Privacy Policy

Last Updated: March 8, 2024

Introduction

This Flagship Biosciences Data Privacy Policy (this “Privacy Policy”) describes:

  • the Personal Data processing activities of Flagship Biosciences, Inc., 11800 Ridge Parkway, Suite 450, Broomfield, Colorado, United States of America (“Flagship”, “we”, “us”, or “our”, if not explicitly referring to one company), which are strictly carried out in a business-to-business context; and
  • the rights of Data Subjects in this respect (defined below).

This Privacy Policy applies to the collection and processing of Personal Data through our websites, user applications, electronic transactions, and other web services (collectively, the “Sites”) that post a link to this Privacy Policy. This Privacy Policy does not apply to any other Sites or any online activities by Flagship (unless specifically stated). To the extent that we provide you with notices through our sites of different or additional privacy policies or practices (e.g., at the point of collection), those additional privacy policies shall govern such data collection and use.

Personal Data of Flagship employees, job applicants, contractors and any other such individuals are not subject to this Privacy Policy but will be covered under separate Flagship policies and procedures.

“Personal Data” means any information relating to an identified or identifiable natural person (a “Data Subject”); a Data Subject is an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Data does not include information that is anonymized. Personal Data also does not include corporate information that relates to an organization but not to an individual, such as a corporate name, corporate address or general corporate phone number. However, if it is combined with your Personal Data in a manner that reasonably allows it to be associated with your identity, or is otherwise considered Personal Data under applicable law, it will be treated as Personal Data under this Privacy Policy.

 

Entities and Adherence

Flagship Biosciences, Inc. and its subsidiaries and entities adhere to EU-U.S. Data Privacy Framework Principles.

    Information we collect from or about you

    a. User Requests and Business Interactions

    We collect Personal Data that you provide to us through our Sites, through business requests via telephone, fax, or email and in connection with other business dealings we may have with you. This includes basic contact information about you, such as your name, title, address, phone number, fax number, and email address that you provide to us in this course. It may also include information on the services you have shown interest in or purchased from us. Additionally, it may also include information on the company you are working for, which is then treated as Personal Data to the extent associated with your identity. If you use a credit card to purchase a product or service from us, we also may collect information necessary to process the credit card transaction, such as the credit card type, number, and expiration date.

    Generally, you are not obligated to provide us with your Personal Data. However, if you do not provide this data, we may not be able to make (all the functionalities of) our Sites available to you, answer your questions, and/or enter into a contract with you.

    b. Use of Our Sites

    Sites Usage Information. In addition to Personal Data that you choose to submit to us, whenever you visit or interact with our Sites, we may collect or store information regarding your use of our Sites for the purpose of the technical provision of such Sites, optimizing their usage, increasing and improving their functioning, features and functionalities, ensuring compatibility with current and new versions of browsers, etc. (“Usage Information”). This information is typically anonymous information. However, if it is combined with your Personal Data in a manner that reasonably allows it to be associated with your identity, or is otherwise considered Personal Data under applicable law, it will be treated as Personal Data under this Privacy Policy.

    Usage Information is automatically collected for each visit to our Sites and stored in our server log files. This information refers to the computer system of the requesting computer.

    The following information is or may be collected thereby:

    • IP-address
    • Browser type/ -version (e.g., Firefox 0.2 (64 Bit));
    • Browser language (e.g., German);
    • Operating system (e.g., Windows 10);
    • Internal resolution of the browser window;
    • Screen resolution;
    • Javascript activation;
    • Java on / off;
    • Cookies on / off;
    • Color depth; and
    • Time of access.

    c. Personal Data We Receive from Third Parties

    We may receive Personal Data about you from third parties, such as business partners or sales referral partners who recommend or suggest that we contact you for business purposes. This includes basic contact information about you, such as your name, company name, title, address, phone number, fax number, and email address. It may also include information on the services you have shown interest in or may be interested in purchasing from us, as well as information on other companies or individuals with whom you do business. To the extent we have received your consent, we may also obtain Personal Data about you from third parties in connection with business transactions you initiate with us, such as through credit verification or other processes related to the transaction.

    Purposes for Which We Use Your Information

    a. Business Use

    We use your Personal Data primarily to facilitate our ongoing and proposed business dealings with you (“Business Use”). This includes to: (1) process business transactions with us that you initiate; (2) establish and maintain customer accounts so that we may provide services of ours requested by you or your company; (3) register you as a user of these services so that you may access them through our Sites or otherwise; (4) communicate with you about updates, maintenance, outages or other technical matters concerning these services; (5) communicate with you about data requests of other participants in our services, with whom you synchronize your data through our services; (6) provide you with training regarding usage of these services; (7) notify you about changes to any of the policies and procedures for use of these services; (8) verify the accuracy of account and technical contact information we have on file for you and your company in relation to these services; (9) respond to questions or inquiries that you or your company may have about our services, and (10) send you invoices and facilitate payments for our services that you have used.

    b. Legal Compliance

    We also may use your Personal Data as required for us to comply with laws and regulations relating to the services that we provide in any of the jurisdictions in which we or our affiliated companies operate, including the United States.

    c. Complaints and Improvement of Our Services

    We may also use your Personal Data, such as information you provide in connection with complaints or requests, internally within Flagship to help us improve our services, or to develop new services in order to answer your complaints and comply with your requests. We may also follow up with you to see if our proposal or solution solved your complaint or request successfully, or otherwise addresses your needs.

    d. Marketing Purposes

    If and when you agree, we may use your Personal Data for purposes relating to the marketing of our services, or those of our business partners (“Marketing Purposes”). This includes to: (1) send you newsletters, press releases, event announcements and other similar communications regarding the services that we offer; (2) market or promote our services to you, including by offering you trial or limited access to certain of our services; (3) solicit input from you regarding improvement of our services; and (4) other purposes that we disclose to you at the time we obtain your consent.

    Upon your consent, we may further use your Personal Data to

    (1) inform you of third-party offerings that we think you or your company may be interested in which relate to our services; and (2) send you announcements or requests on behalf of other customers of ours who believe you would benefit from use of our services.

    Your consent can be changed or revoked at any time by clicking the “Unsubscribe” link at the bottom of email communication, or by reaching out to Flagship using the “Contact Us” information below.

    e. Referrals

    From time to time, we may receive Personal Data about you from third parties, such as business partners or sales referral partners, who recommend or suggest that we contact you for business purposes. We receive such Personal Data because you have consented to the third party that they might share your Personal Data with us. If we use that information based on your consent to contact you, it will only be to see if you are interested in our services, or those of our business partners. We will not use this information for other purposes without your consent. In addition, if you inform us that you are not interested in these services, we will stop using the information to contact you.

    f. Data Integrity

    You are responsible for the accuracy of all Personal Data that you provide to us. We will use reasonable efforts to maintain the accuracy and integrity of your Personal Data, and to update that information as appropriate upon your request. We will take reasonable steps to ensure that the Personal Data we collect from you is relevant to its intended use or the purpose of the processing, and that it is used only in ways that are compatible with the purposes for which it was collected or otherwise authorized by you.

    We process and retain your Personal Data for the duration of our business relationship. This may not only be for the time necessary to answer any user request but may also include the initiation of a contract (pre-contractual legal relationship) and the performance of a contract, including any post-contractual obligations.

    With Whom We May Share Your Information

    a. Within Flagship Subsidiaries

    Flagship transacts business internationally. Accordingly, from time-to-time and subject to the provisions of this Privacy Policy governing YOUR RIGHTS AND CHOICES (see below), we may share your Personal Data and Usage Information within Flagship (i.e., between and among Flagship and its subsidiaries) to the extent permitted by law and/or in the context of the performance of an agreement entered into by and between them, which agreement will include the necessary safeguards, including in particular with respect to the protection of your Personal Data, the exercise of Data Subjects’ rights and the subsidiaries’ obligations under applicable laws and this Privacy Policy. Such information may be used by each Flagship entity for internal business and operational purposes, as well as for purposes consistent with the purpose for which the information was originally collected or subsequently authorized by you.

    b. With Third Parties Outside of Flagship

    We share your Personal Data with third parties outside of Flagship only insofar as this is legally permitted or prescribed and we limit the transfer of your Personal Data to what is necessary for the respective purpose. We share your Personal Data with the following categories of recipients: (1) payment service providers and banks, if applicable, during payment processing; (2) external service providers for sending invoices by post or email; (3) logistics service providers; and  (4) collection companies and legal advisors in asserting our claims.

    We may also share your Personal Data with other third parties for purposes disclosed to you and as subsequently authorized by you through your consent. The recipients act independently with your Personal Data, which we have transmitted to them. We will not share your Personal Data with third parties outside of Flagship for their marketing purposes without your consent as required by applicable law.

    c. Service Providers

    We may from time to time employ service providers to perform services on our behalf, such as: (1) hosting our Sites; (2) designing and/or operating certain features available through our Sites; (3) sending emails and other communications relating to our services; (4) fulfilling and processing orders for our services; (5) assisting with promotions and conferences relating to our services, or those of our business partners; or (6) performing other administrative services for us. We may provide these service providers with access to your Personal Data in order for them to complete a requested transaction or otherwise perform services for us or for you on our behalf. Prior to allowing our service providers to access your Personal Data, we will enter into appropriate agreements with them to ensure that they handle and process Personal Data in accordance with this Privacy Policy and applicable law as instructed by us, and that they have implemented similar technical and operational measures in order to protect Personal Information.

    d. Promotions

    We may offer various promotions (“Promotions”) through the Sites or elsewhere that may require registration with your Personal Data. If you choose to enter or otherwise participate in a Promotion, your Personal Data may be disclosed to third parties in connection with administration of the Promotion, such as in connection with winner selection, prize fulfillment and as otherwise required by law. By entering into a Promotion, you are agreeing to the official rules that govern that Promotion, which may contain specific requirements of you, including, except where prohibited by law, allowing the sponsor and/or other parties to use your name, voice and/or likeness in advertising or marketing materials. These rules will be displayed to you during the registration process, and you will be asked for your consent to the respective data processing at that time.

    e. Business Transfers

    Flagship or any part of its business, including our Sites, may be sold at some point in the future. Should this occur, your Personal Data may be transferred to a subsequent owner, co-owner or operator of the business unit or Site. We also may disclose and transfer your Personal Data in connection with a corporate merger, consolidation, restructuring, the sale of stock or assets, or other corporate change, including, without limitation, during the course of any due diligence process.

    In such case, we will enter into an agreement with the third party transferee, which agreement will include the confirmation by such third party that it will provide the same level of protection as what has been contemplated herein and in the EU-US Data Privacy Framework. If such transferee would no longer be able to provide the same level of protection as what has been set out in the EU-US Data Privacy Framework, such party will notify us and the Data Subjects if it makes the determination that it can no longer meet this requirement.

    f. Legal Protections and Law Enforcement

    Like everyone who participates in economic activities, we are also subject to legal obligations. These are primarily statutory requirements (such as, but not limited to, commercial and tax laws), but also, where applicable, regulatory, or other official requirements. The purposes of processing may include identity and age verification, fraud and money laundering prevention, the prevention, combating and investigation of terrorist financing and offences endangering assets, the fulfilment of fiscal control and reporting obligations and the archiving of data for the purposes of data protection and data security as well as verification by tax and other authorities. Furthermore, the disclosure of Personal Data within the framework of official/judicial measures may become necessary for the purposes of taking evidence, prosecution or the enforcement of civil law claims. Unless prohibited by applicable mandatory laws, we may access, use, preserve, transfer and disclose to third parties your Personal Data to: (1) satisfy any applicable law, regulation, subpoena, governmental request, or legal process if in our good faith opinion such is required or permitted by law; (2) protect and/or defend this Privacy Policy or other policies or terms of use applicable to our Sites, including investigations of potential violations thereof; (3) protect the safety, rights, property or security of Flagship or any third party; and/or (4) detect, prevent or otherwise address fraud, security issues or breaches, or technical issues. This may include allowing third parties, such as copyright owners, Internet service providers, wireless service providers and/or law enforcement agencies, to access and use your Usage Information in order to identify you. We may take any of these steps without notice to you, to the extent permitted by mandatory applicable law.

    g. Site Hosting

    Our Sites and the servers on which they are hosted are operated in various countries around the world in which we conduct our business. Thus, your Personal Data associated with our Sites may be transferred to and/or processed in a country other than that from which it was collected. The data protection laws in those countries may differ from those of the country in which you are located.

    In addition to the above circumstances, we may share your Personal Data with other parties as directed by you or subject to your consent. We may also share and otherwise process aggregated information or de-identified information that does not identify you individually with other parties. For example, we may share aggregated statistics about pages viewed on our Sites, demographic information and sales, and other shopping information with third parties to enrich your visitor experience.

    Nonetheless, we will impose upon such third-party service providers any and all obligations we are assuming hereunder and will at least take all measures imposed by mandatory applicable laws in view of protecting and securing the processing of any Personal Data by such third party service providers.

    Your Rights and Choices

    Where required by applicable law, and depending on your jurisdiction, you may have access to certain consumer rights. For example, the right to obtain confirmation that we maintain certain Personal Data relating to you, to verify its content, origin, and accuracy, as well as the right to access, review, port, delete, or to block or withdraw consent to the processing of certain Personal Data (without affecting the lawfulness of processing based on consent before its withdrawal), by contacting us as described below. In particular, you have the right to object to our use of Personal Data for direct marketing and in certain other situations at any time. Please review sections 12 through 14 of this Privacy Policy below for more information.

    If you receive a marketing communication from us by email, you may also opt out of receiving future email marketing communications by following the opt-out instructions provided in that email. Alternatively, to the extent that applicable law requires your prior opt-in consent to receive marketing and promotional emails, we will ask for your consent and you can choose not to opt-in. Please note that we reserve the right to send you certain communications relating to transactions you initiate, your customer account, your use of our Sites, or other business matters, and that these communications may be unaffected if you choose to opt-out from marketing communications.

    Cookies and Tracking Technologies

    Cookies and similar tracking technologies, such as beacons, scripts, and tags, are small bits of code, usually stored on a user’s computer hard drive or device, which enable a website to “personalize” itself for each user by remembering information about the user’s visit to the website.

    Our Sites use cookies to store your preferences, display content based upon what you view to personalize your visit, analyze trends, administer the site, track users’ movements around the site, serve targeted advertising and gather demographic information about our user base as a whole.

    More detailed information about our use of cookies and how to opt-out of advertising and certain other cookies, is provided below.

    Cookies. A cookie is a data file placed on your device when you visit our Sites. We use cookies to facilitate the use and navigation of our Sites and to remember you and your preferences in case you revisit our Sites in the future.

    Information collected relates to technical information, such as your browser, a timestamp and a unique identifier. Almost all browsers allow blocking of cookies in their entirety, removal of existing cookies or warning to prevent the placing of a cookie. You may be able to set your browser settings to use our Sites without cookie functionality. Please note that if you block cookies, some Sites or features may be unavailable and we will not be able to present personally-tailored content and advertisements to you. Your browser may provide you with some options regarding cookies. For more detailed information about how to disable or administer your cookie settings in your web browser, please refer to the applicable page for the browser you are using:

    1. Safari: Apple Support
    2. Google Chrome: Google Support
    3. Microsoft Edge: Microsoft Support
    4. Firefox: Mozilla Support

    You can withdraw your consent to allow for cookies, change your browser settings, and delete the cookies already stored on your computer at any time. Please note that if you delete, or choose not to accept, cookies, you may not be able to utilize all features of the services on our Sites to their fullest potential.

    Turning off third-party cookies

    You can turn off certain third-party targeting/advertising cookies by visiting the Network Advertising Initiative: https://optout.networkadvertising.org/?c=l

    We also work with third party advertising companies who place their own cookies or similar technology on your browser or device when you visit our Sites and other websites to serve customized advertisements to you as you browse the Internet. As noted above, you can set your device or browser to accept or reject most cookies, or at least notify you in most situations that the technology is offered. As an additional step, these advertising companies may participate in one of the following self-regulatory programs for online behavioral advertising, with corresponding user opt-outs:

    Please note that even if you reject such technology, you may continue to receive advertisements, but the advertisements will not be tailored to your browsing activities and interests.

    Automated Decision Making

    We do not use automated decision making or profiling (an automated analysis of and decision making on the basis of your Personal Data or personal circumstances).

    Information Security

    We will take reasonable precautions to protect your Personal Data in our possession from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. We will make reasonable efforts to keep your Personal Data reliable for its intended use, accurate, current, and complete. As necessary, we will take additional precautions regarding the security of particularly sensitive information, such as credit card numbers. While we strive to secure your Personal Data, we cannot warrant or guarantee that this information will be protected under all circumstances, including those beyond our reasonable control.

    Children

    The Sites are intended for business use, and we do not knowingly collect any Personal Data from children younger than the age of eighteen (18), or otherwise as prohibited by applicable law.

    Your Rights – California Residents

    If you reside in California, under the California Consumer Privacy Act (“CCPA”), we are required to provide additional information to you about how we use and disclose your information, and you may have additional rights with regard to how we use your information. Please review our CCPA Privacy Policy here: https://flagshipbio.com/privacy-policy/ccpa

    Consistent with the “Information We Collect From or About You” section above, we collect certain categories and specific pieces of information about individuals that are considered “Personal Information” in California. As detailed above, we may collect this Personal Information from you and other third parties. We collect, share and disclose Personal Information for the business and commercial purposes described in the “Purposes for Which We Use Your Information” and “With Whom We May Share Your Information” sections above.

    We do not sell Personal Information, as this term is defined under California law.

    Subject to certain exceptions, as a California consumer, you have the right to: (i) access your Personal Information; (ii) obtain deletion of your Personal Information; (iii) receive information about the Personal Information about you that we have “sold” (as such term is defined under California law) to third parties within the past 12 months; and (iv) opt-out of the “sale” of your Personal Information, including as detailed above in the “Cookies and Tracking Technologies” section. To the extent permitted by applicable law, we may be required to retain some of your Personal Information, and certain Personal Information is strictly necessary in order for us to fulfill the purposes described in this Privacy Policy.

    Should you wish to request the exercise of your other rights as detailed above with regard to your Personal Information, we will not discriminate against you by offering you different pricing, services, or by providing you with a different level or quality of services, based solely upon this request. Please see the “Contact us” section below if you have questions or wish to exercise such rights.

    If you are a California consumer and you wish to exercise your rights as outlined in this section, you may need to provide information such as name and e-mail so that we can verify your identity. We will use the information you provide when exercising your rights for no other purpose other than to verify your identity. You also have the option of designating an authorized agent to exercise your rights on your behalf. For authorized agents submitting requests on behalf of California residents, please contact us as described below, with any evidence you have that you have been authorized by a California consumer to submit a request on their behalf.

    Shine the Light. We do not rent, sell, or share your Personal Information with nonaffiliated companies for their direct marketing purposes, unless we have your permission. You also may have the right to request that we provide you with (1) a list of certain categories of personal information we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year and (2) the identity of those third parties.

    You can exercise any of these rights by contacting us through the methods described in the Contact Ussection below.

    Your Rights – European Economic Area (EEA)

    Please note: To protect your privacy, we may ask for additional information to verify your identity in order for us to respond to your request.

    Users in the EEA only:

    Under EU Regulation 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, including the United Kingdom’s substantially similar law as it takes effect in the United Kingdom by virtue of the Data Protection Act 2018 (collectively the “GDPR”), you have a number of rights when it comes to your personal information. Further information and advice about your rights can be obtained from the data protection regulator in your country of residence. You can exercise any of these rights by contacting us through our email, phone or mailing address in the Contact Ussection below.

    • The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Information and your rights. This is why we’re providing you with the information in this Policy.
    • The right of access. You have the right to obtain access to your Personal Information, so you’re aware and can check that we’re using your information in accordance with data protection law.
    • The right to rectification. You are entitled to have your Personal Information corrected or amended if it is no longer inaccurate or incomplete or, as the case may be, collected in violation of the EU-US Data Processing Framework.
    • The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your Personal Information where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
    • The right to restrict processing. You have rights to ‘block’ or suppress further use of your Personal Information. When processing is restricted, we can still store your Personal Information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in the future.
    • The right to data portability. You have rights to obtain and reuse your Personal Information for your own purposes across different services. This is not a general right and there are exceptions.
    • The right to object to processing. You have the right to object to certain types of processing and may change your preferences as described above.
    • The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator:
    • The right to withdraw consent. As noted above, if you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your Personal Information with your consent up to that point is unlawful). You can withdraw your consent to the processing of your personal information at any time.

    Former, current, or prospective corporate customer contacts have the right to exercise choice (opt-out) from our use of their GDPR Personal Data for direct marketing purposes. To exercise this right, please follow the instructions in any direct marketing message you may have received (e.g., click the provided opt-out link in the email message or send us an email or postal mail request to opt-out in accordance the instructions provided in the direct marketing message).

    Please contact us as specified below if you have any questions. In certain situations, we may be required to disclose GDPR Personal Data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.

    Please contact us at privacy@Flagshipbio.com if you have any questions, wish to exercise your rights of access, or seek other assistance as described above.

    EU Data Subjects and Extra-territorial

    Flagship, Inc. safeguards personal data received in the United States from the European Union, or European Economic Area (“EU”) about former, current, or prospective corporate customer contacts and which is regulated by the FDPIC GDPR. We are committed to protecting such GDPR Personal Data in accordance with our obligations under applicable law, such as GDPR Articles 45 to 50, and the Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.

    Flagship Biosciences, Inc. has implemented appropriate cross-border transfer solutions in accordance with the GDPR, such as European Commission Standard Contractual Clauses (also known as Model Contractual Clauses) as the legal basis for transferring personal data to third countries, including the United States. To the extent permitted by applicable law, your use of this site constitutes your consent to the transfer of your Personal Data to Flagship Biosciences, Inc. in the United States in the context of the EU-US Data Privacy Framework as set out in Commission Implementing Decision of July 10, 2023 pursuant to the GDPR on the adequate level of protection of personal data under the EU-US Data Privacy Framework.

    Flagship Biosciences, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce. Flagship Biosciences, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles), the UK Extension to the EU-U.S. DPF Principles, and the Swiss-U.S. DPF Principles.

    If there is any conflict between the terms in this privacy policy and the EU ­ U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

    In all cases where Flagship Biosciences, Inc. transfers personal information to a third party acting as a controller, Flagship Biosciences, Inc. will comply with the Notice and Choice Principles. Flagship Biosciences, Inc. will enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by you and that the recipient will provide the same level of protection as the Principles and will notify Flagship Biosciences, Inc. if it makes a determination that it can no longer meet this obligation. The contract also provides that when such a determination is made the third party controller will cease processing or takes other reasonable and appropriate steps to remediate.

    In all cases where Flagship Biosciences, Inc. transfers personal data to a third party acting as an agent (processor for GDPR purposes), Flagship Biosciences, Inc. will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles; (iv) require the agent to notify Flagship if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of Flagship’s contract with that agent to the U.S. Department of Commerce upon request.

    When we transfer your information to third parties we comply with the requirements of the legal protections that cover your information. For example, when we perform an onward transfer of your information protected under the GDPR, we remain responsible for the processing of your personal information. For information subject to an onward transfer by us under the Data Privacy Framework, we will remain liable under the Data Privacy Framework Principles if a recipient of your protected personal information processes such personal information in a manner inconsistent with the Principles, unless we are able to prove that we are not responsible for the event giving rise to the damage.

    Exercise of Rights; Complaints

    In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF}, Flagship Biosciences commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, should first contact Flagship Biosciences at:

    Data Privacy Officer
    Flagship Biosciences, Inc.
    11800 Ridge Parkway Ste.1400,
    Broomfield, CO, United States of America
    privacy@flagshipbio.com

    In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Flagship Biosciences commits to cooperate and comply respectively, with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

    Please note that we may request official identification information, such as a copy of your ID card, drivers’ license, etc. from you when you submit a complaint.

    In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Flagship commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

    You may, subject to its terms, invoke binding arbitration in accordance with Annex I of the DPF Principles:   https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

    This provides that you may invoke binding arbitration by delivering notice to Flagship and following the procedures and subject to conditions set forth in Annex I of the Principles.

    The Federal Trade Commission has jurisdiction over Flagship Bioscience’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

    Verification

    We will verify on a regular basis whether this Policy and our data protection processes and procedures are in line with applicable laws. To this end, we will – as the case may be – perform a self-assessment, engage into an outside compliance review, either directly or with the assistance of one or more third parties.

     

    Changes to this Privacy Policy

    We reserve the right to update this Privacy Policy at any time, without prior notice to you, to the extent permitted by applicable law and the principles of the Framework. We will notify the changes that we make to this Privacy Policy by posting the revised Privacy Policy on the Sites, and such changes will be effective immediately unless otherwise stated.

    Contact Us

    If you have questions or comments regarding this Privacy Policy or our privacy practices, please contact us at:

    Flagship Biosciences, Inc.
    Telephone: +1 (303) 325-5894
    Email: privacy@Flagshipbio.com