Privacy Policy

Our Website Address

http://www.curis.com

This website is owned and operated by Curis, Inc. (“Curis”, “we”, “our” or “us”). The materials on our website (the “website” or the “site”) are provided by Curis as a service to our customers, potential customers and the general public, and are to be used for informational purposes only.

Privacy Policy

Please read the following carefully as it explains our views and practices regarding your personal information, and how it is handled. By providing personal information to us or by using our website, you agree to this Privacy Policy in its entirety.

We may update this Privacy Policy from time to time in response to changing legal, regulatory or operational requirements. Your continued submission of personal information or continued use of our website and / or services after such updates take effect will constitute acceptance of those changes.

For the purpose of applicable data protection laws, the data controller is Curis, Inc., located at 128 Spring Street, Building C – Suite 500, Lexington, MA 02421.

Collecting Data

We collect personal information about the following types of individuals: clinical trial participants, patients, patient family members, caregivers or advocates, physicians and other healthcare professionals, clinical trial investigators, researchers, pharmacists, users of the website, job applicants, and other individuals who interact directly with Curis, its service providers, advisors or business partners.

We May Collect:

  • Health and medical information (such as medical insurance details, information about physical and mental health conditions and diagnoses, treatments for medical conditions, genetic information, family medical history, and medications an individual may take, including the dosage, timing, and frequency) that we collect in connection with managing clinical trials, conducting research, formulating and administering therapies, providing patient support programs, managing compassionate use and expanded access programs, and tracking adverse event reports
  • Personal and business contact information and preferences (such as name, job title and employer name, email address, mailing address, phone number, and emergency contact information)
  • Biographical and demographic information (such as date of birth, age, gender, marital status, and information regarding parents or legal guardians)
  • Professional credentials, educational and professional history, and institutional affiliations
  • Payment-related information we need to pay for professional services, such as consulting, that individuals may provide to us (such as tax identification number and financial account information)
  • If you are a health care professional, we collect information about the programs and activities in which you have participated, your prescribing of our products and the agreements you have executed with us
  • Your photograph, social media handle or digital or electronic signature
  • Publicly available information (such as comments describing support for and experience with Curis products or therapies)
  • Other information you provide to us (such as in emails, on phone calls, in market research surveys, or in other correspondence with us, our service providers, advisors or business partners)

How Data Is Collected

We collect personal information: 

  • Directly from individuals
  • Through the website
  • From healthcare professionals
  • From hospitals, clinics and other healthcare providers
  • From contract research organizations and clinical trial investigators
  • From government agencies or public records
  • From third party service providers, data brokers or business partners
  • From industry and patient groups and associations
  • From social media or other public forums (including adverse event information and product quality complaints)

How We Share Your Personal Information

Affiliates 

We may disclose your personal information to our subsidiaries and corporate affiliates for purposes consistent with this Privacy Policy.  

Service providers 

We may employ third party companies and individuals to perform services on our behalf, including:

  • Contract research organizations that conduct clinical trials
  • Data storage and analytics vendors
  • Customer service (including our medical information line) and patient support providers (including for product quality and adverse event reporting, patient co-pay assistance, medicine intake adherence programs, etc.)
  • Product recall administration
  • Technology services and support (including email and web hosting providers, marketing and advertising technology providers, email and text communications providers, mobile app developers)
  • Event planning and travel organizations that help facilitate Company programs
  • Payment, shipping and fulfillment service providers

These third parties may use your information only as directed by Curis and in a manner consistent with this Privacy Policy and are prohibited from using or disclosing your information for any other purpose.

Healthcare providers and healthcare professionals and organizations

We may disclose your information to healthcare providers in connection with developing and delivering our therapies. We may also share your personal information with health care professionals, researchers, institutions, academics, public health organizations, and publishers for purposes consistent with this Privacy Policy.

Business partners

We may disclose your personal information to partners with whom we jointly develop products or services, in connection with the development and promotion of such products or services. We will ask for your consent before disclosing your information to our business partners where required by applicable law. 

Professional advisors

We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us. 

Compliance with laws and law enforcement; protection and safety

We may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our website, mobile apps, products and services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

Business transfers

We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Privacy Policy. 

Cookies

What are cookies

Our website uses cookies and similar technology. A cookie is a small file of letters and numbers that our website places on your computer, or other equipment which you use to access our website. These cookies allow us to distinguish you from other users of our website.

Cookies perform many functions, such as allowing you to navigate between pages efficiently, remembering your preferences, and generally improving the user experience. They can also help to ensure that advertising that you see online is more relevant to you and your interests. To safeguard and respect your privacy, we operate our website on a strict opt-in basis with regards to all non-essential cookies.

You have the right to decide whether to accept or reject third-party cookies. You can exercise your cookie rights by setting your preferences in the cookie consent manager (cookie banner). The cookie consent manager allows you to select which categories of cookies you accept or reject. Essential cookies cannot be rejected as they are strictly necessary to provide you with services.

Additionally, your web browser includes an option that allows you to block and refuse the setting of all or some cookies. However, if you do so, you may not be able to access and use all of the features of our website. If you would like to delete any cookies on your computer, please refer to your browser manufacturer’s instructions by clicking ‘help’ in your browser menu or you can read more about cookies and how to recognize them and guidance for all browsers at www.aboutcookies.org.

Alternatively, you can opt out of the wider network of tailored advertisements by visiting the Network Advertising Initiative opt-out page.

Essential cookies allow the website to remember choices you make (such as your language of choice or the region you are in) and provide enhanced, more personal features. The Vimeo Cookies allow you to view video content we have published on our website. The information these cookies collect may be anonymized and they cannot track your browsing activity on websites operated by third parties.

Performance cookies collect information about how you use our website, for instance which pages you go to most often, and if you receive error messages from certain web pages.  These cookies do not collect information that identifies you. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how the website works.

Third Party Websites

Our websites may contain links to and from third party websites. Please be aware that if you follow a link to any of these websites, these websites will have their own terms of use and privacy policies and that we do not accept any responsibility of liability for these policies. Please check these policies before you submit any personal data to these websites.

Retention

Your personal information is stored by us and/or our service providers, strictly to the extent necessary for the performance of our obligations and strictly for the time necessary to achieve the purposes for which the information is collected, in accordance with applicable data protection laws. When we no longer need to use your information, we will remove it from our systems and records and/or take steps to properly pseudonymize it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which we are subject) without additional information.

Your Rights

European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:

Access.  Provide you with information about our processing of your personal information and give you access to your personal information.

Correct.  Update or correct inaccuracies in your personal information.

Delete.  Delete your personal information.

Transfer.  Transfer a machine-readable copy of your personal information to you or a third party of your choice.

Restrict.  Restrict the processing of your personal information.

Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information. 

You can submit these requests by email to curisdpo@calligo.io or by leaving a voicemail at +44 330 124 2500 with your contact information included.

We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request.  If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact our DPO as described above, submit a complaint to the data protection regulator in your jurisdiction or contact our DPR as follows:

General Data Protection Regulation (GDPR) – European Representative
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Curis, Inc. has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to GDPR:
-by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
-by writing to EDPO at: Avenue Huart Hamoir 71, 1030 Brussels, Belgium

If you have any questions about this Privacy Policy,  concerns about the practices of this website, or your dealings with this website or any privacy-related matter in general, please email us at curisdpo@calligo.io or by leaving a voicemail at +44 330 124 2500 with your contact information included. 

1