Privacy statement

Vaderis Therapeutics (“Vaderis,” “we,” “us,” “our”) takes your privacy seriously. This privacy policy governs and details the main privacy practices we apply to personal data we collect through our website, located at vaderis.com, as well as through other interactions with us as described below (collectively, the “Service”). Personal data is data that identifies, relates to, describes, can be used to contact, or could reasonably be linked, directly or indirectly, to you.

Personal Information We Collect

We collect personal data, such as your name, phone number, company name and email address, directly from you when you provide it to us, as described below:

• Communication with us. We may collect personal information when you enter it on our website, for instance when you complete the “Contact” form.
• Conferences, Trade Shows, etc. We also collect personal data from or about you if you interact with us at trade shows or similar industry events.
• Business Development Activities. We may collect personal information from you in connection with potential business development opportunities including investments and partnerships.

Personal Information We Collect Automatically.

With a few exceptions, we generally collect the following personal data from you:

We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:

• Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
• Online activity data, such as pages or screens you viewed, search history, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access.

Some of the automatic collection described above may be facilitated through the following technologies:

• Cookies, which are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences, credentials, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a web browser session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our service providers and other third parties place.
• Pixel tags/Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed, clicked or forwarded.

How we use your personal data

We may use your personal data for the following purposes or as otherwise described at the time of collection:

Service delivery and operations. We may use your personal data to/for:

• provide and operate the Service;
• to respond to the request or inquiry you have submitted to us through the contact form or other entry field;
• enable security features of the Service;
• improve, monitor, and personalize your experience, including by understanding your needs and interests, and personalizing your experience with the Service and our communications. Send you direct marketing communications, including by email. You may opt out of our marketing communications as described in the Opt-out section below.
• communicate with you about conferences or events for which you register; and
• fraud prevention and security.

Research and development. We may use your personal data for research and development purposes, including to develop, analyze and improve our products and services. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal data. We may use this anonymous or de-identified data and share it with third parties for any lawful business purposes. We do not attempt to reidentify deidentified information derived from personal data, except for the purpose of testing whether our deidentification processes comply with applicable law.

Compliance and protection. We may use your personal data to:

• comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, court orders, investigations or requests from government authorities;
• protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
• audit our internal processes for compliance with legal and contractual requirements or our internal policies;
• enforce the terms and conditions that govern the Service; and
• prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With your consent. In some cases, we may specifically ask for your consent to collect, use, or share your personal data for further purposes, if those purposes are not compatible with the initial purpose for which that personal data was collected.

Cookies and similar technologies. In addition to the other uses included in this section, we may use the Cookies and similar technologies described above for the following purposes:

• Technical operation. To allow the technical operation of the Service, such as remembering selections as you navigate the site and remembering whether you are logged in.
• Functionality. To enhance the performance and functionality of our services.
• Analytics. To help us understand user activity on the Service, including the volume and demographics of users, which pages are most and least visited and how users move around the Service or interact with our emails. For example, we use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout.

Data sharing in the context of corporate transactions. We may share certain personal data in the context of actual or prospective corporate transactions – for more information, see How we share your personal data, below.

We do not share your information with third parties for their promotional or commercial purposes.

Our legal bases for processing your personal data are as follows:

• Performance of a contract. We process personal data where necessary for the performance of our contractual obligations to you, for example, to provide the Services.
• Compliance with legal obligations. We process personal data where necessary to comply with the legal obligations to which we are subject, for example, to cooperate with public and government authorities, courts or regulators in accordance with our legal obligations, to the extent this requires the processing or disclosure of personal data to protect our rights.
• Legitimate interests. We process your personal data where necessary to serve our legitimate business interests, for example, to ensure that we can effectively manage and communicate regarding our business efficiently, to perform investigations or compliance audits, to tailor the content and information we may send or display to you, to improve the Service, to exercise or defend our rights, and for business administration purposes. When we use personal data to meet our legitimate interests, we take steps to ensure that your rights are not infringed. You can contact us using the details in the “Contact Us” section below for more information about the steps we take to ensure these rights are not infringed.
• Consent. Where required by applicable law, we process personal data on the basis of your consent, for example, to send you direct marketing communications. To the extent we obtain your consent to process your personal data, you may have the right to withdraw your consent under applicable local law. To exercise this right, please contact us using the details in the “Contact Us” section of this Policy.

How we disclose your personal data

We disclose your personal information to third parties for a variety of business purposes, as further set forth below: purposes:

• to comply with the law (for example, compelled by law enforcement to comply with a search warrant, subpoena, or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others;
• to our affiliates and our and their agents, vendors or service providers who perform functions on our behalf, including our professional advisors (e.g., lawyers, accountants, auditors);
• in connection of actual or prospective business transactions (e.g., investments in Vaderis, financing of Vaderis, public stock offerings, bankruptcy, liquidation, or the sale, transfer, or merger of all or part of our business, assets, or shares); or

We may also gather aggregated data about our services and website visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers, and/or other third parties for marketing, promotional, or other purposes.

Your Privacy Choices

Depending on where you reside, you may have certain choices available to you, such as:

• Access, rectify, correct, or update your information. You may give us updated information about you to ensure our records are current. You may also have the right to know more about the personal data we hold about you, subject to your local laws.
• Opt-out of communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. It may take time for your opt-out to be effective. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails. You may opt-out of text messages by texting “STOP” in response to a text that you receive or by other reasonable means.
• Mobile location data. You can disable our access to your device’s precise geolocation in your mobile device settings.
• Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit http://www.allaboutcookies.org.
• Blocking images/clear gifs. Most browsers and devices allow you to configure your device to prevent images from loading, so the business hosting the image will not detect that you have viewed a page. To do this, follow the instructions in your particular browser or device settings. Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
• Advertising choices. You may be able to limit use of your information for interest-based advertising through the following settings/options/tools:
  • Browser settings. Changing your internet web browser settings to block third-party cookies.
  • Privacy browsers/plug-ins. Using privacy browsers and/or ad-blocking browser plug-ins that let you block tracking technologies.
  • Platform settings. Some platforms offer opt-out features that let you opt-out of use of your information for interest-based advertising. You may be able to exercise that option for Google at https://adssettings.google.com/ and Facebook at https://www.facebook.com/about/ads, to the extent we have such third-party trackers active on the Services.
  • Ad industry tools. Opting out of interest-based ads from companies that participate in the following industry opt-out programs:
    • Network Advertising Initiative: http://www.networkadvertising.org/managing/opt_out.asp
    • Digital Advertising Alliance: https://optout.aboutads.info
    • AppChoices mobile app, available at https://www.youradchoices.com/appchoices, which will allow you to opt-out of interest-based ads in mobile apps served by participating members of the Digital Advertising Alliance
  • Mobile settings. Using your mobile device settings to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.

You will need to apply these advertising-related opt-out settings on each device and browser from which you wish to limit the use of your personal data for interest-based advertising purposes. We cannot offer any assurances as to whether the companies we work with participate in the opt-out programs described above.

Additionally, if you are located in Europe, you may have these additional rights with respect to your personal data:

• request information about our processing of your personal data;
• request a copy of your personal data;
• request deletion of your personal data (subject to applicable exceptions under local laws);
• restrict, object to, or limit our use of your personal data;
• ask that we transfer the personal data you gave us to another organization, or to you, in certain circumstances (referred to as data portability);
• where you have provided consent, withdraw such consent to our processing of your personal data at any time;
• not be unlawfully discriminated against for exercising your rights;
• lodge a complaint with your local data protection authority.

These rights may be limited or denied in some circumstances. For example, we may retain your personal data where required or permitted by applicable law. To the extent your local data protection laws afford you additional or different rights regarding your personal data, we will comply with those obligations as applicable to us.

Third-party sites and services

The Service may connect with third-party sites and services. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not have control over how these third parties process your personal data and we are not responsible for their actions. If you choose to share information from the Vaderis website through these services, you should review the privacy policy of that service. If you do not agree with the activities described in a third party’s privacy policy, then you should not interact with that third-party service.

International data transfers

The personal data Vaderis collects from or about you may be transferred to, stored, or otherwise processed in servers and databases, including those hosted by third parties, some of which may be located outside of the jurisdiction in which you reside, such as in the United States. By using the Service, to the extent permitted by applicable law, you acknowledge that your personal data will be processed in the United States, where the protection of personal data and applicable local laws may differ, and be less protective than, from where you reside. Where legally required, we have put in place appropriate safeguards designed to safeguard your personal data. For more information on the appropriate safeguards in place or to obtain a copy of these safeguards, please contact us through the information provided in the “Contact Us” section below.

Data security and retention

The security of your personal data is fundamental to Vaderis. We have implemented industry standard physical, technical, and organizational security measures, which include the use of firewalls and encryption in some instances, that are designed to safeguard your personal data against loss, misuse, or unauthorized access, disclosure, alteration, and destruction. However, security risk is inherent in all Internet and information technologies, and we cannot guarantee the security of your personal data.

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, fraud prevention purposes, to analyze the data for our operations, and for historical and archiving purposes. Personal data that Vaderis controls may be deleted upon verified request from data subjects, subject to an overriding need to retain the information (such as for legal or archiving purposes).

Children’s data

The Service is not intended for anyone under 18 years of age. We do not knowingly attempt to solicit or receive information from children.

If you are a parent or guardian of a minor from whom you believe we have collected personal data in a manner prohibited by law, or if information was provided on your behalf when you were under 18, please contact us at info@vaderis.com. If we learn that we have collected personal data through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Changes to our privacy policy

Please note that we may update or change this privacy policy. If we revise our privacy policy, we will post those changes to this privacy statement, and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make any material changes, we will notify you by means of a notice on this site prior to the change becoming effective, or other means where required by applicable law. Please check vaderis.com for the latest version of the privacy policy.

Contact

Vaderis is the controller of your personal data. If you have any questions about this privacy policy or would like to exercise your rights as a data subject, or you’d like to make a privacy-related complaint, please contact us at info@vaderis.com or:

Vaderis Therapeutics AG
WSJ-350 3.05
Lichtstrasse 35
4056 Basel