Privacy Policy

This Privacy Notice is effective as of July 17, 2023.

This Privacy Notice was last reviewed on July 17, 2023.

In this Privacy Notice (the “Notice”), Chiesi USA, Inc., with offices at 175 Regency Woods Place, Suite 600, Cary, NC 27518 (“Chiesi” or “we”), describes how we collect, use, disclose, and otherwise process your Personal Information. We use the term “Personal Information” to mean information about an identified or identifiable individual, or a real person. Our website may contain links to third party websites/content/services that are not owned or controlled by Chiesi. Chiesi is not responsible for how these third party properties operate or treat your Personal Information, so we recommend that you read the privacy policies and terms associated with these third party properties carefully. If you are a resident of California, please also see our State-Specific Disclosures in Section 11 below for provisions that apply to our collection of your Personal Information both online and offline. This website and Privacy Notice are not intended for use by residents outside of the United States.

This Privacy Policy applies to websites that link to this statement when you click on "Privacy Policy" in the website footer, as well as mobile applications and digital services that link to or post this Privacy Policy, and it applies to participation in our offline programs that reference this Notice. In this Privacy Policy, we will refer to the websites, mobile applications, and digital services that may link to or post this Privacy Policies as “websites.”

By using our website or participating in our offline programs, which reference this Notice, you consent to us processing your Personal Information as described in this Notice. If you do not consent to us processing your Personal Information as described herein, please do not use our website or participate in the offline program referencing the Notice.

1. WHAT PERSONAL INFORMATION DO WE COLLECT?

We collect the following types of Personal Information:

Forms: When you complete and submit or update a form, registration, survey, or profile (collectively, “Form”), we collect any Personal Information that you included in the Form for the purposes described in the Form and in this Notice. Submission of any Form is voluntary. Depending on the Form, this may include information like your title, first and last name, postal address, institutional association, occupation, e-mail address, telephone number, date of birth, age or age group, gender, information required to request a prescription, and other demographic information.

Usage Information: When you visit our website, we automatically collect the following types of information during your use and navigation of our website (“Usage Information”): how you navigated to the website, your browser type (to ensure compatibility between our website and your browser), the domain name of the website that allowed you to navigate to our website, your internet protocol (IP) address, time spent on our website, web pages viewed, frequency of visits, which calculator tools you used on our mobile applications and for how long, and other relevant statistics about your use of our website. Unless you also have actively submitted Personal Information to us, any Usage Information typically does not allow us to identify you personally. Usage Information is collected through the use of cookies or other tracking technologies.

Cookies and Other Tools: We use cookies to collect aggregate data. A “cookie” is a small piece of information sent by a Web server to a Web browser that enables the server to collect information from the browser. Cookies are stored on your device’s hard drive. Most cookies collected through our website are “session cookies” that are automatically deleted when the user closes their browser at the end of a session.

However, some cookies collected through our website are “persistent cookies” and may be stored on the user’s computer for a specified length of time, even after the browser is closed at the end of a session. You may decline cookies if your browser permits. If you do so, however, you may be required to re-enter your previously submitted information each time you visit our website, and some website features may not function properly. Data collected by cookies is used to monitor a website and improve its usability. We may use cookies on certain pages, for example, to eliminate the need for you to re-enter your password during a session. We can also use cookies to identify your IP address when you visit a website to keep track of your browsing patterns and to build a demographic profile. Some of our websites also include a Facebook pixel which helps track conversations from Facebook ads, optimize ads based on collected data, build targeted audiences for future ads, and remarket to qualified leads – people who have already taken some kind of action on the site. You can disable non-essential cookies on our websites. This action will also delete existing cookies. We may use Google Analytics, which uses cookies and similar technologies to collect and analyze information about your use of the site and report on activities and trends. This service may also collect information regarding your use of other websites, apps and online resources. You can learn about Google’s practices by going to http://www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout .

Publicly Available Information: Where permitted by applicable law, we may augment the Personal Information we have about you with information obtained from third-party publicly available sources. For example, to verify licensure of healthcare professionals, we may use Personal Information in conjunction with information lawfully obtained from a licensing board.

Authorized Representative: If you submit any Personal Information relating to other people to us, you represent that you have the legal authority to do so and to permit us to collect, use, disclose and otherwise process the Personal Information in accordance with this Privacy Notice.

2. HOW DO WE USE YOUR PERSONAL INFORMATION?

We may use your Personal Information for the following purposes, as permitted by applicable law:

To facilitate the reason you provided the information and/or as described to you when collecting your Personal Information.
To operate our business.
To deliver services, products, and information.
To maintain and improve our website.
To create, maintain, customize, and secure your account with us.
To communicate with you and complete, process, and fulfill your requests, payments, and transactions.
To perform and enforce contracts with you or with third parties.
To tailor marketing programs and campaigns, conduct market research analysis and surveys.
Legal Compliance and Interests. To perform activities necessary to ensure compliance with applicable national, state, provincial and other applicable laws, including to comply with regulatory monitoring and reporting obligations such as those related to adverse events, product complaints, patient safety and financial disclosures, to respond to requests from government authorities, and to protect the legal interests of yours, ours or third parties, such as to protect against fraud.
Mergers and Acquisitions. In the event that some or all of our assets are acquired by or merged with a third-party entity or in connection with a proposed or actual merger, acquisition, sale, or other change of control, we may use or transfer some or all of the Personal Information that we have collected about you to determine whether to proceed with the transaction and execute the transaction if we decide to do so. We will use your Personal Information as permitted by applicable law and take any steps required by law in connection with these activities.

3. HOW DO WE SHARE YOUR PERSONAL INFORMATION?

We may share your Personal Information in the following situations, as permitted by applicable law:

Within Our Family of Companies. Chiesi and its subsidiaries, affiliates, and parent company may share your Personal Information amongst and between each other for the purposes set forth in this Privacy Notice.
Service Providers. We share your information with affiliated and unaffiliated service providers as necessary for them to provide services to us, subject to appropriate confidentiality and data protection agreements. Service providers assist us with data analysis, customer service, web hosting, website development, government and regulatory compliance reporting, and other activities related to the management of our business and provision of our products and services.
Legal Compliance. We will share information for legal reasons as we believe appropriate to: (a) satisfy any applicable law, regulation, judicial process, court order, legal process, or proper government request; (b) enforce any agreement we may have entered into with you; (c) detect, prevent, or otherwise address fraud, security or technical issues; (d) protect against harm (whether tangible or intangible) to the rights, property or safety of ours, our users or the public; and (e) establish or exercise our rights, defend against a legal claim, and investigate, prevent or take action regarding possible illegal activities or a violation of our policies.
Professional Advisors. We may disclose Personal Information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services they provide to us.
Mergers and Acquisitions. We may provide Personal Information to a potential or actual buyer in connection with a proposed or actual merger, acquisition, sale, or other change of control, as described above.
Aggregate and De-identified Data. Chiesi may also disclose aggregate or de-identified data that is not personally identifiable to third parties for any purpose.
Other Disclosures with Your Consent. We may ask you to share your information with other recipients not described elsewhere in this Privacy Notice.

4. HOW DO WE PROTECT PERSONAL INFORMATION?

We have implemented a variety of security measures and technologies intended to help protect Personal Information from unauthorized access, use, disclosure, alteration, or destruction. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us by contacting us at us.privacy@chiesi.com .

5. OUR USE OF SOCIAL NETWORK PLUGINS

We use social plugins (“Plugins”) of the following online social networks (collectively, the “Social Networks”) on certain webpages of our website to provide certain online content and features:

Facebook.com, operated by Meta Platforms, Inc.;
Twitter.com, operated by Twitter Inc.;
Google.com, operated by Google LLC; and
Youtube.com, operated by YouTube LLC.

These Plugins are labeled with an icon of the corresponding Social Network.

When you visit a webpage on our website containing a particular Plugin, your browser establishes a direct connection with the server of the corresponding Social Network. As a result, the Social Network will receive a notification that your browser has accessed that webpage of our website on which the Plugin appears. In addition, if you interact with that Plugin, such as by clicking Facebook’s “Like” button, the corresponding Social Network will receive information about your interaction with that Plugin. If you have logged into your account associated with that Social Network, the Social Network will be able to associate the above information with your account.

Please refer to the privacy statements of the above-listed Social Networks to learn more about the ways in which and purposes for which they collect, use, disclose and process your Personal Information, as well as your choices and rights with respect to their processing of your Personal Information.

6. WHAT IF YOU DO NOT WANT TO PROVIDE YOUR PERSONAL INFORMATION?

You can always choose not to share your Personal Information with us when prompted to share. If you object to the processing of your Personal Information, or if you have provided your consent to the processing and later choose to withdraw it, we will respect your choice in accordance with our legal obligations. This could mean that we may be unable to perform the actions necessary to achieve the purposes set forth above, or you may be unable to make use of the services and products that require the processing of your Personal Information.

7. CHILDRENS' PRIVACY

Our website is not directed at individuals under the age of 16. Without permission from a parent or legal guardian, we do not knowingly collect Personal Information directly from individuals under the age of 13. If we learn that we have collected Personal Information of individuals under the age of 13 through our website, we will take appropriate steps to address this matter.

8. CROSS BORDER TRANSFERS

The website and our offline programs are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States and those states that make up the United States. Any information you provide to Chiesi may be stored and processed, transferred between and accessed from the United States and other countries which may not guarantee the same level of protection of Personal Information as the one in which you reside. However, Chiesi will handle your Personal Information in accordance with this Privacy Notice regardless of where your Personal Information is stored/accessed.

9. UPDATES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time to reflect changes to our information processing practices. When we change this Privacy Notice in a material way, we will update the effective date at the beginning of the document. We will also provide you with notice of changes and obtain your consent to any such changes where and as required by applicable law. We encourage you to review this Privacy Notice periodically for the latest information on our information processing practices.

10. CONTACT US

If you have questions about the processing of your Personal Information or Chiesi data privacy policies or would like to be connected with our Privacy Officer, please contact us at 1-888-203-1064 or at us.privacy@chiesi.com or write to us at the following address:

Chiesi USA, Inc.
175 Regency Woods Place Suite 600
Cary, NC 2751
Attn: Legal Department

11. STATE-SPECIFIC DISCLOSURES

The following provisions apply to the Personal Information of California residents processed by Chiesi, whether collected online or offline. These provisions supplement the other sections of the Privacy Notice.

We do not sell Personal Information of California residents.

Based on your state of residence other privacy laws might apply. To determine the applicability of such laws, each request will be evaluated individually, on a case-by-case basis by Chiesi.

A. CATEGORIES OF PERSONAL INFORMATION THAT WE COLLECT AND DISCLOSE

Listed below are the categories of Personal Information about California residents that we collect and disclose for a business purpose. For more information about the categories of third-parties with whom we share your Personal Information, refer to the “HOW DO WE SHARE YOUR PERSONAL INFORMATION” Section above.

In particular, we have collected the following categories of Personal Information from our consumers within the last twelve (12) months:

Category	Examples	Collected?	Disclosed for a Business Purpose?
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, National Provider Identifier (NPI), medicare provider number, driver's license number, passport number, or other similar identifiers.	YES	YES Within Our Family of Companies Service Providers Legal Compliance
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories.	YES	YES Within Our Family of Companies Service Providers Legal Compliance
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information)	YES	YES Within Our Family of Companies Service Providers
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	YES	YES Within Our Family of Companies Service Providers
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data	YES	YES Within Our Family of Companies Service Providers Legal Compliance
F. Internet or other similar network activity.	Website navigation, browsing history, search history, information on a consumer's interaction with a website, application, or advertisement	YES	YES Within Our Family of Companies Service Providers Legal Compliance
G. Geolocation data.	Physical location or movements.	YES	YES Within Our Family of Companies Service Providers Legal Compliance
H. Audio/Visual.	Audio, electronic, or visual recordings, or similar information.	NO (Except in instances where explicit consent is granted.)	NO
I. Professional or employment-related information.	Current or past job history or performance evaluations.	YES	YES Within Our Family of Companies Service Providers Legal Compliance
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	YES	YES Within Our Family of Companies
K. Inferences drawn from other Personal Information.	Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	YES	YES Within Our Family of Companies Service Providers
L. Sensitive Personal Information	Personal Information including your Social Security number, driver’s license number, state identification card number, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; racial or ethnic origin, religious or philosophical beliefs, or union membership status	YES	YES Within Our Family of Companies Service Providers

B. WHAT PERSONAL INFORMATION DO WE COLLECT?

As described in the “WHAT PERSONAL INFORMATION DO WE COLLECT” Section above, we collect this Personal Information from you and from other sources, including public databases, social media platforms, and other third parties, when they share the information with us.

C. HOW DO WE USE YOUR PERSONAL INFORMATION?

Also as described above in the “HOW DO WE USE YOUR PERSONAL INFORMATION” Section, we may use this Personal Information to operate our business; to deliver services, products, and information; to maintain and improve our website; to communicate with you and complete and fulfill your requests; to perform and enforce contracts; to tailor marketing programs and campaigns and conduct market research; for compliance and legal interests; and in association with mergers and acquisitions.

D. DATA RETENTION

We will keep your Personal Information for as long as we are permitted based on the purpose(s) for which it was obtained. We decide how long we need Personal

Information on a case-by-case basis, and we may consider the following criteria to determine an appropriate retention period: (a) the length of time we have an ongoing relationship with you and provide a website, information, product, or service to you; (b) whether there is a legal obligation to which we are subject; or (c) whether retention is advisable in light of our legal position.

If we determine your Personal Information is no longer necessary using the factors above, we will generally destroy or anonymize that information.

E. INDIVIDUAL CONSUMER RIGHTS

Right of Access - The right for a consumer to access (a) the categories and specific pieces of personal information we collect, use, disclose, and sell about you, (b) the categories of sources from which we collected your personal information, (c) our purposes for collecting or selling your personal information, (d) the categories of your personal information (if any) that we have either sold or disclosed for a business purpose, (e) the categories of third parties with which we have shared personal information, (f) or some combination of similar information.

Right of Correction - The right for a consumer to request that incorrect or outdated personal information be corrected.
Right of Deletion - The right for a consumer to request that we delete the personal information we have collected from or maintain about them.
Right of Restriction - The right for a consumer to limit our use and disclosure of their Personal Information.
Right of Portability - The right for a consumer to request their Personal Information be disclosed in a common file format.
Right to Opt-Out of Sales - The right for a consumer to opt out of our sale(s) (if any) of your Personal Information.
Right Against Discrimination - The right for a consumer not to receive discriminatory treatment for the exercise of the privacy rights conferred by applicable laws.

F. HOW TO EXERCISE YOUR CONSUMER RIGHTS

Based on your state of residence, you may have some or all of the rights included above in the “INDIVIDUAL CONSUMER RIGHTS” Section of this Privacy Notice. Consumers must submit their privacy requests by emailing us us.privacy@chiesi.com or by contacting us at 1-866-271-8587. Only you, or someone legally authorized to act on your behalf, may make a request.

Your request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We will only use Personal Information provided in the request to verify the requestor's identity or authority to make it. To designate an authorized agent, email us at us.privacy@chiesi.com.

175 Regency Woods Place, Suite 600, Cary, NC 27518
PP-MULTI-0024 V 35.0

CHIESI ON THE WEB