Aimmune’s Website Privacy and Cookies Notice

Introduction

Aimmune Therapeutics Inc. and its subsidiaries (collectively “we”, “us” and “our”) take the privacy and security of your personal information very seriously. This Privacy Notice applies to our collection and use of personal information through our websites and mobile applications (collectively, the “Site” or “Sites”) and through our offline business-related interactions with you. Note that this Privacy Notice does not apply to information we may collect through our clinical trials, which are governed by separate terms and agreements, or to information that we process for employment purposes other than resumes and related information that you provide us through our websites.

We may change this Privacy Notice from time to time. Therefore, we may ask you to check this Privacy Notice occasionally to ensure that you are aware of the most recent version. We will notify you of any changes where we are required to do so.

Information We May Collect About You

Personal Information

We may collect and process personal information you provide us, such as name, address, email address, telephone number, country of residence or postal code and professional credentials (e.g., if you are a Healthcare Professional seeking information about our products) when you:

  • Register to use our Sites;
  • Complete an online form (e.g., to obtain email updates or ask us to send you information, submit a grant request, or participate in a survey);
  • Participate in discussion boards or other social media functions that may be connected with our Sites; or
  • Provide information to us offline regarding our business-related interactions with you (e.g., information you provide us at an industry event.)

We may also receive personal information about you from other sources, which could include commercially available sources, such as public databases and data aggregators to the extent permitted by applicable data protection laws.

Occasionally we may obtain sensitive personal information about you, for example, if you voluntarily provide information about your health, ethnicity or race as part of a request for information. By providing us with your sensitive personal information, you consent to us processing that information for the purposes set out in this Privacy Notice or any collection notice provided to you.

Technical Information

We may collect information about your browser and/or device that you use to access our Sites (like the type of browser and browser settings and the device identification number). Device information may or may not be personally identifiable depending upon whether it is linked to the identity of the user.

We may also automatically log information, such as your IP address, domain name, browser type, date and time of access, and other log file data. This information may be used to analyze trends and help us with administration of our Sites. We may collect statistical or non-personally-identifiable information about you including, for example, which pages you visit, how long you remain on a particular page, the website from which you came to our Site, or similar information.

We also may collect aggregate information such as the total number of unique or return visitors to our Sites, or visiting a section of the Site within a given timeframe. We may also use this information to measure the use of our Sites to improve our content.

Our Sites use Google Analytics cookies. Information collected by these cookies will be transferred to and stored by Google on servers in the USA in accordance with its privacy practices. For further information of Google’s privacy practices and how this applies to Google analytics, please visit:

Cookies and Other Similar Technologies

Cookies are small text files which are sent to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies act as a memory for a website, allowing that website to remember your device on your return visits. Cookies can also remember your preferences, improve the user experience as well as tailor the advertisements you see to those most relevant to you.

We may utilize session and persistent “cookies,” and other similar technologies on our Sites. We may use first and/or third party “browser” or “HTTP” cookies, which are unique text files that may be used for data analysis, and enable our Site to tailor information for the visitor. We may use browser cookies for to personalize the user’s experience on our site, to remember a user when the user registers for products or services, for fraud prevention, or to track visits to our Sites. Our Sites may generate the following types of cookies during the course of a visit:

  • Analytics cookies. This type of cookie will tell us whether your device has visited our Site before. Your browser will tell us if you have these cookies and, if not, new ones are generated. This allows us to track how many individual users we have, and how often they visit the site. We use these to gather statistics, for example, the number of visits to a page. If you are logged in as a user of our site, we also may know the details you gave to us for this, such as your username and email address.
  • Site Performance cookies. This type of cookie remembers your preferences for tools found on our website so that it is not necessary to reset these settings, such as volume settings or video replay speeds, with each visit.
  • Geotargetting cookies. This type of cookie is used to attempt to determine which country you are in using the information provided by your browser when you visit one of our web pages. We use this information to target and control content provided through our site.
  • Registration cookies. If you are a registered user of our site, this type of cookie allows us to determine whether you are signed in. This allows us to associate comments that you post with your user name. This type of cookies also allows us to manage access to content for your account. If you are signed in, we may combine this information with analytics cookies information which would could use, for example, to identify which pages on our website you have visited.
  • Advertising cookies. This type of cookie identifies marketing related information such as whether or not an advertisement or type of advertisement was shown on the device and how long since it was displayed. We also may use cookies to help us use targeted advertising. We may use cookies set by another organization so we can more accurately target advertising to you. We also may set cookies on sites that we advertise on so that we know you visited that site when you later visit our site.
  • Third-party cookies. This type of cookie is placed by a third party and is subject to that party’s privacy practices. For example, if you use a social media sharing function on our website (for example, LinkedIn or Twitter), the social media network may place a cookie and record that you have used this function.

We also may use “web beacons” (also referred to as pixel tags, clear gifs or other terms) or similar technologies to collect information such as how long a visitor remains on a particular page.

If you do not want us to deploy browser cookies to your device when you visit our Sites, you may set the browser to reject cookies or to notify the user when a web site tries to place cookies in the browser program (see below). Rejecting cookies may affect your ability to use some features offered on our Sites.

Our service providers may also collect information about visitors to our Sites over time and/or across different websites when the visitor uses our Sites. This information often is aggregate data or individual information that is tied to a browser or device rather than specific identifiers such as the visitor’s name and address, but some of this information might be considered personally identifiable under some privacy and data protection laws.

Some Internet browsers offer what often is referred to as “do not track” mechanisms for browser users to automatically signal privacy preferences to websites that they visit. Internet browsers have only begun to include these features relatively recently and there isn’t a consensus about what steps a website should take when it receives a do-not-track signal from a website visitor’s browser or what information collection or use restrictions should be applied when a do-not-track signal is received. As a result, our site does not currently respond to do-not-track-signals. However, you may exercise other choices available to you, including limiting the placement of browser cookies on your device using your browser’s cookie control features and other choices described in this Notice.

How We Use the Personal Information You Provide to Us

Subject to applicable data protection laws, we may use your personal information for the following purposes:

  • To provide you with the services and information offered through our Sites;
  • To process your requests and respond to your inquiries;
  • Register you for any services you have signed up for;
  • For business administration, including statistical analysis and as may be required to perform our obligations under a contractual relationship with you.
  • To personalize your visit to our Sites and to assist you while you use our Sites;
  • To improve our Sites by helping us understand who uses the Site;
  • To contact you about products and services offered by us which we believe may interest you;
  • To provide you with medical and disease information we believe may interest you; and
  • For fraud prevention and detection and to comply with applicable laws, regulations or codes of practice.

Who Will Have Access to Your Personal Information?

Your personal information may be made available within the Aimmune group of companies.

We sometimes employ other companies and individuals to perform functions on our behalf, e.g., providing technical support for the systems where your personal information is held. They may need access to your personal information to perform their functions but will not use your personal information for any other purpose.

If our company or some of our assets are sold or transferred or used as security or to the extent we engage in business negotiations with our business partners, the personal information collected, including through this Site, may be transferred or shared with third parties as part of that transaction or negotiation.

We may also disclose Personal Data to comply with our legal or regulatory obligations, in response to a non-mandatory request for information made by a governmental or state body, or as part of an investigation of unlawful activity.

Security and Retention of Your Personal Information

The security of your personal information is important to us. We take reasonable steps, including technical, administrative and physical safeguards, designed to protect the personal information submitted to us from loss, misuse and unauthorized access, disclosure, alteration and destruction. We will ask any agents and service providers to whom we may transfer your information take comparable steps to protect that security. However, no method of security or method of transmission over the Internet is entirely secure. You should always use caution when transmitting personal information over the Internet.

We may retain your personal information for as long as your account is active or as needed for the specific business purpose for which it was collected. In some cases, we may be required to retain information to comply with laws or regulations or other legal obligations, resolve disputes and enforce our agreements.

International Data Transfers

Your personal information may be transferred to countries located outside your country or region, including to countries that may not provide a similar or adequate level of protection to that provided by your country or region. For example, if you reside in the European Economic Area (“EEA”), we may transfer your personal information to the United States or other countries outside of the EEA. By using the Site or otherwise providing personal information to us, you hereby expressly consent to the transfer of your personal information outside your country or region. Aimmune Therapeutics Inc. participates in the EU/US and Swiss/US Privacy Shield programs for the transfer of personal data to the United States. Our Privacy Shield Privacy Policy is available at: https://www.aimmune.com/privacy-shield/.

Additional Information for Individuals in the European Economic Area (EEA)

In addition to the disclosures made elsewhere in this Privacy Policy with respect to our privacy practices, our legal basis for processing personal data we collect in the EEA can vary depending on the manner in which you use our Site or otherwise engage with us. Our legal basis for processing information about you is with your consent in cases where you authorize us to engage in processing, such as an affirmative request to receive communications from us. If you provide consent, you can withdraw your consent at any time, although this will not affect the lawfulness of our processing prior to your withdrawal of consent.

In the case of processing involving passive data collection and other processing for the administration of our Sites, such processing is undertaken pursuant to Aimmune’s legitimate interests as a data controller, including the operation of our Sites. We also may process personal data where necessary for our compliance with a legal obligation to which we are subject. We also reserve the right to process personal data in the event we believe doing so is necessary to protect the rights of the data subject or another person.

More specific information about the basis for our processing may be included on specific notices or forms and, in the event of a conflict, the purposes identified on a specific form will take precedence over the purposes identified here.

If you have concerns about our processing of your personal data you can contact our privacy point of contact, using the contact information below. You also have the right to file a complaint with your country’s data protection supervisory authority.

External links

The Site may, from time to time, contain links to external sites operated by third-parties. We are not responsible for these third-party sites or the content of such third-party sites. Once you have left our Sites, we cannot be responsible for the protection and privacy of any information which you provide.

Marketing

We may contact you periodically by email to provide information regarding programs, products, services and content that may be of interest to you. If applicable law requires that we receive your explicit consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your explicit consent. If you wish to stop receiving these types of communications from us, you can opt-out by contacting us at the email and address as described below or use any mechanism provided in the communication that you receive.

Email a Friend

We may from time to time, where permitted by applicable laws operate a “Send” or “Share” service to enable you to easily share content from the Site with someone else. If you use this facility please ensure that you have obtained that person’s consent before you provide us with their personal information. We will use this personal information to send the individual a single email message on your behalf.

Minors

This Site is not directed towards children under 13 years of age nor do we knowingly collect information from children under 13. If you are under 13, please do not use the Site or submit any personal information to us. If you believe that we have unintentionally collected personal information about your child, you can contact us by mail or email as described below.

California Privacy Rights

California’s “Shine the Light” law permits California residents to annually request and obtain information free of charge about what personal information is disclosed to third-parties for third-party direct marketing purposes in the preceding calendar year. We do not distribute your personal information to third-parties for third-party direct marketing purposes, except as provided for in this Privacy Notice.

Access, Correction and Other Individual Rights

With your support, we will keep your personal information accurate and up-to-date. If we process your personal information, then you may have a right under data privacy laws to remove, amend, or correct your personal information at any time, subject to certain exceptions permitted by law. You also may have other rights including rights to object to or to restrict the processing of your personal data and data portability. You may also contact us to opt-out from any program or other service for which you may have registered via our Sites. If you would like to access, correct or delete the personal information we hold about you, please contact us as described below.

Contact Us

If you have any questions, comments or suggestions about this Privacy Notice or our privacy practices, please contact us at dataprivacy@aimmune.com. Alternatively, letters may be sent to the following address:

Aimmune Therapeutics, Inc.
Attn: Privacy
8000 Marina Blvd, Ste 300
Brisbane, CA 94005
USA

Individuals in the EEA also can submit inquiries to:

Aimmune Therapeutics UK, Ltd.
Attn: Privacy
344-354 Gray’s Inn Road
London
WC1X 8BP

All communications to Aimmune should include the individual’s name and contact information (such as e-mail address, phone number, or mailing address), and a detailed explanation of your request. We will endeavor to respond to all reasonable requests in a timely manner, and in any case, within any time limits prescribed by applicable local law.

April 18, 2018