Last revised: May, 2023
DONORS’ PRIVACY AND DATA PROTECTION
Donors’ personal and medical information is always protected to maintain confidentiality. Donor personal data and medical information is required as part of Proesis regular business operations. In processing this data, Proesis complies with all relevant data-protection laws and works only with suppliers that offer sufficient data-protection guarantees and have undergone an extensive validation process in this respect. The personal and medical information of plasma Donors is rigorously protected to maintain confidentiality. Proesis has a privacy and data protection policy for processing personal data, as well as security measures and insurance policies to protect the organization’s assets and users in a cyber-environment. Proesis employees involved in processing personal data take all necessary measures to ensure Donors’ information is protected and stored in a safe location, whatever its format. In addition, those who handle or have knowledge of confidential information are strictly forbidden from using it for purposes unrelated to Proesis operations or from disclosing it to third parties.
Your privacy and the protection of your personal data is important to us. This Privacy Notice explains the type of personal data we may collect from you and how we use it when you are communicating electronically with Proesis Biologics and throughout the donation process.
Before registering as a donor, you should read this entire Notice. If the processing of personal data as described in this Notice is not acceptable to you, do not use and/or submit any Information to Proesis.
“App”: Our mobile application ProesisPlus
“Personal Information” or “Personal Data”: Information identifying, relating to or about an identified or identifiable individual, as described more fully in this Policy .
“Platform”: Our Website and our App, as well as related functionality and online services, as applicable.
“Products”: Any products available for purchase on or through our Platform, or that we otherwise provide or sell to you.
“Services”: Any services provided through our Platform, which maybe for purchase at a charge, or included at no charge as part of our Platform, or that we otherwise provide or sell to you.
“Website(s)”, Our website located at www.proesisbio.com.
“Proesis bio,” “we,” “us”: Proesis Biologics, Inc.
Please refer to our Glossary for additional explanations of terms and phrases used in this Policy.
What is Personal Information?
Personal Information is information that you provide to us which personally identifies you, such as your name, email address, or billing information, or other data that can be reasonably linked to such information by Proesis bio.
What types of Personal Information do we collect?
We collect and use Personal Information in order to operate and provide our Platform to you, and our Products and/or Services. You may provide Personal Information to us, and we may collect Personal Information from you automatically as you use and navigate through our Platform. In addition to contact information, if you are a plasma donor we collect health and medical information from you in accordance with applicable laws, and information necessary to make payments to you through your donor card or other methods.
How do we collect your Personal Information?
When setting up and configuring your user account we will collect your name, email, phone number, address, User ID, password, date of birth, and gender. The information you provide should be true, accurate, current and complete.
Personal information is collected during the screening process, physical examination and various points during the donation process. The personal information collected includes government-issued identification number (e.g. social security number), health information, personal behavior, photograph, finger scan and any other information needed to determine donor eligibility and to provide the best donation services.
We automatically collect certain Information from the device you are using when you use the Website or Application, including Internet Protocol (IP) address, browser type and version, device type and language/region settings, carrier, usage and location data for the appropriate provision of Website and Application functions. Your location data is always private and secure. We will from time to time ask you about your satisfaction with the donation process, and the use of the Website or Application in a survey provided to you by the Website or Application.
We will collect Information about you when you interact with us such as when you report a problem, contact us or communicate with us.
How we use the information we collect
We process the Information to:
- confirm your identity;
- determine your eligibility to donate plasma;
- provide you with a safe and efficient donation process;
- communicate with you throughout the donation process;
- manage and improve the Website and Application
- provide information about Proesis promotions and opportunities
Information you provide to us. You may provide Personal Information to us through our Platform. For example, you may be able to register to use our Platform or create an account with us, which allows or requires you to provide certain information to us (e.g., contact information such as your name, email address, telephone number, etc.). You can also provide Personal Information and other information to us when you contact us through our Platform.
Information we collect as you use our Platform. We collect Personal Information and information about the computers, devices, browsers and your Internet activity as you use and interact with our Platform. The information we collect includes Unique Identifier, browser type and settings, device type and settings, operating system, mobile network information including carrier name and phone number, and application version number. We also collect information about the interaction of your apps, browsers, and devices with our services, including IP address, device type, crash reports, system activity, wireless carrier name (when you use a wireless or mobile device), and the date, time, and referrer URL of your request.
Online Activity. We collect information about your activity on our Platform, Internet, network, and other online activity information, such as browsing history, search history, and information regarding your interaction with our Platform and other websites. We use various technologies to collect and store location information, including cookies, pixels or pixel tags, local storage, such as browser web storage or application data caches, databases, session replay, and server logs.
Location. We collect information about your location when you use our Platform, which helps us provide our Platform Services, features and functionality. Our App uses your location to provide you with new messages and relevant notifications and enables finding the Proesis Bio donation center nearest to you. Your location data is always private and secure. Your location can be determined with varying degrees of accuracy by:
- IP address
- Sensor data from your device
- Information about things near your device, such as Wi-Fi access points, cell towers, and Bluetooth-enabled devices
The types of location data we collect depend in part on your device and account settings. For example, you can turn your mobile device’s location on or off using the device’s settings app. You may also be able to turn on location history if you want to create a private map of where you go with your devices.
Third Party Sources. In some circumstances, Proesis bio also collects information about you from publicly accessible sources. We may collect information about you from trusted partners, such as marketing partners who provide us with information about our potential customers, and security partners who provide us with information to protect against fraud and abuse of our Platform.
Why and how do we use your Personal Information?
Provide our Platform. We use your Personal Information to operate, maintain, supervise, administer, improve and enhance our Platform and related Services, features and functionality. We use your contact information to communicate and interact with you, such as to send you emails and text messages about our Platform. We use the IP address assigned to your device to send you the data you request to display on your device. We use unique identifiers stored in cookies on your device to help us authenticate you as the person who should have access to certain areas and features of our Platform. We also use your information to ensure our Platform is working as intended, such as tracking outages or troubleshooting issues that you report to us. And we use your information for research and development for our business, and to make improvements to our Platform.
We use data collected from you and your devices for analytics and measurement to understand how our Platform is used. For example, we analyze data about your use of our Platform to do things like optimize product design. We use a variety of tools to do this, such as Google Analytics and similar third party online data analytics services.
The Proesis Website and Application are used to enroll individuals to become a plasma donor, schedule your donation appointments, track your progress towards earning various donation Promotions, refer others to become donors, learn more about donating plasma and how your plasma helps others, and view your debit card balance and transactions.
We may share your Information with:
- plasma donation companies to evaluate your eligibility to donate;
- legal and regulatory agencies as required to comply with regulations and laws;
- public health authorities that are permitted by law to collect or receive such information for public health activities or purposes. If directed by the public health authority, we may share your personal information with a foreign government agency that is collaborating with the public health authority;
- corporate affiliates and contracted third parties as required during the donation process;
- authorized service providers that perform certain services on our behalf such as marketing, providing storage services and providing support for the donation process. These service providers may have limited access to your Information, which is needed to perform their functions, but are not permitted to share or use such Information for any other purposes.
We may also use Personal Information to:
- Carry out our legal and contractual obligations, and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- To respond to law enforcement requests, court orders, and subpoenas and to carry out our legal and contractual obligations.
- Authenticate use, detect fraudulent use, and otherwise maintain the security of our Platform and the safety of others.
- To administer surveys and questionnaires.
- To provide you information about products and services that may be of interest to you, including through newsletters.
- Any other purpose with your consent.
Why and how do we share your Personal Information?
We share Personal Information with third parties under certain circumstances and for certain purposes described throughout this Policy, including:
- Service providers and other to operate our Platform and Services. We share your Personal Information with our affiliates, vendors, service providers, and business partners, including providers and vendors we use for operating and maintaining our Platform, and its features, functionality and Services. These third parties include data hosting and data storage partners, analytics, ad network, advertising [(including interest-based advertising)] , technology services and support, and data security.
- Our business purposes. We may share your Personal Information with our affiliates, vendors, service providers, and business partners, including providers and vendors we use for our business activities and operations generally, such as data hosting and data storage partners, analytics, ad network, advertising, technology services and support, and data security. We may also share your Personal Information with professional advisors, such as auditors, law firms, and accounting firms.
- With your consent. We may share your Personal Information if you request or direct us to do so.
- Compliance with law. We may share your Personal Information to comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries.
- Business transfers. We may share your Personal Information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our users are among the assets transferred.
- De-identified information. We may also de-identified information, so that it cannot be reasonably used to identify any individual, with third parties for marketing, advertising, research, or similar purposes.
Your choices for how we collect, use and share your Personal Information.
We offer you choices on how you can opt out of our certain uses and sharing of your Personal Information. As a general rule, you cannot opt out of our collection, use and sharing of Personal Information to the extent it is necessary to provide the Platform or related Services, features and functionality to you.
You can change the cookie settings that will be placed when you use our Platform by changing the settings on your Internet browser. You can also block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. Please note that internet browsers allow you to change your cookie settings. These settings are usually found in the ‘options’ or ‘preferences’ menu of your internet browser. However, if you use your browser settings to block all cookies (including strictly necessary cookies), you may not be able to access or use all or areas and aspects of our Platform.
You can generally opt out of receiving interest-based advertisements from third party advertisers and ad networks who are members of the Network Advertising Initiative (NAI) or who follow the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising by visiting the opt out pages on the NAI website and DAA website. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can also opt out of receiving targeted ads from members of the NAI on its website. You can learn more about interest-based advertisements and your opt out rights and options on the NAI website and DAA website.
If you do not wish to have your email address used by Proesis bio to send you advertising messages and content, you can opt out at any time by clicking the unsubscribe link at the bottom of any marketing emails you receive from us. You may have other options with respect to marketing and communication preferences through our Platform.
When an individual applies to register as a donor at Proesis, Proesis uses a fingerprint reader to take an image of the individual’s fingerprint and convert it to a series of alphanumeric characters that correlate to the individual’s fingerprint (“biometric information”). The series of alphanumeric characters is unique to each individual.
Biometric information is collected and stored by Proesis within a donor database and used to identify donors for future donations.
The purpose of collecting this biometric information is to facilitate the identification of donors prior to and during a donation. Proesis does not sell, lease, trade, or otherwise profit from its use of biometric information. Proesis may earn profits based on the use of plasma donated at Proesis.
Proesis has implemented policies and procedures in an effort to prevent personal data from unauthorized access, use, or disclosure.
Proesis may authorize individuals employed by Proesis s affiliated companies, or third-party vendors, to access the database in which biometric information is stored, but Proesis does not authorize any affiliated companies or third parties to transfer your biometric information outside of Proesis s donor database.
In the event Proesis is acquired by a third-party, Proesis may transfer the information in Proesis’s donor database to the acquiring third-party, including biometric information.
Proesis’s policy is to retain biometric information until an individual requests to have his or her biometric information permanently destroyed, or otherwise for up to 6 months after the individual’s last donation with Proesis. Proesis reserves the right to disclose biometric information or retain biometric information for a different period if required by law, for example, to comply with a court order, search warrant, or subpoena.
If an individual’s biometric information is deleted, the individual may be required to provide written consent to Proesis s collection of his or her biometric information if the individual seeks to register as a Proesis donor thereafter. When the applicable retention period set forth in this policy has expired, Proesis will destroy the biometric information by deleting it from Proesis s donor database.
How do I access and correct my Personal Information?
Access, Corrections and Deletion. In addition to any data access capabilities available through the Platform, please Contact Us if you have any questions about your Personal Information. You can also [Insert other data access options available through the Platform, if any]. Please inform us of any changes or errors in any Personal Information we have about you to ensure that it is complete, accurate, and as current as possible. You may also have certain deletion rights in accordance with applicable law. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.
Copies and Retention of Data. In addition to any capabilities available through the Platform, if you need to export or a copy of your data, please let us know and we will assist you with your request. We retain the data we collect for different periods of time depending on what it is, how we use it and applicable legal requirements. We may retain some data for longer periods of time than other data when necessary for legitimate business or legal purposes, such as security, fraud and abuse prevention, or financial record-keeping.
Our Platform is not intended for children under 13 years of age. We do not knowingly collect or sell Personal Information from children under the age of 13. If you are under the age of 13, do not use or provide any information on or to the Platform or through any of its features. If we learn we have collected or received Personal Information from a child under the age of 13 without verification of parental consent, we will delete it. If you are the parent or guardian of a child under 13 years of age whom you believe might have provided use with their Personal Information, you may Contact Us to request the Personal Information be deleted.
We have taken steps and implemented administrative, technical, and physical safeguards designed to protect against the risk of accidental, intentional, unlawful, or unauthorized access, alteration, destruction, disclosure, or use. The Internet is not 100% secure and we cannot guarantee the security of information transmitted through the Internet. Where you have been given or you have chosen a password, it is your responsibility to keep this password confidential.
The sharing and disclosing of information via the internet is not completely secure. We strive to use best practices and industry standard security measures and tools to protect your data. However, we cannot guarantee the security of Personal Information transmitted to, on, or through our Services. Any transmission of Personal Information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on our Platform, in your operating system, or mobile device.
Supplemental Disclosures and Rights Based on State Law
In addition to the disclosures and rights set forth elsewhere in this Policy, you and other users may have certain rights based on applicable state law (e.g., California’s Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act). Other states have passes consumer privacy laws that may be applicable to Proesis bio and your use of this Site. These supplemental disclosures and rights apply to you and your use of our Platform to the extent applicable state law applies to Proesis bio and your use of our Platform. Please contact us if you have any questions regarding your rights under applicable state law.
Categories of Personal Information Collected
Personal information does not include information that is: (a) publicly available information from government records; or (b) de-identified or aggregated consumer information.
Categories of Sources From Which We Have Collected Personal Information
We collect Personal Information directly from you, for example when you provide it to us, when you contact us through our Digital Services, when you create a Proesis bio account; and indirectly from you automatically through your computer or device as you use our Digital Services. We may also collect Personal Information about you from our advertising partners and service providers.
Use of Personal Information
Sharing Personal Information
Proesis bio may disclose your Personal Information to a third party for one or more business purposes. When we disclose Personal Information for a business purpose, such as to service providers, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract. Sharing excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Disclosures of Personal Information for Business Purposes
We may disclose your Personal Information for our business purposes, such as your contact information, other information you have provided to us and unique identifiers that identify you to us or to our service providers, such as companies that assist us with marketing and advertising. We disclose your Personal Information to certain third parties such as our vendors, business partners, service providers, including companies that assist us with marketing and advertising.
Access Request Rights
You may have the right to request that Proesis bio disclose certain information to you about our collection and use of your Personal Information over the past 12 months for the above business and commercial purposes. To submit an access request, see Exercising Access and Deletion Rights, below. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information we collected about you.
- If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
- Sales, identifying the Personal Information categories that each category of recipient purchased; and
- Disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
Deletion Request Rights
You may have the right to request that Proesis bio delete your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless certain exceptions apply.
Exercising Access and Deletion Rights
To exercise the access and deletion rights described above, please submit a verifiable consumer request to us by either:
- Calling us at (800) 504-1337
- Emailing us at firstname.lastname@example.org
Only you or your authorized and legal representative authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We will not discriminate against you for exercising any of your rights under applicable state law. Unless permitted by applicable law, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Our Platform is not intended for use by and is not directed to residents of the European Union. All data is stored and processed in the United States. By using and accessing our site, users who reside or are located in countries outside of the United States agree and consent to the transfer to and processing of personal information on servers located outside of the country where they reside, and that the protection of such information may be different than required under the laws of their residence or location.
Proesis Biologics, Inc.
1120 S Rackham Way
Meridian, ID 83642
Telephone: (800) 504-1337
Browser Web Storage enables websites to store data in a browser on a device. When used in “local storage” mode, it enables data to be stored across sessions. This makes data retrievable even after a browser has been closed and reopened. One technology that facilitates web storage is HTML 5.
A Cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the site again, the cookie allows that site to recognize your browser. Cookies may store user preferences and other information. You can configure your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features or services may not function properly without cookies.
A Pixel or Pixel Tag is a type of technology placed on a website or within the body of an email for the purpose of tracking certain activity, such as views of a website or when an email is opened. Pixel tags are often used in combination with cookies.
An Application Data Cache is a data repository on a device. It can, for example, enable a web application to run without an internet connection and improve the performance of the application by enabling faster loading of content.
Interest-based Advertising is sometimes referred to as personalized or targeted ads. Interest-based ads are used to display features, products, and services that might be of interest to the user.
Server Logs. Like most websites, our servers automatically record the page requests made when you visit our sites. These “server logs” typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request, and one or more cookies that may uniquely identify your browser.
Session Replay provides the ability to replay a visitor’s journey on a web site or within a mobile application or web application. Replay can include the user’s view (browser or screen output), user input (keyboard and mouse inputs), and logs of network events or console logs. Session replay is used to help improve customer experience, analyze usability and help identify obstacles in conversion processes on websites. It can also be used to study a website’s usability, customer behavior, interests, and the handling of customer service questions as the customer journey, with all interactions, can be replayed. It can also be used to analyze fraudulent behavior on websites.
A Unique Identifier is a string of letters, numbers and characters that can be used to uniquely identify a computer, device, personal device, browser or app.
Different identifiers vary in how permanent they are, whether they can be reset by users, and how they can be accessed. Unique Identifiers can be used for various purposes, including security and fraud detection, syncing data from your device(s) to our Platform, remembering your preferences, and providing personalized advertising. You can configure your browser to refuse all cookies or to indicate when a cookie is being sent. See your browser documentation for additional information.
On other platforms besides browsers (e.g., personal devices), Unique Identifiers are used to recognize a specific device or app on that device. For example, a Unique Identifier can be used to provide relevant advertising on mobile devices, and can be managed in your device’s settings. Unique identifiers may also be incorporated into a device by its manufacturer (sometimes called a universally unique ID or UUID), such as the IMEI-number of a mobile phone. For example, a device’s unique identifier can be used to customize our Platform and Services to your device or analyze device issues related to our Platform and Services.