Privacy Policy

VBL Therapeutics Privacy Policy

Last Updated: [January 13, 2022]

This Privacy Policy describes the privacy practices of VBL Therapeutics (“we”, “us”, or “our”) and how we handle personal information that we collect through our website, platform, and mobile applications (collectively, the “Service” or “Services”).

We may provide additional or supplemental privacy notices to individuals for specific products or services that we offer at the time we collect the personal information, for example, in connection with our clinical trials. These supplemental privacy policies govern how we may process your information in those contexts.

We treat all personal information covered by this Privacy Policy, including information about any visitors to our website, as pertaining to individuals acting as business representatives, and not in their individual or household capacity.

Personal Information We Collect

Information you provide to us:

Contact details, such as your first and last name and email address.
Communications that we exchange with you, including when you contact us with questions, feedback, or otherwise.
Health and medical information we collect in connection with managing clinical trials, conducting research, and tracking adverse event reports.
Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them.
Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Investors. You may provide information to us when visiting the Investor Relations page of our website, such as your name and contact information. We use this information to communicate with you and respond to your requests, to operate our website, to comply with law and for other compliance, fraud prevention, and safety purposes. We may share this information with our affiliates, service providers, and professional advisors, to comply with law, for compliance, protection and safety, and in the event of a business transfer, each as explained below.

Third Party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:

Healthcare organizations, such as your healthcare providers, industry and patient groups / associations.
Research organizations, such as clinical trial investigators or contract researchers.
Data providers, such as information services and data licensors.

Automatic data collection. We, our service providers, and our advertising partners may automatically log information about you, your computer or mobile device, and your interaction over time with our website and the Services (in your capacity as our customer’s authorized user), our communications and other online services, such as:

Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state or geographic area.
Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the website, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.
Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.

Specifically, our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies, which are text files placed on your device, to help the website analyze how users use the site. The information generated by the cookie about your use of the Site (including your IP address) will be transmitted to and stored by Google on servers in the United States. In case of activation of the IP anonymization, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union, as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On behalf of the website provider, Google will use this information for the purpose of evaluating your use of the Site, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this Site.

You can refuse the use of Google Analytics and opt out of having your information used by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout/. An opt-out cookie will be set on the device, which prevents the future collection of your data when visiting this Site.

Further information concerning the terms and conditions of use and data privacy can be found at: http://www.google.com/analytics/terms/gb.html

Please note that on this Site, Google Analytics code is supplemented by Google to ensure an anonymized collection of IP addresses (so called IP-masking).
Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

How We Use Personal Information

We use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery. We use your personal information to:

Provide, operate and improve the Services and our business;
Communicate with you about the Services, including by sending announcements, updates, and administrative messages; and
Provide support for the Services, and respond to your requests, questions and feedback.

Research and development. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Services, and promote our business.

Marketing and advertising. We may collect and use your personal information for marketing and advertising purposes, including:

Direct marketing. We may send you direct marketing communications as permitted by law, including, but not limited to, notifying you of special promotions, offers and events via postal mail, email, telephone, text message, and other means. You may opt out of our marketing communications as described in the “Opt out of marketing communications” section below.
Interest-based advertising. We engage our advertising partners, including third party advertising companies and social media companies, to advertise our and our customers’ and partners’ Services. We and our advertising partners may use cookies and similar technologies to collect information about your interaction (including the data described in the “Automatic data collection” section above) over time across the web, our communications and other online services, and use that information to serve online ads. You can learn more about your choices for limiting interest-based advertising in the “Online tracking opt out” section below.

Compliance and protection. We may use your personal information to:

Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
Audit our internal processes for compliance with legal and contractual requirements and internal policies;
Enforce the terms and conditions that govern our website and Services; and
Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

We may share your personal information with:

Affiliates. Our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

Service providers. Companies and individuals that provide services on our behalf or help us operate our Services or our business (such as hosting, information technology, customer support, email delivery, and website analytics services).

Advertising partners. Third party advertising companies, including for the interest-based advertising purposes described above, that may collect information on our website through cookies and other automated technologies.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Curie or our affiliates (including, in connection with a bankruptcy or similar proceedings).

Your Choices

Opt out of marketing communications. You may opt out of marketing-related communications by following the opt out or unsubscribe instructions contained in the marketing communications we send you.

Online tracking opt-out. There are a number of ways to limit online tracking, which we have summarized below:

Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers. Please see details regarding opting-out of Google Analytics in the section concerning cookies.
Platform opt outs. The following advertising partners offer opt out features that let you opt out of use of your information for interest-based advertising:
- Google: www.adsettings.google.com
- Facebook: www.facebook.com/about/ads
- Twitter: www.twitter.com/settings/personalization
Advertising industry opt out tools. You can also use these opt out options to limit use of your information for interest-based advertising by participating companies:
- Digital Advertising Alliance for Websites: outout.aboutads.info
- Digital Advertising Alliance for Mobile Apps: https://youradchoices.com/appchoices
- Network Advertising Initiative: optout.networkadvertising.org

Note that because these opt out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.

Other Sites and Services

Our Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, no security measures are failsafe and we cannot guarantee the security of your personal information.

Children

The Services are not intended for use by children under 13 years of age. If we learn that we have collected personal information through our Services from a child under 13 without the consent of the child’s parent or guardian as required by law, we will delete it.

Additional Information for European Union Users

Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Controller and Data Protection Officer. VBL is the controller of your personal information for purposes of European data protection legislation.

Legal bases for processing. We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described in the table below. If you have questions about the legal basis of how we process your personal information, contact us at privacy@cerus.com or at the address provided above.

Processing purpose	Legal basis
To provide our products and services	Where we have a contract governing this processing purpose, the processing is necessary to perform that contract, or necessary to take steps that you have requested prior to entering into the contract. In other cases, these processing activities are necessary to protect your, or another person’s, vital interests.
To perform and administer clinical trials, research and product-improvement activities	Where we have a contract governing this processing purpose, the processing is necessary to perform that contract, or necessary to take steps that you have requested prior to entering into the contract. Where we process sensitive personal data in connection with this processing purpose, the processing is necessary for scientific or historical research purposes or statistical purposes. In all other cases, these processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
For our operations To communicate with you To display advertisements To create anonymous, aggregated or de-identified data for analytics For compliance, fraud prevention and safety	These processing activities constitute our legitimate interests. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
To comply with regulatory monitoring and reporting obligations To comply with law	Processing is necessary to comply with our legal obligations
With your consent	Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated when we requested the consent or by contacting us.

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Retention. We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.

Your rights. European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:

Opt-out. Stop sending you direct marketing communications. You may continue to receive service-related and other non-marketing emails.
Access. Provide you with information about our processing of your personal information and give you access to your personal information.
Correct. Update or correct inaccuracies in your personal information.
Delete. Delete your personal information.
Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
Restrict. Restrict the processing of your personal information.
Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information.

You can submit these requests by email to ir@vblrx.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

Cross-Border Data Transfer

Whenever we transfer your personal information out of the EEA to countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on safeguards that allow us to conduct the transfer in accordance with the EEA’s data protection laws, such as the specific contracts approved by the European Commission as providing adequate protection of personal information, which are available here. For details, see the European Commission’s website for model contracts for the transfer of personal information to third countries.

Please contact us at ir@vblrx.com for further information on the specific mechanism used by us when transferring your personal information out of the EEA.

Additional Information for California Residents

We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide to California residents an explanation of how we collect, use and share their personal Information, and of the rights and choices we offer California residents regarding our handling of the personal information.

Our website is directed to healthcare providers (in their business capacity) who want to learn more about our research and technologies, individuals who are interested in (or who are already) participating in our clinical trials (including as investigators and study staff), current and potential investors in VBL, and candidates who wish to apply for a job with VBL.

The CCPA does not apply to the information we collect in connection with clinical trials, to any health or medical information we collect that is otherwise governed by California’s Confidentiality of Medical Information Act or the Health Insurance Portability and Accountability Act of 1996, or to information related to our business contacts (including healthcare providers).

We do not sell personal information. As we explain in this Privacy Policy, we use cookies and other tracking technologies to analyze website traffic and facilitate advertising. If you would like to learn how you may opt out of our (and our third party advertising partners’) use of cookies and other tracking technologies, please review the instructions provided in the Online Tracking Opt-out Guide above.

California Residents’ Privacy Rights

The CCPA grants individuals whose information is governed by the CCPA the following rights. We extend these rights only to individual investors who provide information on our website.

Transfer. You can request information about how we have collected, used and shared and used your Personal Information during the past 12 months. We have made this information available to California residents without having to request it by including it within this Privacy Policy.
Access. You can request a copy of the personal information that we maintain about you.
Deletion. You can ask us to delete the personal information that we collected or maintain about you.

Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.

You are entitled to exercise the rights described above free from discrimination.

How to Submit a Request. If you are an investor and you would like to exercise your privacy rights:

Email. ir@vblrx.com
Phone. +1-845-474-8411

Identity verification. The CCPA requires us to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request.

Authorized agents. Investors who are California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the website.

How to Contact Us

You can reach us by email at ir@vblrx.com or at the following mailing address:

VBL THERAPEUTICS

8 HaSatat St., Modi'in, Israel 7178106