Alimera Sciences, Inc. (“Alimera”, “we”, “us” or “our”) created this Privacy Shield Policy to help you learn about how we handle Personal Information that is from our customers and others located in the European Union.
Alimera Sciences, Inc. complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Information (as defined below) from European Union member countries. Alimera commits to comply and cooperate with the EU data protection authorities (“DPAs”) with regard to human resources data transferred from the EU when it it is in the context of the employment relationship. Alimera has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between this Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/
Alimera is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and the FTC has jurisdiction over Alimera’s compliance with the Privacy Shield.
When we use the term “Personal Information” in this Privacy Shield Policy, we mean recorded information or data that relates to a person that (i) can be linked to that individual; (ii) is transferred by our subsidiaries in the European Union to the U.S. or is provided to us directly; and (iii) can identify that person by his/her physical, physiological, mental, economic, cultural or social identity (including identification numbers). Personal Information does not cover recorded information or data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible.)
When we use the term “Sensitive Personal Information” in this Privacy Shield Policy, we mean Personal Information that specifies a person’s medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or sex life.
Our general practices for implementing the Privacy Shield Privacy Principles with respect to the Personal Information we receive from the European Union are described below. Please note that these general practices are subject to various laws, statutes and governmental regulations.
Please be aware that we may be required to disclose an individual’s Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Personal Information Received from the European Union
We may receive Personal Information from individuals in the European Union in conjunction with inquiries from our websites; clinical research; adverse event reporting; product complaint handling; medical inquiries; and certain legal and regulatory compliance activities such as due diligence conducted on vendors and distributors; about clinical research study subjects; investigators and related support personnel; adverse event reporters and subjects; healthcare professionals; vendors; and other individuals. Such information may include name, address, telephone number, date of birth, gender, marital status, physical attributes, prescriber information, email address, racial or ethnic origin, political affiliations, banking and financial data, data concerning health or sex life or medical records, and data relating to offenses and/or criminal convictions.
Use of Personal Information
Any Personal Information sent to us may be used by us and our agents for the purposes indicated in notices and policies that we have previously made available to you or that will be made available to you at the time you provide such Personal Information. Such purposes include, for example, using human resources data to comply with legal and other requirements, such as income tax and national insurance deductions; record-keeping and reporting obligations; conducting audits; compliance with government inspections and other requests from government or other public authorities, including but not limited to national security or law enforcement requirements; responding to legal process such as subpoenas; pursuing legal rights and remedies; defending litigation and managing any internal complaint or claims and complying with internal policies and procedures (including appropriate audits) and risk management activities; carrying out and supporting our clinical research; pharmacovigilance and adverse event reporting activities; responding to product complaints and medical inquiries; and complying with certain other legal and regulatory obligations. If we intend to use your information for a purpose that is incompatible with these purposes or if we intend to disclose it to a type of third party not previously identified, we will notify you and offer you the opportunity to opt out of such uses and/or disclosures where it involves non-Sensitive Personal Information or opt-in where Sensitive Personal Information is involved.
Agents and Service Providers
We sometimes contract with other companies and individuals to perform functions or services on our behalf. They may have access to Personal Information needed to perform their functions, but are restricted from using the Personal Information for purposes other than providing services for us or to us. We require that our agents and service providers that have access to Personal Information received from the European Union enter into a written agreement with us that requires them to provide at least the same level of privacy protection as is required by the relevant Privacy Shield Privacy Principles.
In cases of onward transfer to third parties of Personal Information of EU individuals received pursuant to the EU-US Privacy Shield where such Personal Information is not protected in accordance with the Privacy Shield Privacy Principles, Alimera is potentially liable.
We use reasonable precautions to protect Personal Information from loss, misuse, unauthorized access, disclosure, alteration and destruction. We take special care to protect Sensitive Personal Information.
We take reasonable steps to ensure that Personal Information we process is relevant for the purposes for which it is to be used. We only process Personal Information in ways that are compatible with the purposes for which it has been collected or subsequently authorized by an individual. We take reasonable steps to ensure that Personal Information data is accurate, complete, and current and reliable for its intended use.
Right to Access, Change or Delete Personal Data
Individuals have the right to know what Personal Information about them has been collected and to ensure that such Personal Information is accurate and relevant for the purposes for which Alimera collected it. Individuals may review their own Personal Information that has been collected and correct, erase, or block any data that is incorrect, as permitted by applicable law and Alimera policies. Upon reasonable request and as required by the Privacy Shield Principles, Alimera allows individuals access to their Personal Information in order to correct or amend such data where inaccurate.
Individuals may edit their Personal Information by contacting Alimera by phone or email as set forth below. In making modifications to their Personal Information, individuals must provide only truthful, complete, and accurate information. To request erasure of Personal Information, individuals should submit a written request to the address set forth below.
In addition, Alimera will track and provide notice to the appropriate parties under law and contract when there is a legally binding request for disclosure of the Personal Information by a law enforcement authority unless prohibited by law or regulation.
Alimera will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or inactivate Personal Information.
Privacy Shield Enforcement and Dispute Resolution
Alimera has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles through the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
If you have questions regarding this Privacy Shield Policy, you may contact us as set forth below:
Alimera Sciences, Inc.
6120 Windward Parkway, Suite 290
Alpharetta, Georgia 30005
Privacy Shield Policy Changes
This Privacy Shield Policy may be changed from time to time, consistent with the requirements of the Privacy Shield Principles. You can determine when this Privacy Shield Policy was last revised by referring to the “LAST UPDATED” legend below. Any changes to our Privacy Shield Policy will become effective upon our posting of the revised Privacy Shield Policy on our website.
LAST UPDATED: May 22, 2018