Reata Pharmaceuticals, Inc. and our subsidiaries and affiliates (collectively, Reata, us or our) respect the privacy of visitors to our website. The purpose of this Privacy Notice is to provide you with information on how Reata will collect, use, disclose, protect and otherwise process personal information and explain the rights and choices available to individuals with respect to their personal information.

Reata may provide additional privacy notices to individuals at the time we collect their data. For example, we provide a specific privacy notice to clinical trial participants that describe our privacy practices in connection with conducting clinical trials. This type of an “in-time” notice will govern how we may process the information you provide at that time.

We provide important information for persons located in the European Union (EU).

 

Information We Gather:

 

For Patients Who Use Our Apps

The app is to facilitate your participation in the study. Using the app will provide you with an agenda of visits and the possibility to have reminders alerting you of your upcoming visit, along with other features you may find helpful.

Reata will not collect any personal information when you use this app. Reata will only aggregate statistics: type of device that downloaded the app, country utilization, number of downloads, and count of active users. Reata collects statistics data to determine if the use of an app brings added patient convenience and compliance if the use of an app is useful in the studies conducted by Reata.

The app can only be used with your consent. You can remove the app, and your consent, at any time during the course of the study.

Reata does not share information with the app store companies (Apple & Google), please read their privacy notice when you download the app.

 

Clinical Trial Website

We will collect personal information from you when you visit the website to undertake a pre-qualifying assessment for one of our clinical trials. We will collect the following types of personal information:

  • Personal details, such as name and age
  • Contact information, including your address, phone number and e-mail
  • Website tracking data, which may include IP address, site pages visited and your general location
  • Health information, particularly medical condition and medication

We may collect additional personal information from you, including personal health information, by telephone or e-mail as a follow up to information that you provide to us through this website.

 

Whose Personal Information We Collect

We collect personal information about the following types of individuals: clinical trial participants, patients, patient family members, caregivers or advocates, physicians and other health care professionals, clinical trial investigators, researchers, pharmacists, website visitors and other individuals who interact directly with us or our service providers or business partners.

 

How We Collect Personal Information

We collect personal information:

  • Directly from individuals
  • Through our websites and mobile apps
  • From healthcare professionals
  • From contract research organizations and clinical trial investigators
  • From government agencies or public records
  • From third party service providers, data brokers or business partners
  • From industry and patient groups and associations
  • From social media or other public forums (including adverse event information or product quality complaints)

 

Types of Personal Information We Collect

The types of personal information we collect and share depend on the nature of the relationship you have with Reata and the requirements of applicable laws. We may collect:

  • Health and medical information in connection with managing clinical trials, conducting research, providing patient support programs, managing compassionate use and expanded access programs and tracking adverse event reports (such as medical insurance details, information about physical and mental health conditions and diagnoses, treatments for medical conditions, genetic information, family medical history and medications an individual may take, including the dosage, timing and frequency)
  • Personal and business contact information (such as name, job title and employer name, email address, mailing address, phone number and emergency contact information)
  • Biographical and demographic information (such as date of birth, age, gender, marital status and information regarding any parents or legal guardians)
  • Professional credentials, educational and professional history and institutional affiliations
  • Payment-related information we need to pay for professional services, such as consulting, that individuals may provide to us (such as tax identification number and financial account information)
  • If you are a health care professional, we collect information about the programs and activities in which you have participated, your prescribing of our products and the agreements you have executed with us
  • Your photograph, social media handle or digital or electronic signature
  • Publicly available information (such as comments describing support for and experience with Reata products)
  • Information you provide when requesting information through our website
  • Other information you provide to us (such as in emails, on phone calls, in market research surveys or in other correspondence with Reata or our service providers or business partners)

We may combine other publicly available information, such as information related to the organization for which you work, with the personal information that you provide to us.

 

Information Automatically Collected
We, our service providers and our business partners may automatically log information about you and your computer or mobile device when you access our websites. For example, we may automatically long information about your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, IP addresses, general location information such as city, state or geographic area, how a visitor got to our site, what the visitor does at the site, for how long the visitor remains on the site, what the visitor clicked on at the site and how the visitor leaves the site. Our service providers and business partners may collect this type of information over time and across third-party websites.

 

Do Not Track

Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to do not track signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

 

Cookies and Similar Technologies Policy:

Reata uses cookies on the reatastaging.wpengine.com website. By clicking on the “Accept Cookies” button, you consent to the use of cookies. Otherwise, clicking on the “Decline Cookies” button will disable cookies for the page being viewed.

 

What Are Cookies?
Cookies are small pieces of text sent to your web browser by a website you visit. A cookie file is stored in your web browser and allows the website or a third-party to recognize you and make your next visit easier and the website more useful to you.

Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

 

How Reata Uses Cookies
When you use and access the website, we may place a number of cookies files in your web browser.

We use cookies to enable certain functions of the website and to provide analytics.

We use cookies for the following purposes:

  1. Track your IP address and machine ID for website traffic analysis using third party Google Analytics and Open Tracker
  2. WordPress sets a standard test cookie containing no personal information. This is a function of the WordPress platform upon which reatapharma.com is built

We use both session (WordPress) and persistent (third party analytics) cookies to run the website.

 

Where Can You Find More Information About Cookies
You can learn more about cookies from the following third-party websites:

 

Web Beacons

We may also use web beacons (which are also known as pixel tags and clear GIFs) on our websites and in our HTML formatted emails to track the actions of users on our websites and interactions with our emails. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages or within HTML formatted emails. Pixel tags are used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of our websites, so that we can manage our content more effectively.

 

Uses of Information:

The information we collect will be used for the following purposes:

 

To Operate Our Websites

If you use our websites, we use your personal information to:

  • Operate, maintain, administer and improve the websites
  • Better understand your needs and interests and personalize your experience with the websites
  • Provide support and maintenance for the websites
  • Respond to your requests, questions and feedback

 

To Perform and Administer Clinical Trials, Research and Product-Improvement Activities

We may use your personal information when necessary to facilitate our clinical trials, research, studies and related activities that support product improvement, including to:

  • Staff and manage clinical trials, including by recruiting investigators and participants
  • Recruit patients for clinical trials
  • Track and respond to safety and product quality concerns (including product recalls)
  • Support public health initiatives, symposia, conferences, and scientific, educational and volunteer events
  • Facilitate medication adherence programs
  • Define and manage appropriate patient engagement activities and patient support programs (including to provide co-pay and other financial assistance where available)
  • Identify and engage thought leaders and external experts
  • Award scholarships and grants
  • Provide disease awareness materials
  • Attribute authorship to academic and promotional materials

 

To Provide Our Products and Services

We use your personal information as necessary to provide Reata products and services, including to:

  • Manage access to our products, including where access is limited by law to licensed physicians
  • Pay for services that physicians, researchers and other individuals may provide to us

 

To Communicate With You

We may send you Reata-related marketing or other communications as permitted by law. You will have the ability to opt out of such communications. You will have the ability to opt-out of our marketing and promotional communications as described in the Opt Out of Marketing Communications section below.

 

To Comply With Law

We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.

 

To Comply With Regulatory Monitoring and Reporting Obligations

We use your personal information as we believe necessary or appropriate to comply with regulatory monitoring and reporting obligations, such as those related to adverse events, product complaints, patient safety and financial disclosures.

 

With Your Consent

In some cases we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

 

To Create Anonymous, Aggregated or De-Identified Data.  We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect.  We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you.  We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes.

 

For Compliance, Fraud Prevention and Safety

We use your personal information as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our websites, mobile apps, products and services; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

 

Sharing of Information:

Affiliates

We may disclose your personal information to our subsidiaries and corporate affiliates for purposes consistent with this Privacy Notice.

 

Service Providers

We may employ third party companies and individuals to perform services on our behalf, including:

  • Contract research organizations that conduct clinical trials
  • Data storage and analytics
  • Customer service (including any medical information line) and patient support providers (including for product quality and adverse event reporting, patient co-pay assistance and medicine intake adherence programs)
  • Product recall administration
  • Technology services and support (including email and web hosting providers, marketing and advertising technology providers, email and text communications providers and mobile app developers)
  • Event planning and travel organizations that help facilitate Reata programs
  • Payment, shipping and fulfillment service providers

These third parties may use your information only as directed by Reata and in a manner consistent with this Privacy Notice and are prohibited from using or disclosing your information for any other purpose.

 

Business Partners and Other Professionals and Organizations

We may disclose your personal information to partners with whom we jointly develop products or services, in connection with the development and promotion of such products or services. We will ask for your consent before disclosing your information with our business partners where required by applicable law. We may also share your personal information with health care professionals, researchers, academics, public health organizations and publishers for purposes consistent with this Privacy Notice.

 

Professional Advisors

We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

 

For Compliance, Fraud Prevention and Safety

We may share your personal information for the compliance, fraud prevention and safety purposes described above.

 

Business Transfers

We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

 

Your Choices:

Opt Out of Marketing Communications

You may opt out of marketing-related communications by following the opt-out or unsubscribe instructions at the bottom of marketing emails or by following the opt-out instructions otherwise provided within the communication. You may continue to receive service-related and other non-marketing communications.

 

Testimonials

If you gave us consent to post a testimonial on our website, but wish to update or delete it, please contact us at
inquire.reatapharma.com.

 

Choosing Not to Share Your Personal Information

Where we are required by law to collect your personal information, or where we need your personal information in order to provide our products or services to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our products or services. We will tell you what information you must provide to receive the product or service by designating it as required at the time of collection or through other appropriate means.

While Reata does not sell personal information in exchange for any monetary consideration, we do share personal information for other benefits that could be deemed a “sale,” as defined by some regulatory provisions (See Information We Gather – Information Automatically Collected, and Sharing of Information – Business Transfers above). We support the decisions of our website visitors and wish to provide you with control over how your personal information is collected and shared.

You have the right to direct Reata not to sell your personal information. You can opt out of the sale of your Personal Information by requesting Reata not to sell your Personal Information through the submission of an online form at inquire.reatapharma.com.

 

Location of Your Personal Data:

Reata is a United States pharmaceutical company, with service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province or country where privacy laws may not be as protective as those in your state, province or country.

Persons located in the EU should read the important information provided below in Cross-Border Data Transfer about transfer of personal information outside of the EU.

 

Security:

Reata is committed to ensuring the security of personal information in order to protect it from unauthorized access, unlawful processing or disclosure or accidental loss, modification or destruction. To this end, Reata uses technical, administrative and procedural measures in an attempt to safeguard your personal information. It includes the use of encryption practices to help insure the integrity and privacy of the personal and health-related personal information you provide to us. Equally, all personal and/or health-related personal information is kept physically behind firewalls that prevent intruders from gaining access. Nevertheless, while we will make reasonable efforts to protect personal and/or health-related personal information, you should be aware that there is always some risk that an unauthorized third party could intercept an internet transmission or otherwise obtain unauthorized access to your personal information, and we do not guarantee that your personal information will be secure from accidental loss, unauthorized access, improper use or disclosure.

 

Protection of Children’s Information:

Reata’s dedication to protecting your privacy also extends to children, and our website is not designed or intended to attract children 15 years old or younger, based on the country you are in. We do not knowingly collect personal information from any person we actually know is defined to be a child in a given country. If you have questions or concerns about the Internet and privacy for children, we encourage you to visit https://www.consumer.ftc.gov/topics/protecting-kids-online.

 

External Links:

As a convenience to our visitors, Reata’s website provides links to a number of sites that we believe may offer useful information. The policies and procedures we described here do not apply to those sites. We suggest contacting those sites directly for information on their privacy, security and data collection and distribution policies.

 

Changes to the Privacy Notice:

We reserve the right to modify this Privacy Notice at any time. If we make material changes to this Privacy Notice, we will notify you by updating the date of this Privacy Notice and posting it on our websites. We may, and if required by law will, also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail or another manner.

Any modifications to this Privacy Notice will be effective upon our posting the new terms and/or upon implementation of the new changes (or as otherwise indicated at the time of posting). In all cases, your continued use of our websites and services after the posting of any modified Privacy Notice indicates your acceptance of the terms of the modified Privacy Notice.

 

Contact Us:

If you have any comments or questions regarding this Privacy Notice, please contact us by submitting an online form at inquire.reatapharma.com.

 

Notice to Persons Located in the EU:

Controller, DPO, Representative

Reata Pharmaceuticals, Inc. is the controller of the personal information as defined by the General Data Protection Regulation (EU) 2016/679 (GDPR).

The data protection representative of Reata in the EU is MyData-TRUST S.A., located at Boulevard Initialis, 7/3, BE 7000, Mons, Belgium.

If you are a person located in the EU and have any questions about this Privacy Notice or how we process your personal information, please contact our Data Protection Officer, Nicole Rensonnet, at
reata.dpo@mydata-trust.com.

 

European Economic Area
Provisions of this Privacy Notice that apply to EU data subjects shall also apply to persons located in the European Economic Area.

 

Legal Bases for Processing

The reasons we process your personal information Legal basis
To respond to your requests or inquiries. For persons located in the EU: we consider that it is our legitimate interest to retain your information in order to respond to your requests or inquiries. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
For persons not located in the EU: we will ask your consent to process your data in order to respond to your requests and inquiries.
To perform and administer clinical trials, research and product-improvement activities Where we have a contract governing this processing purpose, the processing is necessary to perform that contract, or necessary to take steps that you have requested prior to entering into the contract.
Where we process sensitive personal information in connection with this processing purpose, the processing is necessary for scientific or historical research purposes or statistical purposes.
In all other cases, these processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). We will ask your consent to share your personal information in connection with your request for compassionate use.
To keep you informed about our trials or other activities that we believe may be of interest to you Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated when we requested the consent or by contacting Reata’s DPO at  reata.dpo@mydata-trust.com
To operate our websites
To create anonymous, aggregated or de-identified data
These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
To comply with regulatory monitoring and reporting obligations
To comply with law
For compliance, fraud prevention and safety
Processing is necessary to comply with our legal obligations.

 

Retention

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting requirements, to establish or defend legal claims or for fraud prevention purposes.

When we no longer require the personal information we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.  If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

 

Your Rights as a Person Located in the EU
European data protection laws give you certain rights regarding your personal information.  If you are located within the EU, you may ask us to take the following actions in relation to your personal information that we hold:

  • Access.  Provide you with information about our processing of your personal information and give you access to your personal information
  • Correct.  Update or correct inaccuracies in your personal information
  • Delete.  Delete your personal information
  • Right to Data Portability.  Transfer a machine-readable copy of your personal information to you or a third party of your choice
  • Restrict.  Restrict the processing of your personal information
  • Object.  Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights
  • Right to withdraw your consent at any time and without justification.

If you want to exercise your rights, please contact Reata’s dpo at reata.dpo@mydata-trust.com.

You also have the right to raise a complaint about how your personal information is handled to the National Data Protection Authority located in the Member State in which you have your habitual residence or place of work, or located in the Member State in which the alleged violation took place. To obtain contact details of all Member States Data Protection Authorities, click here.

 

Cross-Border Data Transfer

If we transfer your personal information out of the EU to a country not deemed by the EU to provide an adequate level of personal information protection, the transfer will be performed:

  • Pursuant to the recipient’s compliance with standard contractual clauses
  • Pursuant to the consent of the individual to whom the personal information pertains
  • As otherwise permitted by applicable EU requirements, such as to an entity in the United States that is privacy shield certified

You may contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EU.

 

Notice to California Users:

The information provided in this section applies only to California residents.

This notice describes how we collect, use and share your Personal Information, and your rights with respect to that Personal Information.  “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (CCPA).

 

Your California Privacy Rights

As a California resident, you have the rights listed below. However, these rights are not absolute, and we may decline your request as permitted by the CCPA.

  • Information.  You can request the following information about how we have collected and used your Personal Information during the past 12 months:
    • The categories of Personal Information that we have collected
    • The categories of sources from which we collected Personal Information
    • The business or commercial purpose for collecting and/or selling Personal Information
    • The categories of third parties with whom we share Personal Information
    • Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of recipient
    • Whether we’ve sold your Personal Information and if so, the categories of Personal Information received by each category of recipient
  • Access. You can request a copy of the Personal Information that we maintain about you.
  • Deletion.  You can ask us to delete the Personal Information that we maintain about you.
  • Opt out of sales. You can ask us not to sell your Personal Information.  If we know that you are younger than 16 years old, we will ask for your permission (or if you are under 13 years old, your parent or guardian’s permission) to sell your Personal Information before we do so.
  • Nondiscrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as:
    • Denying you goods or services
    • Increasing the price/rate of goods or services
    • Decreasing the service quality
    • Suggesting that we may penalize you as described above for exercising your rights

 

How to Exercise Your Rights

While Reata does not sell personal information in exchange for any monetary consideration, we do share personal information for other benefits that could be deemed a “sale,” as defined by the CCPA (Cal. Civ. Code 1798.140(t)(1)). We support the CCPA and wish to provide you with control over how your personal information is collected and shared.

You have the right to direct Reata not to sell your personal information. You can opt out of the sale of your Personal Information by requesting Reata not to sell your Personal Information through the submission of an online form at inquire.reatapharma.com or by calling our toll-free number at (855) 55-REATA.

Please note that we may still use aggregated and de-identified personal information that does not identify you or any individual; we may also retain information as needed in order to comply with legal obligations, enforce agreements, and resolve disputes.

We will need to confirm your identity to process your request.  You may also make a request on behalf of your child under 13.

 

Personal Information We Collect, Use and Share

The chart below summarizes our collection, use and sharing of Personal Information during the last 12 months before the effective date of this Privacy Notice.  We describe the sources through which we collect your Personal Information in How We Collect Personal Information, and describe the purposes for which we collect, use and share this information in Uses of Information and Sharing of Information.

Category
(click for definition)
Do we collect this information? Do we share this information for business purposes?* Do we “sell” this information?**
Identifiers Yes Yes Yes, to analytics partners
Online Identifiers Yes Yes Yes, to analytics partners
Protected Classification Characteristics Yes, but only if you volunteer it to us Yes No
Commercial Information Yes Yes Yes, to analytics partners
Internet or Network Information Yes Yes Yes, to analytics partners
Geolocation Data Yes, when you decide to grant us access to it Yes Yes, to analytics partners
Professional or Employment Information Yes Yes No
Education Information Yes Yes No
Inferences Yes Yes Yes, to analytics partners
Financial Information Yes Yes No
Medical Information Yes Yes No

*See Sharing of Information for a description of the business purposes for which we disclose your Personal Information and the categories of third parties to which we disclose it.

** We “sell” your Personal Information under California law for analytics purposes.

 

California Glossary

Category Definition/Description (categories may overlap)
Commercial Information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Commercial Information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Education Information Personal information from an educational record, which could include: a student’s name, the names of the student’s parent or other family members, the address of a student or student’s family, a student’s personal identifier (e.g., SSN, student number), other indirect identifiers of the student (e.g., date of birth, place of birth, mother’s maiden name), other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty, or information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates.
Financial Information Bank account number, debit or credit card numbers, insurance policy number, and other financial information.
Geolocation Data For example, your precise location derived from GPS coordinates or telemetry data
Identifiers Real name, alias, postal address, unique personal identifier, customer number, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
Inferences The derivation of information, data, assumptions, or conclusions from any of the above categories of Personal Information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.
Internet or Network Information Browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
Medical Information Personal information about an individual’s health or healthcare, including health insurance information.
Online Identifiers An online identifier or other persistent identifier that can be used to recognize a consumer, family or device, over time and across different services, including but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers (i.e., the identification of a consumer or a device to a degree of certainty of more probable than not) that can be used to identify a particular consumer or device.
Professional or Employment Information This term is not defined in the CCPA, but likely includes any information relating to a consumer’s current, past or prospective employment or professional experience (e.g., job history, performance evaluations).
Protected Classification Characteristics Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).