• Data You Provide

We collect Personal Data you provide, for example when you enter the data into form fields on our Online Platforms. For example, we may collect:

• Data Collected Automatically

As is true of most digital platforms, we gather certain data automatically when you use our Online Platforms. This data may include browser, device, cookie and similar data that we collect as follows:

• Additional Uses of Personal Data

In addition to the uses described above, we may use your Personal Data for the following purposes, which uses may under certain circumstances be based on your consent, may be necessary to fulfill our contractual commitments to you, and are necessary to serve our legitimate interest in the following business operations: 

• Operating our business, administering the Processing;
• Contacting you to respond to your requests or inquiries;
• Processing and completing your transactions including, as applicable, order confirmation, providing you with trial products, providing white papers and case studies, processing payments for event registrations or software licenses ( where applicable) and delivering products or services;
• Providing you with newsletters, articles, product or service alerts or announcements, discount codes, event invitations, and other information that we believe may be of interest to you;
• Providing you with marketing information offers, and content and insights that are personally tailored to your interests.
• Conducting market research, surveys, and similar inquiries to help us understand trends and customer needs and attendee satisfaction where relevant;
• Correcting an offer, promotion, or advertisement;
• Administering contests and promotions or contacting you regarding a contest prize;
• Preventing, investigating, or providing notice of fraud, unlawful or criminal activity, or unauthorized access to or use of Personal Data, our Online Platforms or data systems; or to meet legal obligations;
• Enforcing our Terms of Use and other agreements; and,

• Legitimate Interests

We rely on several legitimate interests in using and sharing your Personal Data. These interests include:

• Improving and customizing the Online Platforms for you;
• Understanding how the Online Platforms are being used;
• Obtaining insights into usage patterns of the Online Platforms;
• Exploring ways to develop and grow our business;
• Administrative purposes, including but not limited to, recruiting and onboarding;
• Direct marketing;
• Ensuring the safety and security of the Online Platforms; and
• Enhancing protection against fraud, spam, harassment, intellectual property infringement, crime and security risks.

Data Retention

We will retain your Personal Data for as long as is necessary for the purposes set out in these Disclosures, subject to your right, under certain circumstances, to have certain of your Personal Data erased (see Your Rights below), unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights, all in accordance with the principles set forth in Article 5(1) of the GDPR.
Where we are processing Personal Data based on our legitimate interests, we generally will retain such data for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects. 
Where we are processing Personal Data based on your consent, we generally will retain the data for the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain of your Personal Data erased (please see the Your Rights section below). 
Where we are processing Personal Data based on contract, we generally will retain the data for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship. 
In addition, we may face threat of legal claim and in that case, we may need to apply a “legal hold” that retains data beyond our typical retention period.  In that case, we will retain the data until the hold is removed, which typically means the claim or threat of claim has been resolved.

Service Providers:  We share your Personal Data with third-party service providers who complete transactions or perform services on our behalf or for your benefit, such as for payment processing, marketing, analytics, processing employment applications and performing human resources administration or to verify customer data, such as mailing addresses.

Affiliates:  We may share your Personal Data with affiliated legal entities within our family of companies for purposes and uses that are consistent with these Disclosures.

Business Partners: We may share your Personal Data with our business partners (for example Hubspot and Salesforce) for the purpose of administering our Online Platforms and customer relationship management system for the Processing.

Legal Process, Safety and Terms Enforcement:  We may disclose your Personal Data to legal or government regulatory authorities as required by applicable law. We may also disclose your Personal Data to third parties as required by applicable law in connection with claims, disputes or litigation, when otherwise required by applicable law, or if we determine its disclosure is necessary to protect the health and safety of you or us, or to enforce our legal rights or contractual commitments that you have made.

Business Transfers: Your Personal Data may be disclosed as part of a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets, and could be transferred to a third party as one of the business assets in such a transaction. It may also be disclosed in the event of insolvency, bankruptcy or receivership. You will be notified via email and/or a prominent notice on any affected Online Platforms of any change in ownership or uses of Personal Data, as well as your choices regarding Personal Data about you.

Such appropriate safeguards for international data transfers may include the following:

EU-U.S. Privacy Shield:  In respect of some of our vendors, if we transfer any of your Personal Data from the EEA to a vendor outside the EEA who is certified under the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce, we may rely on the certification of such vendor to ensure adequate protection for your Personal Data so transferred.  You can learn more about Privacy Shield by visiting https://www.privacyshield.gov/.

Adequacy Decision:  We may transfer your Personal Data to Switzerland, which the European Commission has approved as providing adequate protection to personal data.

Standard Contractual Clauses:  The European Commission has adopted standard data protection clauses, which provide safeguards for personal data transferred outside of the EEA. We generally use Standard Contractual Clauses when transferring Personal Data from a country in the EEA to a country outside the EEA. You can request a copy of our Standard Contractual Clauses by contacting us as set forth in the Contact Us section below.

By contract:  We will transfer your Personal Data outside the EEA if the transfer is necessary to the performance of a contract between you and Cytel, or if the transfer is necessary to the performance of a contract between Cytel and a third party, and the contract was entered into in your interest.

In addition, we may transfer your Personal Data outside the EEA if the transfer is necessary to establish, exercise or defend legal claims or to protect your vital interests.

Upon request, we will provide you with information about whether we hold any of your Personal Data along with any details required to be provided to you under applicable law.  In certain cases, you may also have a right to:

• rectify any of your Personal Data that is inaccurate;
• to restrict or limit the ways in which we use your Personal Data;
• to object to the processing of your Personal Data;
• to request the deletion of your Personal Data, and
• to obtain a copy of your Personal Data in an easily accessible format.

To submit a request, please contact us as set forth in the Contact Us section below.  We will respond to your request within a reasonable timeframe.

You also have the right to withdraw your consent to our processing of your Personal Data, where our processing is solely based on your consent. You can do this by discontinuing use of the Online Platforms, and contacting us as set forth in the Contact Us section below to request that your Personal Data be deleted.  If you withdraw your consent to the use or sharing of your Personal Data for the purposes set out in these Disclosures, you may not have access to all (or any) of the Online Platforms, and we might not be able to provide you all (or any) of the Online Platforms. Please note that, in certain cases, we may continue to process your Personal Data after you have withdrawn consent and requested that we delete your Personal Data, if we have a legal basis to do so.  For example, we may retain certain data if we need to do so to comply with an independent legal obligation, or if it is necessary to do so to pursue our legitimate interest in keeping the Online Platforms safe and secure.

If you have any complaints regarding our privacy practices, you have the right to lodge a complaint with your national data protection authority (i.e., supervisory authority).

The Online Platforms may feature “like” buttons and widgets hosted by other companies. These features may collect your IP address, which page you are visiting on our Online Platforms and may set a cookie to enable the feature to function properly.  The loading, functionality and your use of the plugins are governed by the privacy notice and terms of the third party that provided the plugin.

Printed Materials: To opt out of receiving printed marketing materials at your postal address, such as advertisements, flyers or postcards, please write to us at the address below. Please be sure to include your name and mailing address exactly as they appear on the printed marketing materials you received.

Emails: To opt out of receiving marketing communications via email, please send an unsubscribe request to the email address below or click on the unsubscribe link at the bottom of the email that was sent to you and follow the directions on the resulting web page. Please note that you may continue to receive certain transactional or account-related electronic messages from us.