SUDO BIOSCIENCES PRIVACY NOTICE
Last Updated: May 1st, 2024
This Privacy Notice applies to the processing of personal information by Sudo Biosciences, Inc., and its affiliated companies (collectively, “Sudo,” “we,” “us,” or “our”) in the scope of conducting its business, such as when conducting clinical trials, in the scope of employment or business relationships, as well as when processing personal information for direct communication purposes, or through the use of Sudo website (www.sudobio.com), (collectively, the “Services”).
This Privacy Notice is without prejudice of any specific privacy notice provided to individuals in the scope of the Services, in which case, the specific privacy notice shall prevail.
Special Note Regarding Clinical Trials: If you are a clinical trial participant (i.e., clinical trial patient, investigator, or team member), please note that this Privacy Notice is in addition to any informed consent or privacy notice provided by Sudo as part of your clinical trial participation.
- UPDATES TO THIS PRIVACY NOTICE
- PROSSESSING OF PERSONAL INFORMATION
- YOUR PRIVACY CHOICES AND RIGHTS
- INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
- RETENTION OF PERSONAL INFORMATION
- SECURITY
- CHILDREN’S PERSONAL INFORMATION
- CONTACT US
1. UPDATES TO THIS PRIVACY NOTICE
We may update this Privacy Notice from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Privacy Notice on our website, and/or we may also send other communications.
2. PROCESSING OF PERSONAL INFORMATION
A. PERSONAL INFORMATION WE COLLECT
We collect personal information that you provide to us, personal information we collect automatically when you use the Services, and personal information from third-party sources, as described below.
i. Personal Information You Provide to Us Directly
- We may collect personal information you provide to us.
- Your Communications with Us. We, and our service providers, may collect the information you communicate to us, such as through email or social media platforms.
- Conferences, Trade Shows, and Other Events. We may collect and use personal information from you when we attend or host conferences, trade shows, and other events.
- Business Development and Strategic Partnerships. We may collect and use personal information from you as an individual working for and/or representing third parties to assess and pursue potential business opportunities.
- Employment/Staffing Applications. We will process personal information from you if you apply for a job with us or are a current or former employee or other staff member.
ii. Personal Information Collected Automatically
We may collect personal information automatically when you use the Services.
- Device Information. We may collect personal information about your device, such as your Internet protocol (IP) address, user settings, cookie identifiers, other unique identifiers, browser or device information, Internet service provider, and approximate location information derived from IP address.
- Session Statistics/Usage Information. We may collect personal information about your use of the Services, such as the pages that you visit, items that you search for, the types of content you interact with, information about the links you click, the frequency and duration of your activities, and other information about how you use the Services.
- Cookie Notice (and Other Technologies). We, as well as third parties, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect personal information through your use of the Services.
- Cookies. Cookies are small text files stored in device browsers.
- Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects personal information about use of or engagement with the Services. The use of a pixel tag allows us to record, for example, that a user has visited, a particular web page. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.
iii. Personal Information Collected from Third Parties
We may collect personal information about you from third parties. For example, if you access the Services using a Third-Party Service (defined below), we may collect personal information about you from that Third-Party Service that you have made available via your privacy settings. In addition, users of the Services may upload or otherwise provide personal information about others.
B. HOW WE USE YOUR PERSONAL INFORMATION
We use personal information for a variety of business purposes, including to provide the Services, for administrative purposes, and as described below.
EU/UK Legal Basis: The legal basis we rely on to process personal information is dependent on the processing purposes and the jurisdictional legal requirements. We do not process personal information without a legitimate reason, either being consent, or legal or contractual need; nonetheless, where the personal information collected is subject to the European Union’s General Data Protection Regulation and/or United Kingdom’s General Data Protection Regulation and Data Protection Act of 2018 (collectively, “GDPR”), one or more of the following legal bases may apply:
- Your consent;
- The performance of a contract;
- Compliance with a legal obligation;
- For the public interest; and/or
- For our legitimate interests so long as the rights and freedoms of the individual to whom the personal information relates are not overridden.
In addition, when processing sensitive personal information, such as health data, we may rely on an additional condition, including, without limitation:
- Compliance with obligations in the field of Employment, Social Security, or Social Protection Laws; and/or
- For scientific research purposes.
i. Provide the Services
We use personal information to fulfill our contract with you and provide the Services, such as:
- Managing your information;
- Administering our relationship with you as a user, customer, health care provider, clinical researcher, or business partner;
- Sponsoring clinical research studies;
- Providing access to certain areas, functionalities, and features of the Services;
- Answering requests for support;
- Communicating with you;
- Sharing personal information with third parties as needed to provide the Services;
- Processing your financial information and other payment methods for products and Services purchased;
- Processing applications if you apply for a job we post on our Services; and
- Allowing you to register for events or facility access; and
- Complying with applicable law, regulation, legal process, or governmental request.
ii. Administrative Purposes
We use personal information for various administrative purposes, such as:
- Pursuing our legitimate interests such as research and development (including marketing research), network and information security, and fraud prevention;
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
- Carrying out analytics;
- Measuring interest and engagement in the Services;
- Improving, upgrading, or enhancing the Services;
- Developing new products and services;
- Ensuring internal quality control and safety;
- Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Notice;
- Debugging to identify and repair errors with the Services;
- Auditing relating to interactions, transactions, and other compliance activities;
- Enforcing our agreements and policies; and
- Carrying out activities that are required to comply with our legal obligations.
iii. Marketing
Sudo does not process personal information for marketing or promotional messaging purposes.
iv. With Your Consent or Direction
We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information, with your consent, or as otherwise directed by you.
v. Automated Decision Making
Sudo does not process personal information for automated decision-making purposes.
C. HOW WE DISCLOSE YOUR PERSONAL INFORMATION
We disclose personal information to third parties for a variety of business purposes, including to provide the Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.
i. Disclosures to Provide the Services
We may disclose any of the personal information we collect to the categories of third parties described below.
- Service Providers. We may disclose personal information to third-party service providers that assist us with the provision of the Services. This may include, but is not limited to, service providers that support us with clinical trials, human resources (including insurance and other benefits support), hosting, customer service, business development, analytics, IT, and related services. Some of the service providers we may use include Google Analytics. For more information about how Google uses your personal information, please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your personal information, please click here.
- Third-Party Services You Share or Interact With. The Services may link to or allow you to interface, interact, share information with, direct us to share information with, access and/or use third-party websites, applications, services, products, and technology (each a “Third-Party Service”). Any personal information shared with a Third-Party Service will be subject to the Third- Party Service’s privacy policy. We are not responsible for the processing of personal information by Third-Party Services.
- Affiliates. We may share your personal information with our corporate affiliates.
- Clinical Research Organizations, Clinical Trial Service Providers, Investigators, and their Staff. We will share your personal information with clinical stakeholders involved in clinical trials you are enrolled.
- Regulators and/or Government Bodies. We may share your personal information with Regulators, in the scope of clinical trials, or with government bodies for employment-related purposes.
ii. Disclosures to Protect Us or Others
We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
iii. Disclosure in the Event of Merger, Sale, or Other Asset Transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be disclosed, sold, or transferred as part of such a transaction.
3. YOUR PRIVACY CHOICES AND RIGHTS
A. Your Privacy Choices. The privacy choices you may have about your personal information are described below.
- Do Not Track signals and Global Privacy Control. Some web browsers incorporate other "do-not-track" (“DNT”) or similar features that signals to websites with which the browser communicates that a visitor does not want to have their online activity tracked. As of the Effective Date, not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, we along with many other digital service operators do not respond to all DNT signals. We recognize Global Privacy Controls signals as required under certain state privacy laws, but we do not currently recognize other DNT signals. For more information about the Global Privacy Control, please visit https://globalprivacycontrol.org.
- Cookies. Sudo uses strictly necessary cookies, performance cookies (i.e., analytics), and functionality cookies (i.e., preferences). While strictly necessary cookies enable the website to function properly, the performance and functionality cookies may be disabled or removed by adjusting your preferences as your browser permits (e.g., by opting out on the banner appearing when visiting our website). If you disable performance and functionality cookies, no personal information is collected from you when you use our website. You must separately opt out in each browser and on each device.
3. Your Privacy Rights. In accordance with applicable law, you may have the following rights:
- Right to receive transparent information. You may have the right to be informed about what personal information is collected and by whom, how it is processed, with whom it is shared, and how to exercise applicable rights in a clear and easily accessible format;
- Right of Access. You may have the right to confirm with Sudo whether it is processing your personal information and to access such information; additionally, you may have the right to obtain details regarding the processing activities performed on your personal information;
- Right to Rectification. You may have the right to correct inaccurate personal information processed by Sudo;
- Right to Erasure. You may have the right to have your personal information erased; this is not an absolute right and may only apply when certain legal conditions are met;
- Right to Object. You may have the right to object to the processing of your personal information, in certain circumstances as allowed by applicable law;
- Right of Restriction. If you challenge the lawfulness or accuracy of the processing, you may have the right to restrict the processing of your personal information until you receive the relevant information that may either lead to lifting the restriction or stop the processing;
- Right to Data Portability. You may have the right, in limited circumstances, to receive an electronic copy of your personal information and/or have it transferred to another individual or legal entity as per your request; and
- Right to Withdraw Your Consent. When the processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. Please note your withdrawal will only affect future processing of personal information previously collected.
If you would like to exercise any of these rights, please follow the instructions set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.
Only you, or someone legally authorized to act on your behalf in certain jurisdictions, may make a request to exercise the rights listed above regarding your personal information. If your personal information is subject to a law that allows an authorized agent to act on your behalf in exercising your privacy rights and you wish to designate an authorized agent, please provide written authorization signed by you and your designated agent using the information found in “Contact Us” below and ask us for additional instructions. To protect your privacy, we will take steps to verify your identity before fulfilling requests submitted under applicable privacy laws. These steps may involve asking you to provide sufficient information that allows us to reasonably verify whether you are the person about whom we collected personal information or an authorized representative.
You may have the right to appeal our decision, if we decline to process your request or if you believe we are violating your privacy rights. If applicable laws grant you an appeal right, and you would like to appeal our decision with respect to your request, you may do so but first we invite you to try to resolve the issue with us directly before making the appeal. To do so, please inform us of your intent to resolve the issue before proceeding with the appeal and provide us with information that would support your appeal. Under the GDPR, you have the right to lodge a complaint with the competent data protection authority if you consider your data protection rights are being violated.
- If you are located within the European Economic Area, you may find the contact details of the competent authorities in the following link: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.
- If you are located in the United Kingdom, you may lodge a complaint with the Information Commissioner’s Office (ICO) by clinking here: https://ico.org.uk/make-a-complaint/.
4. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
All personal information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. These countries may or may not have adequate data protection laws as defined by the data protection authority in your country.
If we transfer personal information from the European Economic Area, and/or the United Kingdom to a country that does not provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.
For more information about the safeguards we use for international transfers of your personal information, please contact our Data Protection Officer, as set forth in the “Contact Us” section below.
5. RETENTION OF PERSONAL INFORMATION
We store the personal information we collect as described in this Privacy Notice for as long as you use the Services, or as necessary to fulfill the purpose(s) for which it was collected, provide the Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.
6. SECURITY
We implement physical, technical, and administrative controls to protect your personal information from unauthorized access, use or disclosure, and monitor such controls to help minimize risks from any security threats. We also ensure that any service provider, processor, or sub-processor processing your personal information on our behalf contractually commits to equivalent security measures to ensure the protection of your personal information during the entire lifecycle of the processing activities.
7. CHILDREN’S PERSONAL INFORMATION
The Services are not directed to children under 18 (or other age as required by local law outside the United States), and we do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has uploaded personal information to the Services in violation of applicable law, you may contact us as described in “Contact Us” below.
8. CONTACT US
United States: If you are in the United States and have questions about our privacy practices or this Privacy Notice or would like to exercise your rights as detailed in this Privacy Notice, please contact us at:
Sudo Biosciences, Inc. -- Privacy
10401 N. Meridian Street, Suite 225
Carmel, IN 46290
info@sudobio.com
EEA/UK: Sudo is the controller of the personal information we process under this Privacy Notice and has appointed the following entity as its Data Protection Representative in Europe:
EU Data Protection Representative:
Research and Development Privacy Consultancy S.L.; e-mail: DPR@rdprivacy.com
If you have any questions about our privacy practices or this Privacy Notice, or want to exercise your rights as detailed in this Privacy Notice, please contact our Data Protection Officer at: DPO@rdprivacy.com
For general questions, you may also reach out to us at:
info@sudobio.com.