Privacy Policy
This Privacy Policy was last reviewed on February 26, 2025.
1) PURPOSE OF THIS PRIVACY POLICY
This Privacy Policy (the “Policy”) for, Chiesi USA, Inc., with offices at 175 Regency Woods Place, Suite 600, Cary, NC 27518 (“Chiesi” or “we”), describes how we collect, use, disclose, and otherwise process your Personal Information and, where applicable, Sensitive Personal Information.
If you are a resident of a U.S. State with a U.S. Health Privacy Law, and would like to learn more about how Chiesi uses Consumer Health Data, please view our Consumer Health Data Privacy Policy.
We use the term “Personal Information” to mean information that may be used to identify you personally; this includes, for example, name, email address, physical address, telephone number, and any other information that can be used to reasonably identify you.
We use the term “Sensitive Personal Information” to mean information that reveals your Social Security number (SSNs), Driver’s license, financial account or card numbers, precise geolocation, racial and ethnic characteristics, religious and philosophical beliefs, sex life or sexual orientation, union membership, immigration or citizenship status, contents of mail, email and text messages, health data, genetic and biometric data, and neural data.
In this Privacy Policy, we will refer to the websites, forms, mobile applications, and digital services that may link to or post this Privacy Policy collectively as “Websites.”
Our Websites may contain links to third-party websites/content/services that are not owned or controlled by Chiesi. Chiesi is not responsible for how these third-party properties operate or treat your Personal Information, so we recommend that you read the privacy policies and terms associated with these third-party properties carefully.
This Privacy Policy applies to:
- Websites, landing pages, emails, banner ads, and other interactive digital media that link to this statement when you click on "Privacy" in the document footer.
- Mobile applications and digital services that link to or post this Privacy Policy.
- Any Chiesi-hosted events (both online and in-person) and any instance where Chiesi representatives collect your Personal Information at an event that Chiesi does not host.
- Any Chiesi program, including patient assistance programs or patient education programs.
- Participation in or completion of any Chiesi survey.
- Any contacts or interactions with Chiesi’s field teams, including indirect interactions.
- Any Chiesi conducted or sponsored market research.
- Chiesi-run social media pages.
- Any other instance where this Privacy Policy is linked or referenced.
2) WHAT PERSONAL INFORMATION DO WE COLLECT?
a) When you visit our Websites:
- Identifiers: Information that identifies you directly or could be used to identify you.
Examples include: First name, last name, email address, phone number, job title and description, institutional association, IP address, device and/or browser ID, date of birth, NPI Number, age or age group, gender, information required to request a prescription, other demographic information, and other data that identifies or could identify you or your online activity. - Usage Information: When you visit our Websites, we automatically collect the following types of information during your use and navigation of our Websites (“Usage Information”): how you navigated to the Websites, your browser type (to ensure compatibility between our Website and your browser), the domain name of the websites that allowed you to navigate to our Websites, time spent on our Websites, web pages viewed, mouse clicks, frequency of visits, which calculator tools you used on our web/mobile applications and for how long, form submission data, and other relevant statistics about your use of our Websites.
- Geolocation-IP Information: Information about where your computer or device is approximately located (at the city or state level).
- Inferences: Information we can determine or estimate about you based on information we collect about you.
- Sensitive Personal Information, where applicable: Information about your health condition(s), diagnoses, treatments, lab results, and medications.
b) When you attend, sign-up for, or participate in a Chiesi-sponsored event (both online and in-person), or where Chiesi representatives collect your Personal Information at an event that Chiesi does not host:
- Identifiers: Information that identifies you directly or could be used to identify you.
Examples include: Full name, email address, phone number, job title and description, institutional association, NPI Number, date of birth, age or age group, gender, and other demographic information.
c) When you enroll in a Chiesi program, such as our patient assistance or patient education programs:
- Identifiers: Information that identifies you directly or could be used to identify you.
Examples include: Full name, email address, phone number, date of birth, age or age group, gender, and other demographic information. - Sensitive Personal Information, where applicable: Information about your health condition(s), diagnoses, treatments, lab results, and medications.
d) If you are a healthcare provider: when you prescribe a Chiesi medication, assist with an individual’s enrollment in a Chiesi program (such as our patient assistance or patient education programs) or when your Personal Information is provided by an individual on our Websites, in a survey, or in relation to a Chiesi-sponsored event.
- Identifiers: Information that identifies you directly or could be used to identify you.
Examples include: Full name, email address, phone number, job title and description, institutional association, NPI Number, date of birth, age or age group, gender, and other demographic information. - Inferences, where applicable: Information we can determine or estimate about you based on information we collect about you.
f) When you participate in or complete a Chiesi survey:
- Identifiers: Information that identifies you directly or could be used to identify you.
Examples include: Full name, email address, phone number, job title and description, institutional association, NPI Number, date of birth, age or age group, gender, and other demographic information, date of the survey. - Sensitive Personal Information, where applicable: Information about your health condition(s), diagnoses, treatments, lab results, and medications.
g) If you are a healthcare provider, when you contact or interact with Chiesi’s field team, including indirectly:
- Identifiers: Information that identifies you directly or could be used to identify you.
Examples include: Full name, email address, phone number, job title and description, institutional association, NPI Number, date of birth, age or age group, gender, and other demographic information, date of the interaction. - Inferences: Information we can determine or estimate about you based on information we collect about you.
h) When you participate in any Chiesi-conducted or sponsored market research:
- Identifiers, where applicable: Information that identifies you directly or could be used to identify you.
Examples include: First name, last name, email address, phone number, job title and description, institutional association, IP address, device and/or browser ID, date of birth, NPI Number, age or age group, gender, information required to request a prescription, other demographic information, and other data that identifies or could identify you or your online activity, payments. - Sensitive Personal Information, where applicable: Information about your health condition(s), diagnoses, treatments, lab results, and medications.
- Inferences, where applicable: Information we can determine or estimate about you based on information we collect about you.
i) If you report an adverse event to Chiesi:
- Identifiers, where applicable: Information that identifies you directly or could be used to identify you.
Examples include: First name, last name, email address, phone number, job title and description, institutional association, IP address, device and/or browser ID, date of birth, NPI Number, age or age group, gender, information required to request a prescription, other demographic information, and other data that identifies or could identify you or your online activity, payments. - Sensitive Personal Information, where applicable: Information about your health condition(s), diagnoses, treatments, lab results, and medications.
Please note, this list is not conclusive and Chiesi may collect some or all of these Personal Information types in other instances where this Privacy Policy is linked or referenced.
3) HOW DO WE COLLECT OR RECEIVE PERSONAL INFORMATION?
a) Forms: When you complete and submit or update a form (including a patient enrollment form when you enroll in our patient services program), registration, or profile (collectively, “Form”), we collect the Personal Information that you included in the Form for the business purposes described in the Form.
b) Surveys: When you complete and submit a survey, we collect the Personal Information that you included in the survey for the business purposes described in the Survey.
c) In-person interactions, both direct and indirect: When you directly interact with a member of Chiesi’s field team, we may collect Personal Information relayed to that team member for the business purposes they describe to you and in this Privacy Policy. Personal Information may also be collected by Chiesi’s field team via indirect interactions, for instance if your institution provides any Personal Information to Chiesi.
d) Chiesi-sponsored market research: If you participate in Chiesi-sponsored market research, we may collect or receive Personal Information for the purpose of that market research.
e) Recording: We may record any Chiesi-conducted calls, training sessions, webinars, or similar events that you participate in. We will take commercially reasonable efforts to inform you prior to the recording and provide you with the opportunity to object to the recording.
f) Cookies and Other Tools: When you visit our Websites we use cookies and other identifiers to collect information about your online activity and usage, including identification of your IP address to keep track of your browsing patterns and to build a demographic profile.
g) Publicly Available Information: Where permitted by applicable law, we may augment the Personal Information we have about you with information obtained from third-party publicly available sources. For example, to verify licensure of healthcare professionals, we may use Personal Information in conjunction with information lawfully obtained from a licensing board.
h) Data Purchasing: In accordance with applicable law, we may purchase certain Personal Information from third-party vendors, and use such Personal Information for the purposes described in this Privacy Policy, as applicable.
4) HOW DO WE USE YOUR PERSONAL INFORMATION?
We may use your Personal Information for the following purposes, as permitted by applicable law:
a) To facilitate the reason you provided the information and/or as described to you when collecting your Personal Information, including our programs.
b) To facilitate and deliver services, products, and information, including our events.
c) To maintain and improve our Websites.
d) To create, maintain, customize, and secure your account with us.
e) To communicate with you and complete, process, and fulfill your requests, payments, and transactions.
f) To perform and enforce contracts with you or with third parties.
g) To tailor marketing, access, and/or medical programs and campaigns (including personas), conduct market research analysis and surveys.
h) To serve ads to you about Chiesi’s products, shared value and sustainability, B Corp status, and disease states.
i) To perform activities necessary to ensure compliance with applicable national, state, provincial and other applicable laws, including to comply with regulatory monitoring and reporting obligations such as those related to adverse events, product complaints, patient safety, and financial disclosures, to respond to requests from government authorities, and to protect the legal interests of yours, ours or third parties, such as to protect against fraud.
j) In the event that some or all of our assets are acquired by or merged with a third-party entity or in connection with a proposed or actual merger, acquisition, sale, or other change of control, we may use or transfer some or all of the Personal Information that we have collected about you to determine whether to proceed with the transaction and execute the transaction if we decide to do so.
5) HOW DO WE SHARE YOUR PERSONAL INFORMATION?
We may share your Personal Information in the following situations, as permitted by applicable law:
a) Within Our Family of Companies. Chiesi and its subsidiaries, affiliates, and its parent company may share your Personal Information amongst and between each other for the purposes set forth in this Privacy Policy.
b) Service Providers. We share your information with affiliated and unaffiliated service providers as necessary for them to provide services to us, subject to appropriate confidentiality and data protection agreements. Service providers assist us with data analysis, customer service, web hosting, website development, government and regulatory compliance reporting, and other activities related to the management of our business and provision of our products and services.
c) Interest-Based Advertising and Third-Party Marketing. We may allow third-party advertising partners to set tracking tools on our Websites to collect information regarding your online activity. We may also use this and other Personal Information with third-party advertising partners. These advertising partners may use this information (and similar information collected from other Websites) to provide you with more relevant advertisements when you visit Websites within their networks. This practice is commonly referred to as “interest-based advertising” or “online behavioral advertising.”
d) Legal Compliance. We will share information for legal reasons as we believe appropriate to: (a) satisfy any applicable law, regulation, judicial process, court order, legal process, or proper government request; (b) enforce any agreement we may have entered into with you; (c) detect, prevent, or otherwise address fraud, security or technical issues; (d) protect against harm (whether tangible or intangible) to the rights, property or safety of ours, our users or the public; and (e) establish or exercise our rights, defend against a legal claim, and investigate, prevent or take action regarding possible illegal activities or a violation of our policies.
e) Professional Advisors. We may disclose Personal Information to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services they provide to us.
f) Mergers and Acquisitions. We may provide Personal Information to a potential or actual buyer in connection with a proposed or actual merger, acquisition, sale, or other change of control, as described above.
g) Aggregate and De-identified Data. Chiesi may also disclose aggregate or de-identified data that is not personally identifiable to third parties for any purpose.
h) Other Disclosures with Your Consent. We may ask you to share your information with other recipients not described elsewhere in this Privacy Policy.
6) HOW DO WE PROTECT PERSONAL INFORMATION?
We have implemented a variety of security measures and technologies intended to help protect Personal Information from unauthorized access, use, disclosure, alteration, or destruction. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us by contacting us at us.privacy@chiesi.com.
7) YOUR DATA RIGHTS – OPT-OUT AND CHOICE
a) General. Under certain data protection laws, you may have certain rights regarding your Personal Information.
If you have questions or concerns regarding Chiesi’s processing of your Personal Information, our privacy policies, or if you’d like to exercise your rights under data protection laws, please submit a privacy request at via our Privacy Center, or contact us at us.privacy@chiesi.com or as described in Section 14.
Where you have provided opt-in consent to the use of your Personal Information, we will also give you the option to opt-out in a similar manner, as required by law.
b) Email Communication. To opt out of promotional emails, you can use the unsubscribe link at the bottom of the email or email us.privacy@chiesi.com. We may send you other non-promotional emails that you will not be able to opt out of (e.g., communications regarding updates to this Policy).
c) Do Not Track and Global Privacy Control Signals. Do Not Track (“DNT”) and Global Privacy Control (“GPC”) are privacy preferences that users can set in certain web browsers to inform websites and services that they do not want certain information about their webpage visits collected over time and across Websites or online services. You may choose to enable online, where available, DNT or GPC signals to opt out of the collection and sharing of Personal Information related to your website activity.
8) EU, UK, AND SWITZERLAND – CONTROLLER, LEGAL BASES, AND DATA SUBJECT RIGHTS
a) Data Controller. For residents of the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland, Chiesi USA, Inc. is the controller responsible for the Personal Information collected on our Websites.
Chiesi USA, Inc. will process your Personal Information in accordance with the following data protection laws, where applicable:
- For data subjects in the UK, the UK Data Protection Act 2018 (“DPA 2018”), United Kingdom Data Protection Regulation (“UK GDPR”), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”) and any legislation implemented in connection with the aforesaid legislation.
- For data subjects in Switzerland, the revised Federal Act on Data Protection (“FADP”) and the Swiss Federal Act against Unfair Competition (“UCA”).
- For data subjects in the European Union, the General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”), and any legislation implementing the EU GDPR. This includes any legislation amending or updating the EU GDPR.
b) Personal Information. Please refer to Section 2 “WHAT PERSONAL INFORMATION DO WE COLLECT?”.
c) Purposes. Please refer to Section 4 “HOW DO WE USE YOUR PERSONAL INFORMATION?”.
d) Legal Bases. Chiesi only processes, stores, or transfers your Personal Information when we have a legal basis for doing so. We may rely on the following legal bases:
-
Legitimate Interest: Where processing of your Personal Information is necessary for the purposes of Chiesi’s legitimate interests, except where Chiesi’s interests are overridden by your interests or fundamental rights and freedoms which require protection of Personal Information.
-
Consent: Where processing of your Personal Information may occur when you have given consent to the processing for one or more specific purposes.
-
Legal Obligation: Where processing of your Personal Information is necessary for compliance with legal obligations to which Chiesi is subject.
-
Contractual Obligation: Where processing of your Personal Information is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
e) Recipients of your Personal Information. Please refer to Section 5 “HOW DO WE SHARE YOUR PERSONAL INFORMATION?”.
f) Rights. If you are a citizen of a country in the European Economic Area, UK, or Switzerland, you have the right to:
- Be informed about the processing of your Personal Information.
- Access your Personal Information.
- Receive or have your electronic Personal Information transferred to another party in certain circumstances.
- Correct your Personal Information where it is inaccurate or incomplete.
- Request deletion of your Personal Information, within certain exceptions.
- Request restriction of or object to processing of your Personal Information, where applicable.
- Not be subject to automated decision-making, including profiling, which have a legal or similarly significant effect on you.
You can exercise the rights above by submitting a request via our Privacy Center, by emailing us at us.privacy@chiesi.com or by contacting us at 1-866-271-8587.
g) Data Retention. Please refer to Section 9 “DATA RETENTION”.
h) Cross-Border Transfers. Chiesi USA, Inc. is a US-based affiliate of Chiesi Farmaceutici S.p.A. If you are an individual located outside of the United States, please be aware that information we collect may be transferred to and processed in the United States and elsewhere outside the United States. Any cross-border transfers of are supported by an approved adequacy mechanism where required by data protection laws, such as the Standard Contractual Clauses.
i) Supervisory Authorities. In the EU, each Member State has a Supervisory Authority that regulates data protection and privacy matters. In the UK, The Information Commissioner’s Office (“ICO”) regulates data protection and privacy matters. In Switzerland, the Federal Data Protection and Information Commissioner (FDPIC) regulates data protection and privacy matters. Based on your location of residence, you can make a complaint to any of these Supervisory Authorities about Chiesi’s use of your Personal Information.
9) U.S. STATE-SPECIFIC PRIVACY DISCLOSURES
Certain U.S. States have enacted comprehensive consumer privacy laws which may require the disclosures listed below.
a) Sharing of Personal Information for Advertising Purposes
Chiesi may use your Personal Information for advertising purposes. For example, we may gather information via a retargeting cookie placed on your internet browser. The information we receive allows us to serve you ads on other websites, based on your visit to our Websites. If you would like to opt-out of the sharing of your Personal Information to show you advertisements on other websites, please email us.privacy@chiesi.com.
b) Categories of Personal Information that we Collect and Disclose
Listed below are the categories of Personal Information that we may collect, disclose, sell, or share for a business purpose. For more information about the categories of third parties with whom we sell or share your Personal Information, refer to the “HOW DO WE SHARE YOUR PERSONAL INFORMATION” Section above.
In particular, we have collected, disclosed, or shared the following categories of Personal Information from our consumers within the last twelve (12) months:
|
Category |
Examples |
Collected? |
Disclosed for a Business Purpose? |
Sold or Shared? |
|
Identifiers. |
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, National Provider Identifier (NPI), Medicare provider number, driver's license number, passport number, or other similar identifiers. |
YES |
YES
Within Our Family of Companies
Service Providers
Third-Party Advertisers
Legal Compliance |
YES, SHARED |
|
Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). |
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. |
YES |
YES
Within Our Family of Companies
Service Providers
Third-Party Advertisers
Legal Compliance |
YES, SHARED |
|
Protected classification characteristics under California or federal law. |
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
YES |
YES
Within Our Family of Companies
Service Providers
|
NO |
|
Commercial information. |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, including prescribing data. |
YES |
YES
Within Our Family of Companies
Service Providers
|
YES, SHARED |
|
Biometric information. |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
YES |
YES
Within Our Family of Companies
Service Providers
Legal Compliance
|
NO |
|
Internet or other similar network activity. |
Website navigation, browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. |
YES |
YES
Service Providers
Third-Party Advertisers
|
YES, SHARED |
|
Geolocation data. |
Physical location or movements. |
YES |
YES
Within Our Family of Companies
Service Providers
Third-Party Advertisers
Legal Compliance |
YES, SHARED |
|
Audio/Visual. |
Audio, electronic, or visual recordings, or similar information. |
NO (Except in instances where explicit consent is granted.) |
NO
|
NO |
|
Professional or employment-related information. |
Current or past job history or performance evaluations. |
YES |
YES
Within Our Family of Companies
Service Providers
Third-Party Advertisers
Legal Compliance
|
YES, SHARED |
|
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
YES |
YES
Within Our Family of Companies
|
NO |
|
Inferences drawn from other Personal Information. |
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
YES |
YES
Within Our Family of Companies
Service Providers
Third-Party Advertisers |
YES, SHARED |
|
Sensitive Personal Information. |
Personal Information including your Social Security number, driver’s license number, state identification card number, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; racial or ethnic origin, religious or philosophical beliefs, or union membership status |
YES |
YES
Within Our Family of Companies
Service Providers
|
NO |
c) Individual Consumer Rights
- Right of Access - The right for a consumer to access (a) the categories and specific pieces of personal information we collect, use, disclose, sell, or share about you, (b) the categories of sources from which we collected your personal information, (c) our purposes for collecting or selling your personal information, (d) the categories of your personal information (if any) that we have either sold, shared, or disclosed for a business purpose, (e) the categories of third parties with which we have sold or shared personal information, (f) or some combination of similar information. Note: If you are a resident of Oregon, you have the right to know a list of the specific third parties that have received your Personal Information or any Personal Information from us.
- Right of Correction - The right for a consumer to request that incorrect or outdated Personal Information be corrected.
- Right of Deletion - The right for a consumer to request that we delete the Personal Information we have collected from or maintain about them.
- Right of Restriction, where applicable - The right for a consumer to limit our use and disclosure of their Personal Information.
- Right to Limit The Use of Sensitive Personal Information, where applicable - The right for a consumer to limit our use and disclosure of their Sensitive Personal Information.
- Right of Portability - The right for a consumer to request their Personal Information be disclosed in a common file format.
- Right to Opt-Out of Sales or Sharing - The right for a consumer to opt out of our sale(s) or sharing (if any) of your Personal Information.
- Right Against Discrimination - The right for a consumer not to receive discriminatory treatment for the exercise of the privacy rights conferred by applicable laws.
- Right Against Automated Decision-Making, where applicable: The right for a consumer not to have a decision made about them based solely on an automated process without human input.
d) How to Exercise Your Consumer Rights
If you are a resident of a U.S. State where a comprehensive consumer privacy law has been enacted, you may have some or all of the rights included above in the “INDIVIDUAL CONSUMER RIGHTS” section of this Privacy Policy. If you are not a resident of a U.S. State where a comprehensive consumer privacy law has been enacted, this section does not apply to you.
Consumers must submit their privacy requests via our Privacy Center, or by emailing us at us.privacy@chiesi.com or by contacting us at 1-866-271-8587.
Only you, or someone legally authorized to act on your behalf, may make a privacy request. We will verify and respond to your request consistent with data protection laws. We may need to verify your identity before completing your privacy request. We may request additional personal information from you, such as your home address, email address and government issued ID, to protect against fraudulent requests.
e) Authorized Agent Privacy Requests
You may authorize someone to make a privacy request on your behalf (an authorized agent). Authorized agents will need to demonstrate that you’ve authorized them to act on your behalf.
In California, authorized agents must be registered with the California Secretary of State to conduct business in California or must demonstrate they have power of attorney pursuant to applicable probate law. We retain the right to request confirmation directly from you confirming that the agent is authorized to make such a request, or to request additional information to confirm the agent’s identity. An authorized agent is prohibited from using a consumer’s personal information, or any information collected from or about the consumer, for any purpose other than to fulfill the consumer’s requests, for verification, or for fraud prevention.
f) Appeals
Depending on your U.S. State of residence, you may have the right to appeal Chiesi’s refusal to act on a submitted privacy request. To submit an appeal, please email us.privacy@chiesi.com.
g) Data Retention
We will keep your Personal Information for as long as we are permitted based on the purpose(s) for which it was obtained. We decide how long we need Personal Information on a case-by-case basis, and we may consider the following criteria to determine an appropriate retention period:
(a) the length of time we have an ongoing relationship with you and provide a website, information, product, or service to you; (b) whether there is a legal obligation to which we are subject; or (c) whether retention is advisable in light of our legal position.
If we determine your Personal Information is no longer necessary using the factors above, we will generally destroy or anonymize that information.
h) CCPA Regulations §999.317(g)(2) Metrics Requirement
During the previous twelve (12) months, Chiesi received the following number of privacy requests from residents of California:
|
Request Type |
Received |
Complied with in |
Denied |
Median Number |
|
Requests to know |
0 |
0 |
0 |
N/A |
|
Requests to delete |
0 |
0 |
0 |
N/A |
|
Requests to opt-out |
0 |
0 |
0 |
N/A |
10) COOKIES, PIXELS, ANALYTICS, SOCIAL NETWORK ICONS, AND INTERNET-BASED ADVERTISERS INFORMATION
Chiesi may use cookies, pixel tags, social media widgets, and internet-based advertisers to automatically collect information.
a) Cookies. A “cookie” is a small piece of information sent by a Web server to a Web browser that enables the server to collect information from the browser. Cookies are stored on your device’s hard drive.
Most cookies collected through our Websites are “session cookies” that are automatically deleted when the user closes their browser at the end of a session. However, some cookies collected through our Websites are “persistent cookies” and may be stored on the user’s computer for a specified length of time, even after the browser is closed at the end of a session.
Under data protection laws, you may decline certain cookies. For example, non-essential cookies. If you do so, however, you may be required to re-enter your previously submitted information each time you visit our Websites, and some Website features may not function properly.
Data collected by cookies is largely used to monitor our Websites and improve their usability. However, we can also use cookies to identify your IP address when you visit our Websites to keep track of your browsing patterns and to build a demographic profile.
b) Pixels. A pixel is a piece of code embedded on our Websites that collect information about how you engage with a given web page. Pixels allow us to determine web pages you’ve accessed or advertisements you’ve interacted with. Specifically, some of our Websites also include a Facebook pixel which helps track engagement from Facebook ads, optimize ads based on collected data, build targeted audiences for future ads, and remarket to qualified leads – people who have already taken some kind of action on our Websites.
c) Social Media Icons. We use Social Media icons (“Icons”) of the following online social networks (collectively, the “Social Networks”) on certain webpages of our Websites to provide certain online content and features:
- Facebook.com, operated by Meta Platforms, Inc.
- Instagram.com, operated by Meta Platforms, Inc.
- X.com, operated by X Corp.
- LinkedIn, operated by LinkedIn Corp.;
- Google.com, operated by Google LLC
- Youtube.com, operated by YouTube LLC
These Icons are labeled with the corresponding Social Network.
When you visit a webpage on our Websites containing a particular Icon your browser establishes a direct connection with the server of the corresponding Social Network. As a result, the Social Network will receive a notification that your browser has accessed that webpage of our Websites on which the Icon appears. In addition, if you interact with that Icon, such as by clicking Facebook’s “Like” button, the corresponding Social Network will receive information about your interaction. If you have logged into your account associated with that Social Network, the Social Network will be able to associate the above information with your account.
Please refer to the privacy policies of the above-listed Social Networks to learn more about the ways in which and purposes for which they collect, use, disclose and process your Personal Information, as well as your choices and rights with respect to their processing of your Personal Information.
d) Analytics and Internet-Based Advertisers. We may use Google Analytics, which uses cookies and similar technologies to collect and analyze information about your use of our Websites and report on activities and trends. This service may also collect information regarding your use of other Websites, apps and online resources. You can learn about Google’s practices by going to http://www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout/
11) WHAT IF YOU DO NOT WANT TO PROVIDE YOUR PERSONAL INFORMATION?
You can always choose not to share your Personal Information with us when prompted to share. If you object to the processing of your Personal Information, or if you have provided your consent to the processing and later choose to withdraw it, we will respect your choice in accordance with our legal obligations. This could mean that we may be unable to perform the actions necessary to achieve the purposes set forth above, or you may be unable to make use of the services and products that require the processing of your Personal Information.
12) CHILDRENS' PRIVACY
Our Website is not directed at individuals under the age of 18. Without permission from a parent or legal guardian, we do not knowingly collect, sell, or share Personal Information directly from individuals under the age of 18. If we learn that we have collected, sold, or shared Personal Information of individuals under the age of 18 through our websites, we will take appropriate steps to address this matter.
13) UPDATES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes to our information processing practices. When we change this Privacy Policy in a material way, we will update the effective date at the beginning of the document. We will also provide you with notice of changes and obtain your consent to any such changes where and as required by applicable law. We encourage you to review this Privacy Policy periodically for the latest information on our information processing practices.
14) CONTACT US
If you have questions about the processing of your Personal Information or Chiesi data privacy policies or would like to be connected with our privacy team, please contact us at 1-888-203-1064 or at us.privacy@chiesi.com or write to us at the following address:
Chiesi USA, Inc.
175 Regency Woods Place Suite 600
Cary, NC 27518
Attn: Legal Department
CA Notice at Collection
Chiesi USA, Inc. California Consumer Privacy Act (“CCPA”) Notice at Collection
Last Reviewed: February 26, 2025
This California Consumer Privacy Act (“CCPA”) Notice at Collection is provided by Chiesi USA, Inc.
Under the CCPA, Personal Information is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.
Below is an explanation of (1) the Categories of Personal Information that Chiesi USA, Inc. (“we”) collects, uses and discloses about California residents and (2) the business purposes for which we collect, use, and disclose the same.
For more information regarding Chiesi USA, Inc.’s privacy practices, please see our Privacy Policy at https://www.chiesiusa.com/privacy.
A. CATEGORIES OF PERSONAL INFORMATION THAT WE COLLECT AND DISCLOSE
Listed below are the categories of Personal Information about California residents that we collect and disclose for a business purpose.
In particular, we have collected the following categories of Personal Information from our consumers within the last twelve (12) months:
|
Category |
Examples |
Collected? |
Disclosed for a Business Purpose? |
Sold or Shared? |
|
Identifiers. |
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, National Provider Identifier (NPI), medicare provider number, driver's license number, passport number, or other similar identifiers. |
YES |
YES
Within Our Family of Companies
Service Providers
Third-Party Advertisers
Legal Compliance
|
YES, SHARED |
|
Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). |
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. |
YES |
YES
Within Our Family of Companies
Service Providers
Third-Party Advertisers
Legal Compliance
|
YES, SHARED |
|
Protected classification characteristics under California or federal law. |
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
YES |
YES
Within Our Family of Companies
Service Providers
|
NO |
|
Commercial information. |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
YES |
YES
Within Our Family of Companies
Service Providers
|
YES, SHARED |
|
Biometric information. |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
YES |
YES
Within Our Family of Companies
Service Providers
Legal Compliance
|
NO |
|
Internet or other similar network activity. |
Website navigation, browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. |
YES |
YES
Service Providers
Third-Party Advertisers
|
YES, SHARED |
|
Geolocation data. |
Physical location or movements. |
YES |
YES
Within Our Family of Companies
Service Providers
Third-Party Advertisers
Legal Compliance |
YES, SHARED |
|
Audio/Visual. |
Audio, electronic, or visual recordings, or similar information. |
NO (Except in instances where explicit consent is granted.) |
NO
|
NO |
|
Professional or employment-related information. |
Current or past job history or performance evaluations. |
YES |
YES
Within Our Family of Companies
Service Providers
Third-Party Advertisers
Legal Compliance
|
YES, SHARED |
|
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
YES |
YES
Within Our Family of Companies
|
NO |
|
Inferences drawn from other Personal Information. |
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
YES |
YES
Within Our Family of Companies
Service Providers
Third-Party Advertisers |
YES, SHARED |
|
Sensitive Personal Information |
Personal Information including your Social Security number, driver’s license number, state identification card number, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; racial or ethnic origin, religious or philosophical beliefs, or union membership status |
YES |
YES
Within Our Family of Companies
Service Providers
|
NO |
B. WHY DO WE COLLECT YOUR PERSONAL INFORMATION AND HOW DO WE USE IT?
We may collect and use your Personal Information for the following purposes, as permitted by applicable law:
- a) To facilitate the reason you provided the information and/or as described to you when collecting your Personal Information, including our programs.
- b) To facilitate and deliver services, products, and information, including our events.
- c) To maintain and improve our Websites.
- d) To create, maintain, customize, and secure your account with us.
- e) To communicate with you and complete, process, and fulfill your requests, payments, and transactions.
- f) To perform and enforce contracts with you or with third parties.
- g) To tailor marketing, access, and/or medical programs and campaigns (including personas), conduct market research analysis and surveys.
- h) To serve ads to you about Chiesi’s products, shared value and sustainability, B Corp status, and disease states.
- i) To perform activities necessary to ensure compliance with applicable national, state, provincial and other applicable laws, including to comply with regulatory monitoring and reporting obligations such as those related to adverse events, product complaints, patient safety, and financial disclosures, to respond to requests from government authorities, and to protect the legal interests of yours, ours or third parties, such as to protect against fraud.
- j) In the event that some or all of our assets are acquired by or merged with a third-party entity or in connection with a proposed or actual merger, acquisition, sale, or other change of control, we may use or transfer some or all of the Personal Information that we have collected about you to determine whether to proceed with the transaction and execute the transaction if we decide to do so.
C. DATA RETENTION
We will keep your Personal Information for as long as we are permitted based on the purpose(s) for which it was obtained. We decide how long we need Personal Information on a case-by-case basis, and we may consider the following criteria to determine an appropriate retention period: (a) the length of time we have an ongoing relationship with you and provide a website, information, product, or service to you; (b) whether there is a legal obligation to which we are subject; or (c) whether retention is advisable in light of our legal position.
If we determine your Personal Information is no longer necessary using the factors above, we will generally destroy or anonymize that information.
California Notice of Financial Incentive
California Notice of Financial Incentive
Chiesi USA, Inc. ("Chiesi," "we," "our" or "us") may offer compensation to consumers related to the collection, retention, or processing of Personal Information that may be deemed a "financial incentive" or "price or service difference" under the California Consumer Privacy Act of 2018 ("CCPA") as amended by the California Privacy Rights Act of 2020 ("CPRA"). These offerings may involve collecting, processing, or retaining certain categories of Personal Information from consumers who participate. As used herein, "you," or "your" means a "consumer" as defined by the CCPA. The categories of Personal Information we collect, process, or retain are as follows:
- Identifying data such as name, surname, initials, e-mail address, and any additional data voluntarily shared by you in connection with your participation in our initiatives or surveys.
- Pictures, photographs, audio and/or video recordings, and digital images shared in connection with our initiatives.
Chiesi also may collect, process, or retain the following categories of Sensitive Personal Information:
- Health data including your diagnosis, treatment, symptoms, and your experience with the disease in connection with your participation in our initiatives or surveys.
Programs where Chiesi may offer compensation to you related to the collection, retention, or processing of your Personal Information may include:
Participation in our surveys: We may offer opportunities to participate in surveys. In exchange for participation, you may be offered a financial incentive, such as compensation. As part of these surveys, we may collect the categories of Personal Information or Sensitive Personal Information mentioned above. Participation in surveys is governed by the applicable terms and conditions for the survey, which will describe any financial incentives associated with that survey and how to participate; these terms will be presented to you at the time you receive the survey. You can terminate participation at any time as will be explained in the survey terms. Our good faith estimate of the value of your Personal Information is the value of the benefit we offer to you. We have calculated such value by using the expense related to the benefit.
Providing your personal story for use in our initiatives: We may offer opportunities to provide your personal story for use in our initiatives. Provision of your personal story is governed by the patient story agreement, which will describe any financial incentives and how to participate; these terms will be presented to you at the time you receive the agreement. You can terminate participation at any time as will be explained in the patient story agreement. Our good faith estimate of the value of your Personal Information is the value of the benefit we offer to you. We have calculated such value by using the expense related to the benefit.
Providing your name, image, and likeness for use in our initiatives: We may offer opportunities to provide your name, image, and likeness for use in our initiatives. Provision of your name, image, and likeness is governed by the name, image, and likeness agreement, which will describe any financial incentives and how to participate; these terms will be presented to you at the time you receive the agreement. You can terminate participation at any time as will be explained in the patient story agreement. Our good faith estimate of the value of your Personal Information is the value of the benefit we offer to you. We have calculated such value by using the expense related to the benefit.
By participating in any of the above Programs, you agree that the benefits are reasonably related to the value of the Personal Information collected and retained.
Participation in our Programs is always optional, and you can terminate Program participation at any time by contacting those listed in any survey or agreement you receive. You can also contact us at us.privacy@chiesi.com.
Consumer Health Data Privacy Policy
This Consumer Health Data Privacy Policy was last reviewed on February 26, 2025.
1) PURPOSE OF THIS CONSUMER HEALTH DATA PRIVACY POLICY
This Consumer Health Data Privacy Policy (the “Health Privacy Policy”) for, Chiesi USA, Inc., with offices at 175 Regency Woods Place, Suite 600, Cary, NC 27518 (“Chiesi” or “we”), describes how we collect, use, disclose, and otherwise process your “Consumer Health Data” as such term is defined by applicable laws including Washington’s My Health My Data Act, Nevada’s Consumer Health Data Privacy Law, and other U.S. health privacy laws, as each are amended and as and when they become effective including any regulations thereunder (“U.S. Health Privacy Laws”).
“Consumer Health Data” means personal information that is linked or can be reasonably linked to a consumer and that identifies past, present, or future physical or mental health status.
2) COLLECTION OF CONSUMER HEALTH DATA
Chiesi only collects, uses, and discloses Consumer Health Data as needed to provide you with the products or services that you request or with your consent.
Chiesi may collect the following categories of Consumer Health Data:
- Information about your health conditions, symptoms, status, diseases, diagnoses, testing, or treatments (including surgeries, procedures, use or purchase of medications, or other social, psychological, behavioral, and medical interventions);
- Measurements of bodily functions, vital signs, symptoms, or other health characteristics;
- Information regarding gender-affirming care or reproductive or sexual health;
- Data that could identify you as an individual seeking health care services; and
- Any inferences of the above categories of health data that we may infer or derive from non-health related information.
3) HOW DO WE COLLECT OR RECEIVE CONSUMER HEALTH DATA?
- a) Forms: When you complete and submit or update a form (including a patient enrollment form when you enroll in our patient services program), registration, or profile (collectively, “Form”), we collect the Consumer Health Data that you included in the Form for the business purposes described in the Form.
- b) Surveys: When you complete and submit a survey, we collect the Consumer Health Data that you included in the survey for the business purposes described in the Survey and in this Health Privacy Policy.
- c) In-person interactions, both direct and indirect: When you directly interact with a member of Chiesi’s field team, we may collect Consumer Health Data relayed to that team member for the business purposes they describe to you.
- d) Chiesi-sponsored market research: If you participate in Chiesi-sponsored market research, we may collect or receive Consumer Health Data for the purpose of that market research.
- e) Recording: We may record any Chiesi-conducted calls, training sessions, webinars, or similar events that you participate in. We will take commercially reasonable efforts to inform you prior to the recording and provide you with the opportunity to object to the recording.
- f) Cookies and Other Tools: When you visit our Websites we use cookies and other identifiers to collect information about your online activity and usage, including identification of your IP address to keep track of your browsing patterns and to build a demographic profile.
- g) Data Receipt: In accordance with applicable law, we may receive certain Consumer Health Data from third-party vendors and use such Consumer Health Data for the purposes described in this Health Privacy Policy, as applicable.
4) USE OF CONSUMER HEALTH DATA
In most cases, we process Consumer Health Data to deliver services, programs, or products you’ve requested. If we intend to use your Consumer Health Data for purposes beyond this, we will first obtain your consent.
We may collect and use Consumer Health Data for various operational, regulatory, and service-related purposes, as outlined in Section 4 of our Privacy Policy. This data allows us to provide and enhance our products and services, verify your eligibility for specific offerings or programs, and connect you with relevant third parties when necessary. Additionally, we may use your information to ensure patient safety, manage interactions, and operate our programs.
Beyond service-related purposes, we may analyze Consumer Health Data to support business functions such as auditing, research, product development, fraud prevention, and evaluating the effectiveness of our marketing efforts. We may also use this data to comply with legal obligations, fulfill regulatory requirements, respond to official government or law enforcement inquiries, and protect our rights and business operations.
Furthermore, we may anonymize or deidentify Consumer Health Data. Once deidentified, we may use this information in compliance with applicable laws. We do not attempt to reidentify such data unless legally permitted.
5) HOW DO WE SHARE YOUR CONSUMER HEALTH DATA?
We may share your Consumer Health Data in the following situations, as permitted by applicable law or with your consent, where required:
- a) Within Our Family of Companies. Chiesi and its subsidiaries, affiliates, and its parent company may share your Consumer Health Data amongst and between each other for the purposes set forth in this Health Privacy Policy.
- b) Service Providers. We share your information with affiliated and unaffiliated service providers as necessary for them to provide services to us, subject to appropriate confidentiality and data protection agreements. Service providers assist us with data analysis, customer service, web hosting, website development, government and regulatory compliance reporting, and other activities related to the management of our business and provision of our products and services.
- c) Interest-Based Advertising and Third-Party Marketing. We may allow third-party advertising partners to set tracking tools on our Websites to collect information regarding your online activity. We may also use this and other Consumer Health Data with third-party advertising partners. These advertising partners may use this information (and similar information collected from other Websites) to provide you with more relevant advertisements when you visit Websites within their networks. This practice is commonly referred to as “interest-based advertising” or “online behavioral advertising.”
- d) Legal Compliance. We will share information for legal reasons as we believe appropriate to: (a) satisfy any applicable law, regulation, judicial process, court order, legal process, or proper government request; (b) enforce any agreement we may have entered into with you; (c) detect, prevent, or otherwise address fraud, security or technical issues; (d) protect against harm (whether tangible or intangible) to the rights, property or safety of ours, our users or the public; and (e) establish or exercise our rights, defend against a legal claim, and investigate, prevent or take action regarding possible illegal activities or a violation of our policies.
- e) Professional Advisors. We may disclose Consumer Health Data to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services they provide to us.
- f) Mergers and Acquisitions. We may provide Consumer Health Data to a potential or actual buyer in connection with a proposed or actual merger, acquisition, sale, or other change of control, as described above.
- g) Aggregate and De-identified Data. Chiesi may also disclose aggregate or de-identified data that is not personally identifiable to third parties for any purpose.
- h) Other Disclosures with Your Consent. We may ask you to share your information with other recipients not described elsewhere in this Health Privacy Policy.
NOTE: Chiesi does not sell your Consumer Health Data.
6) YOUR DATA RIGHTS
You have specific rights regarding your Consumer Health Data:
- Right to Confirm – The right of a consumer to know if we are collecting, using, or disclosing your Consumer Health Data.
- Right of Access – The right for a consumer to access (a) the categories and specific pieces of Consumer Health Data we collect, use, disclose, sell, or share about you (note: Chiesi does not sell Consumer Health Data), (b) the categories of your Consumer Health Data (if any) that we have either sold, shared, or disclosed (c) the third parties with which we have sold Consumer Health Data.
- Right of Deletion – The right for a consumer to request that we delete their Consumer Health Data.
- Right to Withdraw Consent – If we process your Consumer Health Data with your consent, you can withdraw that consent at any time. For cookie-related data, you can do this via the “Privacy Settings” link in the footer of our websites. Withdrawing consent for non-cookie related data will result in a deletion request.
We will not discriminate against you for exercising any of your rights. However, withdrawing consent or requesting deletion of your Consumer Health Data may result in removal from certain programs that rely on this data to provide services.
To exercise these rights, please visit our Privacy Center or email us at us.privacy@chiesi.com.
7) APPEALS
Depending on your U.S. State of residence, you may have the right to appeal Chiesi’s refusal to act on a submitted privacy request. To submit an appeal, please email us.privacy@chiesi.com.
If your request is denied, you may appeal by contacting us at us.privacy@chiesi.com. If the appeal is unsuccessful, you can file a complaint with the relevant government body in your State.
8) UPDATES TO THIS CONSUMER HEALTH DATA PRIVACY POLICY
We may update this Health Privacy Policy from time to time to reflect changes to our information processing practices. When we change this Health Privacy Policy in a material way, we will update the effective date at the beginning of the document. We will also provide you with notice of changes and obtain your consent to any such changes where and as required by applicable law. We encourage you to review this Health Privacy Policy periodically for the latest information on our information processing.
9) CONTACT US
If you have questions about the processing of your Consumer Health Data or Chiesi data privacy policies or would like to be connected with our privacy team, please contact us at 1-888-203-1064 or at us.privacy@chiesi.com or write to us at the following address:
Chiesi USA, Inc.
175 Regency Woods Place Suite 600
Cary, NC 27518
Attn: Legal Department
