Pharvaris GmbH Privacy Statement
Last Updated: February 22, 2024
Pharvaris GmbH, based at Grafenauweg 8, 6300 Zug, Switzerland (“we”, “us” and “our”), is responsible for this website and recognizes the importance of and is committed to respecting and protecting your privacy. Within the scope of this Privacy Statement, we acts as a data controller or “business” for the personal data (“Personal Data”) we process. This means that we decide how and why Personal Data is collected and further processed.
This Privacy Statement applies to our collection and use of Personal Data through our website deflateHAE.com (the ”Site”) and through our offline business-related interactions with you. Please read this Privacy Statement to learn what we are doing with your Personal Data, how we protect it, and what privacy rights you may have under applicable data protection and privacy laws, such as the European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act of 2018 (CCPA).
What are the purposes for which we process your Personal Data?
We may process your Personal Data for the following purposes:
- Internal record keeping
- To provide you with the information you request via one of the Site’s online forms
- To manage relations with clients
- To provide and improve products and services
- To personalize content
- To develop statistics and analysis related to the information and services provided through the Site
- To request participation in surveys
Cookies
The Site may collect information that could be potentially Personal Data about your visits without you actively submitting such information. Unidentified information may be collected using various technologies, such as cookies. Cookies are small text files that are stored on computer hard drives by websites that you visit. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, see in the section “Cookie Statement”.
Types of Personal Data we collect and process
We collect the following Personal Data about you:
- Your contact details:
- First and last names
- Address
- Telephone number
- Email address
- Your background/user profile (e.g. HCP, non-HCP)
- Subject matter (i.e. medical or research specialty)
- Health data such as diagnosed medical conditions
- Other Personal Data such as age, gender, etc.
Where from do we get your Personal Data from?
- You directly
- Automatically collected information
- Information received from third parties, such as IQVIA
What are the legal bases for processing?
To collect and use your Personal Data, we must have a valid reason, which under some laws is called the “lawful basis for processing” or “legal grounds for processing.”
We may process your Personal Data on the following lawful bases:
- Your Consent: Sometimes, we will use your Personal Data because you actively gave us your consent that it is okay that we do so. This includes, for example, where you indicate that we may process health data such as medical diagnoses on our Site in order to provide information about our products and services.
- Legitimate Interests: We sometimes use your Personal Data because we believe it is in our interest or the interest of someone else. This will only apply when we use your Personal Data in ways that make sense and do not intrude on your privacy much, or when we have a very good reason for it. Here is what it normally means for us:
- Website Improvement: We may use data to enhance the Site features and functionality, making them more useful and user-friendly.
- Engagement: Keeping users, subscribers and others informed about updates and content that may interest them.
- Security and Fraud Prevention: Protecting the Site and its users from security threats, fraud, and abuse.
- Legal Compliance: Ensuring compliance with relevant laws and regulations, including the rules from other countries besides yours.
- Following the Law: This includes processing your Personal Data to follow the law, such as keeping records of your cookie choices to comply with EU law, such as the ePrivacy Directive and the GDPR.
- Other Reasons: This includes using your data for any other reason that the law allows.
If we use legitimate interests as the reason for using your Personal Data, you can ask us for more details about why we think it is a good idea by sending us an email to privacy@pharvaris.com.
When we use your Personal Data because you gave us permission (consent), you can change your mind at any time. However, this will not undo the things we did with your data before you changed your mind. It also will not change the things we are allowed to do with your data based on other reasons.
How long do we keep your Personal Data?
We retain your Personal Data for as long as is reasonably necessary for the specific purpose or purposes for which it was collected. In some cases, we may be required to retain Personal Data for a longer period of time by law or for other necessary business purposes.
Who do we share your personal information with?
We share your Personal Data with our subsidiaries/affiliated companies and third-party processors such as IT services and website hosting companies, (internet) connectivity providers and other partners assisting us in administering our business.
Your privacy rights
You can access all your Personal Data that we collect online. You may also demand the deletion of your Personal Data unless the applicable laws and regulations oblige us to store your Personal Data.
You can request to be provided with information about your Personal Data which we store/process about you. In addition, you have the right to have any Personal Data blocked or deleted, to object to the processing of your data, to have any incorrect data corrected and the right to have your Personal Data transferred to a third party.
You can correct factual errors in your Personal Data by sending us an email that credibly shows the error. You likewise have the right to request the correction of incorrect Personal Data.
Where we previously obtained your consent, you have the right to withdraw your consent to processing at any time. If you withdraw your consent, our use of your Personal Data before you withdrew is still lawful.
We will not discriminate against you for exercising any of your privacy rights.
We do not sell or share your Personal Data to third parties, as defined under the CCPA.
If the EU or UK General Data Protection Regulation applies to our processing of your Personal Data, you have the right to lodge a complaint with a supervisory authority if you are not satisfied with how we process your Personal Data. Specifically, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work, or the alleged violation of the GDPR. In the UK, you can lodge a complaint with the UK Information Commissioner’s Office. A list of European Union supervisory authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en
We may update or amend this statement at any time by posting the amended statement to the Site.
Verification of your identity
In order to correctly respond to your privacy rights requests we need to confirm that you made the request. Consequently, we may require additional information to confirm that you are who you say you are.
We will only use the Personal Data you provide us in a request to verify your identity or authority to make the request.
Verification of your authority
If you are submitting a request on behalf of somebody else, we will need to verify your authority to act on behalf of that individual. When contacting us, please provide us with proof that the individual gave you permission to submit this request or proof of parental responsibility or legal guardianship. Alternatively, you may ask the individual to directly contact by using the contact details below to verify their identity with us and confirm with us that they gave you permission to submit this request.
Response time
Please allow us up to a month to reply to your requests (except requests to stop selling your Personal Data) from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason why and the extension period in writing.
If we cannot satisfy a request, we will explain why in our response. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without difficulty.
We will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.
International data transfers
Pharvaris uses servers and other storage facilities in the United States, the EU, and Switzerland. Pharvaris may transfer Personal Data outside of its country of origin for the purposes, and in the manner, set out in this Privacy Statement, including for processing and storage by service providers and affiliates in connection with such purposes. In all situations, Pharvaris takes reasonable steps to ensure that your privacy is protected. Such steps include, but are not limited to, implementing privacy, security, and contractual controls, as well as steps noted in this privacy statement, as required by applicable law.
When your Personal Data is safeguarded by the EU or UK GDPR or Swiss data protection law, before sending it to parties the European Economic Area (EEA) , the UK, or Switzerland, we will do one of two things:
- Seek your consent; or
- Demand privacy and security: We will ensure the third party maintains the same level of privacy and security for your Personal Data as we do.
In some cases, the authorities of a country may have determined that the laws of other countries, territories or sectors within a country provide a level of protection equivalent to domestic law. You can see here the list of countries, territories and specified sectors that the European Commission recognized as providing an adequate level of protection for personal data, here the list of the UK, and here the list of Switzerland.
We are accountable for the protection of your Personal Data when we transfer it to others. We either send it to a country, territory or sector within a country that is recognized as providing the same level of personal data protection as the country of origin, or use safeguards like Binding Corporate Rules or the Standard Contractual Clauses (also known as the “SCCs”) approved by the European Commission under Article 46(2) of the GDPR, with necessary adjustments for transfers from the UK or Switzerland, or use specific transfer instruments like the UK International Data Transfer Agreement.
Security of your Personal Data
The security of your Personal Data is important to us. We take reasonable steps, including technical, administrative and physical safeguards, designed to protect the Personal Data submitted to us from loss, misuse and unauthorized access, disclosure, alteration and destruction. Such measures may include but are not limited to: the encryption of communications via SSL, encryption of information while it is in storage, firewalls, access controls, separation of duties, and similar security protocols. However, no method of security or method of transmission over the Internet is entirely secure. You should always use caution when transmitting Personal Data over the Internet.
Pharvaris endeavors to obtain assurances from its service providers and affiliates that they will safeguard Personal Data consistent with this Privacy Statement. An example of appropriate assurances that may be provided by service providers and affiliates includes a contractual obligation that they provide at least the same level of protection as is required by Pharvaris’s privacy principles set out in this privacy statement. Where Pharvaris has knowledge that a service provider or affiliate is using or disclosing Personal Data in a manner contrary to this Privacy Statement, Pharvaris will take appropriate steps to prevent or stop the use or disclosure.
Contact Us
Before sending an e-mail, please be aware of the following:
Please DO NOT report drug safety related information, such as side effects, by sending an e-mail to deflatehae@Pharvaris.com. If you are a patient, please contact your physician in case of adverse reactions.
If you have any questions about this Privacy Statement or concerns about the way Pharvaris processes your Personal Data, or require assistance in managing your privacy rights, please get in touch with us at:
Pharvaris GmbH
Grafenauweg 8
6300 Zug, Switzerland
Email: deflatehae@Pharvaris.com
We have appointed VeraSafe as our Data Protection Officer (DPO). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:
VeraSafe LLC
100 M Street S.E., Suite 600
Washington, D.C.
20003
USA
Web: www.verasafe.com/about-verasafe/contact-us/
E-mail: dataprivacyofficer@Pharvaris.com
Changes to this Privacy Statement
If we make any material change to this Privacy Statement, we will post the revised Privacy Statement to this web page. We will also update the “Last Updated” date.