Global Privacy Policy

1. OVERVIEW

1.1    Purpose

AnaptysBio, Inc. and its operating divisions, subsidiaries, affiliates, and branches (collectively, “AnaptysBio,” “we,” or “us”) are sensitive to privacy issues, and it is important to us to protect the information entrusted to us. Accordingly, AnaptysBio provides this privacy and information practices policy (the “Policy”) to inform you about our online information practices, the kinds of information we may collect, how we intend to use and share that information, and how you can correct or change such information.

1.2    Scope

This Policy applies to Personal Information that is Processed by AnaptysBio in the course of our business, including on AnaptysBio websites, and other online offerings (together with any and all future online and mobile offerings operated by or on behalf of AnaptysBio, the “Services”). All individuals whose responsibilities include the Processing of Personal Information on behalf of AnaptysBio are expected to protect that data by adherence to this Policy. This Policy is intended to meet requirements globally, including those in North America, Europe, APAC, and other jurisdictions.

This Policy applies to all AnaptysBio’s operating divisions, subsidiaries, affiliates, and branches and any additional subsidiary, affiliate, or branch of AnaptysBio that we may subsequently form.

2.  Transparency/Notice–Types of Personal Information We Collect and How We Use It

The types of Personal Information we may collect (directly from you or from Third-Party sources) and our privacy practices depend on the nature of the relationship  you have with AnaptysBio and the requirements of applicable law. We endeavor to collect only that information which is relevant for the purposes of Processing. Below are the legal bases and some of the ways we collect information and how we use it.

2.1    Types of Personal Information We Collect

AnaptysBio collects Personal Information regarding its current, prospective, and former customers, consumers/patients, visitors, guests, and website users (collectively “Individuals”).

2.1.1    Information You Provide Directly to Us

When  you  use  the  Services  or  engage  in  certain  activities,  such  as registering for an account with AnaptysBio, requesting services or information, or contacting us directly, we may ask you to provide some or all of the following types of information:

  • Contact information, such as name, email address, telephone or mobile number, and address;
  • Demographic information, such as your gender, ZIP code, and details about your personal preferences, interests, and characteristics;
  • Health information including information about medical conditions, health history, treatment and medication history, medical records, and health insurance information. Any Health Information that is tied to an Individual’s Personal Information will be treated as Personal Information, provided that any Protected Health Information will be protected in accordance with the requirements of HIPAA; and
  • Requests and other correspondence you send to us.

Additionally, in some cases AnaptysBio is obligated to collect certain Personal Information to comply with regulatory requirements, including information relating to adverse events you have experienced when using or product complaints you may have about our products.

You can choose not to provide information to us directly, but some of this information is required to participate in some of the Services, and some Services may not function properly if you choose not to provide the information requested.

2.1.2    Information We Collect Automatically

We may collect certain information automatically through our services or other methods of web analysis, such as your Internet protocol (IP) address, cookie identifiers, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the services, and other actions taken through use of the Services.

2.1.3    Information We Obtain from Other Sources

We may receive  information  about  you  from  other sources,  including through Third-Party services and organizations.

AnaptysBio may indirectly collect information about your health condition, diagnosis, and treatment from  your healthcare professional, but only where your healthcare professional or referred clinical investigator has obtained your consent to disclose that information to us, as required by law.

AnaptysBio may collect various information about healthcare professionals including first name, last name, age, gender, home address, home phone number, medical specialization, professional qualifications, license number and  scientific society membership number. Additionally, if you access Third-Party services, such as Facebook or Twitter, we may collect information from these Third-Party services.

2.2    How AnaptysBio Collects Personal Information

Some of the ways that AnaptysBio may collect Personal Information include:

  • You may  provide  Personal  Information  directly  to  AnaptysBio  through interacting with the Services, participating in surveys, during events, and requesting products, Services, or information.
  • As you navigate the Services, certain passive information may also be collected about your visit, including through cookies and similar technologies as discussed in Section 2.5.

2.3    How AnaptysBio Uses Personal Information

We acquire, hold, use, and Process Personal Information based on the legal grounds and for the legitimate business purposes outlined in this Policy, including:

  • To Provide Products, Services, or Information Requested: AnaptysBio may use information about you to fulfill requests for products, Services, or information,  including   information   about   potential   or   future   Services, including to:
    • Generally manage Individual information and accounts;
    • Respond to questions, comments, and other requests;
    • Provide   access   to   certain   areas,   functionalities,   and   features   of AnaptysBio’s Services;
    • Allow you to register for events.
  • Administrative Purposes: AnaptysBio may use Personal Information about you for its administrative purposes, including to:
    • Ensure internal quality control;
    • Verify Individual identity;
    • Communicate about AnaptysBio’s Services and systems, and, in AnaptysBio’s discretion, changes to any AnaptysBio policy;
    • Process applications and transactions;
    • Comply with regulatory requirements, including collecting and using information relating to adverse effects you have experienced when using our products;
    • Prevent potentially prohibited or illegal activities;
    • Enforce our Terms of Service.

You may contact us at any time to opt out of the use of your Personal Information for marketing purposes, as further described below.

  • Research and Development: AnaptysBio may use Personal Information to create non-identifiable information that we may use alone or in the aggregate with information obtained from other sources, in order to help us to optimally deliver   our   existing   products   and   services   or   develop   new   products and Services.
  • Information Anonymized or Aggregated. Including as discussed below in Section 2.6, AnaptysBio may use and share anonymized or aggregated information within the AnaptysBio group of companies or with Third Parties for public health, research, analytics, or any other legally permissible purpose.
  • Other Uses.  AnaptysBio may use Personal Information for other purposes disclosed  to  you  at  the  time  you  provide  Personal  Information  or  with your consent.

2.4    Research/Survey Solicitations

From time to time, AnaptysBio may perform research (online and offline) via surveys. We may engage Third-Party service providers to conduct such surveys on our behalf. All survey responses are voluntary, and the information collected will be used for research and reporting purposes to help us better serve Individuals by learning more about their needs and the quality of the products and services we provide. The survey responses may be utilized to determine the effectiveness of our Services, various types of communications, advertising campaigns, and/or promotional activities. If an Individual participates in a survey, the information given will be used along with that of other study participants. We may share anonymous Individual and aggregate data for research and analysis purposes.

2.5    Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based

Advertising

We, as well as third parties that provide content or other functionality on our Services, may use cookies, pixel tags, local storage, and other technologies to automatically collect information through the Services.

2.5.1    Cookies

Cookies are small bits of information that are stored by your computer’s web browser. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

Cookies can only access Personal Information that you have provided on our Services and cannot be accessed by other websites. Individuals also have the ability to delete cookie files from their own hard drive at any time by clicking on the Privacy or History tab typically found on the Settings or Options menu in your internet browser. However, please also be advised that cookies may be necessary to provide access to much of the content and many of the features of AnaptysBio’s Services.

2.5.2    Pixel Tags/Web Beacons

AnaptysBio may use “pixel tags,” also known as “web beacons,” which are small graphic files that allow us to monitor the use of our Services. A pixel tag can collect information such as the Internet Protocol (“IP”) address of the computer that downloaded the page on which the tag appears; the URL of the page on which the pixel tag appears; the time the page containing the pixel tag was viewed; the browser type and language; the device type; geographic location; and the identification number of any cookie on the computer previously placed by that server. When corresponding with you via email, we or our Third Party-service providers may use tracking technologies, which allows us to know whether you received and opened our email.

2.5.3    Analytics Information

We may also use Google Analytics to collect information regarding visitor behavior and visitor demographics on some of our Services and to develop website content. This analytics data is not tied to any Personal  Information. For more information about Google Analytics, please visit  www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and Processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout.

2.6    Anonymous and Aggregated Information

AnaptysBio may use Personal Information and other information about you to create anonymized and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access AnaptysBio’s Services, or other analyses we create. Anonymized and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Services. Anonymized or aggregated information is not Personal Information, and AnaptysBio may use such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes. We may share this information within AnaptysBio and with Third Parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.

3.    Choice/Modalities to Opt Out

You have the right to opt out of certain uses and disclosures of your Personal Information.

3.1    General

Where you have consented to AnaptysBio’s Processing of your Personal Information or Sensitive Personal Information, you may withdraw that consent at any time and opt out to further Processing by following the instructions in this Section 3.0.

Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will provide information regarding the new purpose and give you the opportunity to opt out.

Prior to disclosing Sensitive Data to a Third Party or Processing Sensitive Data for a purpose other than its original purpose or the purpose authorized subsequently by the Individual, AnaptysBio will endeavor to obtain each Individual’s explicit (opt-in) consent. Where consent of the Individual for the Processing of Personal Information is otherwise required by law or contract, AnaptysBio will comply with the law or contract.

3.2    “Do Not Track”

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. AnaptysBio does not recognize or respond to browser-initiated DNT signals.

4.    Onward Transfer

4.1    Information We Share

AnaptysBio does not sell or otherwise disclose Personal Information about you, except as described in this Policy or as you explicitly consent to.

4.1.1    Service Providers

AnaptysBio may share Personal Information with our service providers that we have retained to perform services on our behalf including (i) provision of IT and related services; (ii) provision of information and services you have requested; (iii) payment processing; and (iv) customer service activities. Payment information will be used and shared only to effectuate your order and may be stored by a service provider for purposes of future orders.

AnaptysBio has executed appropriate contracts with the service providers that prohibit them from using or sharing Personal Information except as necessary to perform the contracted services on our behalf or to comply with applicable legal requirements.

4.1.2    Business Partners

AnaptysBio may share Personal Information with our business partners, and affiliates for our and our affiliates’ internal business purposes or to provide you with a product or service that you have requested AnaptysBio may also provide Personal Information to business partners with whom we may jointly offer products or services, or whose products or services we believe may be of interest to you. In such cases, our business partner’s name will appear, along with AnaptysBio’s. AnaptysBio requires our affiliates and business partners to agree in writing to maintain the confidentiality and security of Personal Information they maintain on our behalf and not to use it for any purpose other than the purpose for which AnaptysBio provided them.

4.1.3    Information Disclosed for Our Protection and the Protection of Others

We may disclose information about you: (i) if we are required to do so by law, court order, or legal process; (ii) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; (iii) under the discovery process in litigation; (iv) to enforce AnaptysBio policies  or contracts; (v) to collect amounts owed to

AnaptysBio; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) if we, in good faith, believe that disclosure is otherwise necessary or advisable.

In addition, from time to time, server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Services. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.

4.1.4    Information Disclosed in Connection with Business Transactions

We reserve the right to disclose or transfer any information we have about you in the event of a proposed or actual purchase, reorganization, sale, lease, merger, joint venture, assignment, amalgamation, or any other type of acquisition, disposal, or financing of all or any portion of our business or of any of the business assets or shares (including in connection with any bankruptcy or similar proceeding). Should such an event occur, AnaptysBio will endeavor to direct the transferee to use Personal Information in a manner that is consistent with this Policy.

4.2    Data Transfers

All Personal Information collected via or by AnaptysBio may be stored anywhere in the world, including but not limited to, in the United States, in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers. Your Personal Information may be accessible to law enforcement or other authorities pursuant to a lawful request. By providing information  to  AnaptysBio,  you  consent  to  the  storage  of  your  Personal  Information  in these locations.

5.    Rights of Access, Rectification, Erasure, and Restriction

You may inquire as to whether AnaptysBio is Processing Personal Information about you, request access to Personal Information, and ask that we correct, amend or delete your Personal Information where it is inaccurate. Where otherwise permitted by applicable law, you may use any of the methods set out in Section 8 of this Policy to request access to, receive (port), restrict Processing, seek rectification, or request erasure of Personal Information held about you by AnaptysBio. Such requests will be processed in line with local laws.

Although AnaptysBio makes good faith efforts to provide Individuals with access to their Personal Information, there may be circumstances in which AnaptysBio is unable to provide access,  including but  not  limited to:  where the information  contains  legal  privilege,  would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the Individual’s privacy in the case in question or where it is commercially proprietary. If AnaptysBio determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, AnaptysBio will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Information.

6.    Retention

AnaptysBio retains the Personal Information we receive as described in this Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our products and services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

7.    Security

The security of all Personal Information provided to AnaptysBio is important to us, and AnaptysBio takes reasonable steps designed to protect Personal Information. Unfortunately, no data transmission over the Internet or storage of information can be guaranteed to be 100% secure. As a result, while AnaptysBio strives to protect Personal Information, we cannot ensure or warrant the security of any information you transmit to AnaptysBio, and you do so at your own risk. You are responsible for maintaining the secrecy of your own passwords. If you have reason to believe that your passwords or Personal Information is no longer secure, please promptly notify AnaptysBio at privacy@AnaptysBio.com.

8.    Redress/Compliance and Accountability

If after reviewing this Policy, you would like to submit a request or you have any questions or privacy concerns, please contact:  privacy@anaptysbio.com and at 10770 Wateridge Circle, Suite 210, San Diego, CA 92121-5801.

AnaptysBio will address your concerns and attempt to resolve any privacy issues in a timely manner.

9.    Other Rights and Important Information

9.1    Information Regarding Children

Due to the nature of AnaptysBio’s business, products and Services are not marketed to minors. AnaptysBio does not knowingly solicit or collect Personal Information from children under the age of 13 (and in certain jurisdictions under the age of 16). If we learn that we have collected Personal Information from a child under the age of 13 (and in certain jurisdictions under the age of 16), we will promptly delete that information.

9.2    California Privacy Rights

California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the Third Parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. AnaptysBio does not share Personal Information with Third Parties for their own marketing purposes.

9.3    Links to Third-Party Websites

AnaptysBio’s Services may contain links to other websites for your convenience and information. AnaptysBio does not control Third-Party websites or their privacy practices, which may differ from those set out in this Policy. AnaptysBio does not endorse or make any representations about Third-Party websites. Any Personal Information you choose to give to unrelated Third Parties is not covered by this Policy. AnaptysBio encourages you to review the privacy policy of any company or website before submitting your Personal Information. Some Third Parties may choose to share their users’ Personal Information with AnaptysBio; that sharing is governed by that company’s privacy policy, not this Policy.

9.4    Changes to the Policy

AnaptysBio may update this Policy from time to time as it deems necessary in its sole discretion. If there are any material changes to this Policy, AnaptysBio will notify you by email or as otherwise required by applicable law. AnaptysBio encourages you to review this Policy periodically to be informed regarding how AnaptysBio is using and protecting Personal Information and to be aware of any policy changes. Your continued relationship with AnaptysBio after the posting or notice of any amended Policy shall constitute your agreement to be bound by any such changes. Any changes to this Policy take effect immediately after being posted or otherwise provided by AnaptysBio.

Definitions

“Agent” means any Third Party that Processes Personal Information pursuant to the instructions of, and solely for, AnaptysBio or to which AnaptysBio discloses Personal Information for use on its behalf.

“Individual” is an identified or identifiable Employee, a customer, user or visitor of the Services, or any other natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Employee” refers to any current, temporary, permanent, prospective or former employee, director, contractor, worker or retiree of AnaptysBio or its subsidiaries worldwide.

“Personal Information” is any information relating to an identified or identifiable natural person (“Individual”), including Internet Protocol addresses, information contained in cookies, and navigational data. This type of information is used for the purposes of gathering data to provide improved administration of our Services, and to improve the quality of your experience when interacting with our Services.

“Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

“Protected Health Information” is a subset of Personal Information and has the meaning set out in the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”), and in particular at 45 C.F.R. § 160.103, as it may be amended from time to time.

“Sensitive Data” or “Sensitive Personal Information” is a subset of Personal Information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections.

Sensitive Personal Information includes Personal Information regarding EU residents that is classified as a “Special Category of Personal Data” under EU law, which consists of the following data elements: (1) race or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) genetic data; (6) biometric data where Processed to uniquely identify a person; (6) health information; (7) sexual orientation or information about the Individual’s sex life; or (8) information relating to the commission of a criminal offense.

“Third Party” is any company, natural or legal person, public authority, agency, or body other than the Individual, AnaptysBio or AnaptysBio’s Agents.