our Site, such as how you navigate around pages and from page to page, identifying improvements we can make. They also help identify any difficulties you have accessing our services, so we can fix any problems. Additionally, these cookies allow us to see overall patterns of usage at an aggregated level.
Functional/Preference Cookies and Similar Technologies
These cookies collect information about your choices and preferences, and allow us to remember things like language, your username (so you can log in faster), text size, and location, so we can show you relevant content to where you are. They allow us to customize the services you have accessed. We also may use these cookies to provide you with services such as video clips.
Tracking, Advertising Cookies, and Similar Technologies
These cookies record your visit to our Site, the pages you have visited, and the links you have clicked. They gather information about your browsing habits and remember that you have visited a website. We (and third-party advertising platforms or networks) may use this information to make our Site content and advertisements displayed on them more relevant to your interests (this is sometimes called “behavioral” or “targeted” advertising). These types of cookies are also used to limit the number of times you see an advertisement as well as to help measure the effectiveness of advertising campaigns.
Web Beacons and Tracking Pixels
These are bits of data that count the number of users who access a website or webpage and can also allow us to see if a cookie has been activated. Web beacons used on web pages or in emails allow us to see how successful an article has been, or whether an email message was successfully delivered and read in a marketing campaign. Web beacons are also used to verify any clicks through to links or advertisements contained in emails. We may use this information to help us identify which emails are more interesting to you.
We may, in certain situations, use Adobe Flash Player to deliver special content, such as video clips or animation. To improve your user experience, Local Shared Objects (commonly known as Flash cookies) are used to provide functions such as remembering your settings and preferences. Flash cookies are stored on your device, but they are managed through an interface different from the one provided by your web browser.
Tracking URLs are a special web link that allows us to measure when a link is clicked on. They are used to help us measure the effectiveness of campaigns and advertising and the popularity of articles that are read.
We may collect and analyze a device’s browser information to help identify that device, present content correctly, conduct analytics and help prevent and detect fraud.
If you Access our Services from a Mobile Device
We may collect a unique device identifier assigned to that device, some limited geo-location data, and other transactional information for that device.
Protect our Networks
Cookies and similar technologies help us identify and prevent threats to our sites. They are necessary to protect your information and our business from outside threats.
Allow you to Access our Services
Cookies and similar technologies permit your connection to our Site: our servers receive and record information about your computer, device, and browser, including potentially your IP address, browser type, other software or hardware information, and your geographic location.
Access Usage of Services
We use information about your usage of our services and websites such as pages you have visited, content you have viewed, search queries you have run, and advertisements you have seen or interacted with to assess how our services are used.
Provide Relevant Content
We adjust the content on our Site and in our communications with you depending on what we know about the content, products and services that you like. This means we can highlight content that we believe will be of interest to you. We provide personalization by using cookies, IP addresses, web beacons, URL tracking, and mobile app settings.
When you visit our Site, our partners and we will set cookies and similar technologies on your browser in order to help us make the sites work, analyze site usage, deliver ads, and personalize your experience.
Most modern browsers are set to accept cookies by default, but you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser.
Controlling OBA Cookies
In addition to being able to control cookies by changing the settings in your browser on your computer, or in your mobile device’s settings, you can also control which companies can set cookies and similar technologies on your devices, by visiting the following links (you’ll need to turn any cookie or ad blockers off for the control pages to show which companies you can opt-out of):
Controlling Flash Cookies
You can manage the use of Flash technologies with the Flash management tools available at Adobe’s website, at https://www.adobe.com/devnet/flashplayer/articles/privacy.html.
Changes to this Policy
In addition to any general data protection enquiries you may have, you can use these details to contact our privacy team at email@example.com
6.1 We only use personal data when we have a lawful basis for doing so. Sometimes, we rely on your consent to use personal data. When we do, we will always give you the option to withdraw your consent at any time.
6.2 The following list sets out how we use personal data, and the lawful basis for doing so:
6.3 We will only keep your Personal Data for as long as necessary under the circumstances in which we collected it, including our obligation to hold onto it for legal, regulatory, or accounting purposes. If we are able to make data completely anonymous (that is, it can’t be used to identify you), we may keep that data indefinitely for statistical or analytic purposes.
7.1 Change of purpose
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
7.2 Automated decisions
We don’t use an automated decision-making system (an algorithm or machine learning tool) to make decisions about you.
8.1 Sometimes, we will share your Personal Data with:
We’ll also share Personal Data if we buy, sell, transfer, or merge parts of our business with another company.
8.2 We share your Personal Data outside third parties only to enable us to fulfill our part of our contract with you, because you have consented to it, because we have a legitimate interests in doing so, or because it’s necessary for a legal or regulatory requirement. None of these third parties are allowed to use your Personal Data in any way that is different from the reasons we outline here.
9.2 To be clear, the Site and Neph+ app are not for marketing and sale in the European Union – they are exclusively for access and use in the United States.
9.3 Nevertheless, in the case of an inadvertent submission of personal data of an individual within the European Union (which would violate the Site’s Terms and Conditions), Tricida is certified to the US/EU and US/Swiss Privacy Shield program, which you can read about here.
9.4 If you have questions about transferring data out of the EEA, please contact us and we’ll provide you with more information.
10.1 We work hard to keep your data (and ours) safe. We use a variety of tools – technological, administrative, and physical – to keep data secure. These safeguards are designed to ensure that whatever Personal Data we keep is protected against unlawful access or use.
10.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. No data security regime is perfect, however, and it is possible that some personal data could be compromised (lost or stolen) in the event of a breach or hack. If that happens, we’ll follow all the necessary steps outlined in the law, including notifications, if required.
11.1 When you provide us with personal data, you have rights about how we use it, and why. In general, you have the right to:
If you wish to exercise any of the rights set out above, please contact us.
11.2 No fee usually required
In some rare circumstances, you may have to pay a fee regarding a request, but in general you don’t have to pay anything to exercise these data rights.
11.3 What we may need from you
In order to make sure that you’re the person entitled to exercise the rights listed above, we’ll sometimes request information to verify your identity. We will not ask for more data than is necessary to confirm your identity.
11.4 Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
11.5 California privacy rights
California Law permits users of our Site that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. As we explained above, Tricida does not share your personal information with any third parties for their own marketing purposes. If you want to learn more, please contact us at DPO@Tricida.com with “California Shine the Light Privacy Request” in the subject line. Please also provide your full name, email address, physical address, and specific services you have used in the body of your email.
We do not sell personal data to anyone, but you have the right to direct us not to share your personal data at any time (the “right to opt out”). Anyone who has opted-in to personal data sharing may opt out of future sharing at any time. To exercise the right to opt out, you (or your authorized representative) may submit a request to us by sending a message to firstname.lastname@example.org with the subject line of “Do Not Share My Personal Data.” Once you make an opt out request, we will wait at least twelve (12) months before asking you to reauthorize personal data sharing. However, you may change your mind and opt back in to personal data sharing at any time by contacting us. You do not need to create an account with us to exercise opt out rights. We will only use personal data provided in an opt out request to review and comply with the request.
In the past 12 months, we have shared personal information with others for commercial purposes or their independent uses as follows:
In addition to the rights listed above, there is a right not to be discriminated against for exercising the rights set out here which we honor.
11.6 Children under 13
Our Site and Service is not directed to children under the age of 13, and our Terms restrict use to individuals over the age of 18. We do not knowingly collect any information from children under 13.
If you have questions about Tricida.com, Metabolic Acidosis Insights, or any of our other websites, the App, or our therapies, please contact us at:
7000 Shoreline Court, Suite 201
South San Francisco, CA 94080
Phone: (415) 429-7800